search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Don't override action in UI and REDIRECT responses
[mediawiki.git] / includes / user / User.php
blob9e50f36a23df96aa1747a6cb405541a8f0f2a757
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 use MediaWiki\MediaWikiServices;
24 use MediaWiki\Session\SessionManager;
25 use MediaWiki\Session\Token;
26 use MediaWiki\Auth\AuthManager;
27 use MediaWiki\Auth\AuthenticationResponse;
28 use MediaWiki\Auth\AuthenticationRequest;
29
30 /**
31 * String Some punctuation to prevent editing from broken text-mangling proxies.
32 * @deprecated since 1.27, use \MediaWiki\Session\Token::SUFFIX
33 * @ingroup Constants
34 */
35 define( 'EDIT_TOKEN_SUFFIX', Token::SUFFIX );
36
37 /**
38 * The User object encapsulates all of the user-specific settings (user_id,
39 * name, rights, email address, options, last login time). Client
40 * classes use the getXXX() functions to access these fields. These functions
41 * do all the work of determining whether the user is logged in,
42 * whether the requested option can be satisfied from cookies or
43 * whether a database query is needed. Most of the settings needed
44 * for rendering normal pages are set in the cookie to minimize use
45 * of the database.
46 */
47 class User implements IDBAccessObject {
48 /**
49 * @const int Number of characters in user_token field.
50 */
51 const TOKEN_LENGTH = 32;
52
53 /**
54 * @const string An invalid value for user_token
55 */
56 const INVALID_TOKEN = '*** INVALID ***';
57
58 /**
59 * Global constant made accessible as class constants so that autoloader
60 * magic can be used.
61 * @deprecated since 1.27, use \MediaWiki\Session\Token::SUFFIX
62 */
63 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
64
65 /**
66 * @const int Serialized record version.
67 */
68 const VERSION = 10;
69
70 /**
71 * Exclude user options that are set to their default value.
72 * @since 1.25
73 */
74 const GETOPTIONS_EXCLUDE_DEFAULTS = 1;
75
76 /**
77 * @since 1.27
78 */
79 const CHECK_USER_RIGHTS = true;
80
81 /**
82 * @since 1.27
83 */
84 const IGNORE_USER_RIGHTS = false;
85
86 /**
87 * Array of Strings List of member variables which are saved to the
88 * shared cache (memcached). Any operation which changes the
89 * corresponding database fields must call a cache-clearing function.
90 * @showinitializer
91 */
92 protected static $mCacheVars = [
93 // user table
94 'mId',
95 'mName',
96 'mRealName',
97 'mEmail',
98 'mTouched',
99 'mToken',
100 'mEmailAuthenticated',
101 'mEmailToken',
102 'mEmailTokenExpires',
103 'mRegistration',
104 'mEditCount',
105 // user_groups table
106 'mGroups',
107 // user_properties table
108 'mOptionOverrides',
109 ];
110
111 /**
112 * Array of Strings Core rights.
113 * Each of these should have a corresponding message of the form
114 * "right-$right".
115 * @showinitializer
116 */
117 protected static $mCoreRights = [
118 'apihighlimits',
119 'applychangetags',
120 'autoconfirmed',
121 'autocreateaccount',
122 'autopatrol',
123 'bigdelete',
124 'block',
125 'blockemail',
126 'bot',
127 'browsearchive',
128 'changetags',
129 'createaccount',
130 'createpage',
131 'createtalk',
132 'delete',
133 'deletechangetags',
134 'deletedhistory',
135 'deletedtext',
136 'deletelogentry',
137 'deleterevision',
138 'edit',
139 'editcontentmodel',
140 'editinterface',
141 'editprotected',
142 'editmyoptions',
143 'editmyprivateinfo',
144 'editmyusercss',
145 'editmyuserjs',
146 'editmywatchlist',
147 'editsemiprotected',
148 'editusercssjs', # deprecated
149 'editusercss',
150 'edituserjs',
151 'hideuser',
152 'import',
153 'importupload',
154 'ipblock-exempt',
155 'managechangetags',
156 'markbotedits',
157 'mergehistory',
158 'minoredit',
159 'move',
160 'movefile',
161 'move-categorypages',
162 'move-rootuserpages',
163 'move-subpages',
164 'nominornewtalk',
165 'noratelimit',
166 'override-export-depth',
167 'pagelang',
168 'passwordreset',
169 'patrol',
170 'patrolmarks',
171 'protect',
172 'purge',
173 'read',
174 'reupload',
175 'reupload-own',
176 'reupload-shared',
177 'rollback',
178 'sendemail',
179 'siteadmin',
180 'suppressionlog',
181 'suppressredirect',
182 'suppressrevision',
183 'unblockself',
184 'undelete',
185 'unwatchedpages',
186 'upload',
187 'upload_by_url',
188 'userrights',
189 'userrights-interwiki',
190 'viewmyprivateinfo',
191 'viewmywatchlist',
192 'viewsuppressed',
193 'writeapi',
194 ];
195
196 /**
197 * String Cached results of getAllRights()
198 */
199 protected static $mAllRights = false;
200
201 /** Cache variables */
202 // @{
203 /** @var int */
204 public $mId;
205 /** @var string */
206 public $mName;
207 /** @var string */
208 public $mRealName;
209
210 /** @var string */
211 public $mEmail;
212 /** @var string TS_MW timestamp from the DB */
213 public $mTouched;
214 /** @var string TS_MW timestamp from cache */
215 protected $mQuickTouched;
216 /** @var string */
217 protected $mToken;
218 /** @var string */
219 public $mEmailAuthenticated;
220 /** @var string */
221 protected $mEmailToken;
222 /** @var string */
223 protected $mEmailTokenExpires;
224 /** @var string */
225 protected $mRegistration;
226 /** @var int */
227 protected $mEditCount;
228 /** @var array */
229 public $mGroups;
230 /** @var array */
231 protected $mOptionOverrides;
232 // @}
233
234 /**
235 * Bool Whether the cache variables have been loaded.
236 */
237 // @{
238 public $mOptionsLoaded;
239
240 /**
241 * Array with already loaded items or true if all items have been loaded.
242 */
243 protected $mLoadedItems = [];
244 // @}
245
246 /**
247 * String Initialization data source if mLoadedItems!==true. May be one of:
248 * - 'defaults' anonymous user initialised from class defaults
249 * - 'name' initialise from mName
250 * - 'id' initialise from mId
251 * - 'session' log in from session if possible
252 *
253 * Use the User::newFrom*() family of functions to set this.
254 */
255 public $mFrom;
256
257 /**
258 * Lazy-initialized variables, invalidated with clearInstanceCache
259 */
260 protected $mNewtalk;
261 /** @var string */
262 protected $mDatePreference;
263 /** @var string */
264 public $mBlockedby;
265 /** @var string */
266 protected $mHash;
267 /** @var array */
268 public $mRights;
269 /** @var string */
270 protected $mBlockreason;
271 /** @var array */
272 protected $mEffectiveGroups;
273 /** @var array */
274 protected $mImplicitGroups;
275 /** @var array */
276 protected $mFormerGroups;
277 /** @var Block */
278 protected $mGlobalBlock;
279 /** @var bool */
280 protected $mLocked;
281 /** @var bool */
282 public $mHideName;
283 /** @var array */
284 public $mOptions;
285
286 /**
287 * @var WebRequest
288 */
289 private $mRequest;
290
291 /** @var Block */
292 public $mBlock;
293
294 /** @var bool */
295 protected $mAllowUsertalk;
296
297 /** @var Block */
298 private $mBlockedFromCreateAccount = false;
299
300 /** @var integer User::READ_* constant bitfield used to load data */
301 protected $queryFlagsUsed = self::READ_NORMAL;
302
303 public static $idCacheByName = [];
304
305 /**
306 * Lightweight constructor for an anonymous user.
307 * Use the User::newFrom* factory functions for other kinds of users.
308 *
309 * @see newFromName()
310 * @see newFromId()
311 * @see newFromConfirmationCode()
312 * @see newFromSession()
313 * @see newFromRow()
314 */
315 public function __construct() {
316 $this->clearInstanceCache( 'defaults' );
317 }
318
319 /**
320 * @return string
321 */
322 public function __toString() {
323 return $this->getName();
324 }
325
326 /**
327 * Test if it's safe to load this User object.
328 *
329 * You should typically check this before using $wgUser or
330 * RequestContext::getUser in a method that might be called before the
331 * system has been fully initialized. If the object is unsafe, you should
332 * use an anonymous user:
333 * \code
334 * $user = $wgUser->isSafeToLoad() ? $wgUser : new User;
335 * \endcode
336 *
337 * @since 1.27
338 * @return bool
339 */
340 public function isSafeToLoad() {
341 global $wgFullyInitialised;
342
343 // The user is safe to load if:
344 // * MW_NO_SESSION is undefined AND $wgFullyInitialised is true (safe to use session data)
345 // * mLoadedItems === true (already loaded)
346 // * mFrom !== 'session' (sessions not involved at all)
347
348 return ( !defined( 'MW_NO_SESSION' ) && $wgFullyInitialised ) ||
349 $this->mLoadedItems === true || $this->mFrom !== 'session';
350 }
351
352 /**
353 * Load the user table data for this object from the source given by mFrom.
354 *
355 * @param integer $flags User::READ_* constant bitfield
356 */
357 public function load( $flags = self::READ_NORMAL ) {
358 global $wgFullyInitialised;
359
360 if ( $this->mLoadedItems === true ) {
361 return;
362 }
363
364 // Set it now to avoid infinite recursion in accessors
365 $oldLoadedItems = $this->mLoadedItems;
366 $this->mLoadedItems = true;
367 $this->queryFlagsUsed = $flags;
368
369 // If this is called too early, things are likely to break.
370 if ( !$wgFullyInitialised && $this->mFrom === 'session' ) {
371 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
372 ->warning( 'User::loadFromSession called before the end of Setup.php', [
373 'exception' => new Exception( 'User::loadFromSession called before the end of Setup.php' ),
374 ] );
375 $this->loadDefaults();
376 $this->mLoadedItems = $oldLoadedItems;
377 return;
378 }
379
380 switch ( $this->mFrom ) {
381 case 'defaults':
382 $this->loadDefaults();
383 break;
384 case 'name':
385 // Make sure this thread sees its own changes
386 if ( wfGetLB()->hasOrMadeRecentMasterChanges() ) {
387 $flags |= self::READ_LATEST;
388 $this->queryFlagsUsed = $flags;
389 }
390
391 $this->mId = self::idFromName( $this->mName, $flags );
392 if ( !$this->mId ) {
393 // Nonexistent user placeholder object
394 $this->loadDefaults( $this->mName );
395 } else {
396 $this->loadFromId( $flags );
397 }
398 break;
399 case 'id':
400 $this->loadFromId( $flags );
401 break;
402 case 'session':
403 if ( !$this->loadFromSession() ) {
404 // Loading from session failed. Load defaults.
405 $this->loadDefaults();
406 }
407 Hooks::run( 'UserLoadAfterLoadFromSession', [ $this ] );
408 break;
409 default:
410 throw new UnexpectedValueException(
411 "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
412 }
413 }
414
415 /**
416 * Load user table data, given mId has already been set.
417 * @param integer $flags User::READ_* constant bitfield
418 * @return bool False if the ID does not exist, true otherwise
419 */
420 public function loadFromId( $flags = self::READ_NORMAL ) {
421 if ( $this->mId == 0 ) {
422 // Anonymous users are not in the database (don't need cache)
423 $this->loadDefaults();
424 return false;
425 }
426
427 // Try cache (unless this needs data from the master DB).
428 // NOTE: if this thread called saveSettings(), the cache was cleared.
429 $latest = DBAccessObjectUtils::hasFlags( $flags, self::READ_LATEST );
430 if ( $latest ) {
431 if ( !$this->loadFromDatabase( $flags ) ) {
432 // Can't load from ID
433 return false;
434 }
435 } else {
436 $this->loadFromCache();
437 }
438
439 $this->mLoadedItems = true;
440 $this->queryFlagsUsed = $flags;
441
442 return true;
443 }
444
445 /**
446 * @since 1.27
447 * @param string $wikiId
448 * @param integer $userId
449 */
450 public static function purge( $wikiId, $userId ) {
451 $cache = ObjectCache::getMainWANInstance();
452 $key = $cache->makeGlobalKey( 'user', 'id', $wikiId, $userId );
453 $cache->delete( $key );
454 }
455
456 /**
457 * @since 1.27
458 * @param WANObjectCache $cache
459 * @return string
460 */
461 protected function getCacheKey( WANObjectCache $cache ) {
462 return $cache->makeGlobalKey( 'user', 'id', wfWikiID(), $this->mId );
463 }
464
465 /**
466 * Load user data from shared cache, given mId has already been set.
467 *
468 * @return bool True
469 * @since 1.25
470 */
471 protected function loadFromCache() {
472 $cache = ObjectCache::getMainWANInstance();
473 $data = $cache->getWithSetCallback(
474 $this->getCacheKey( $cache ),
475 $cache::TTL_HOUR,
476 function ( $oldValue, &$ttl, array &$setOpts ) {
477 $setOpts += Database::getCacheSetOptions( wfGetDB( DB_SLAVE ) );
478 wfDebug( "User: cache miss for user {$this->mId}\n" );
479
480 $this->loadFromDatabase();
481 $this->loadGroups();
482 $this->loadOptions();
483
484 $data = [];
485 foreach ( self::$mCacheVars as $name ) {
486 $data[$name] = $this->$name;
487 }
488
489 return $data;
490
491 },
492 [ 'pcTTL' => $cache::TTL_PROC_LONG, 'version' => self::VERSION ]
493 );
494
495 // Restore from cache
496 foreach ( self::$mCacheVars as $name ) {
497 $this->$name = $data[$name];
498 }
499
500 return true;
501 }
502
503 /** @name newFrom*() static factory methods */
504 // @{
505
506 /**
507 * Static factory method for creation from username.
508 *
509 * This is slightly less efficient than newFromId(), so use newFromId() if
510 * you have both an ID and a name handy.
511 *
512 * @param string $name Username, validated by Title::newFromText()
513 * @param string|bool $validate Validate username. Takes the same parameters as
514 * User::getCanonicalName(), except that true is accepted as an alias
515 * for 'valid', for BC.
516 *
517 * @return User|bool User object, or false if the username is invalid
518 * (e.g. if it contains illegal characters or is an IP address). If the
519 * username is not present in the database, the result will be a user object
520 * with a name, zero user ID and default settings.
521 */
522 public static function newFromName( $name, $validate = 'valid' ) {
523 if ( $validate === true ) {
524 $validate = 'valid';
525 }
526 $name = self::getCanonicalName( $name, $validate );
527 if ( $name === false ) {
528 return false;
529 } else {
530 // Create unloaded user object
531 $u = new User;
532 $u->mName = $name;
533 $u->mFrom = 'name';
534 $u->setItemLoaded( 'name' );
535 return $u;
536 }
537 }
538
539 /**
540 * Static factory method for creation from a given user ID.
541 *
542 * @param int $id Valid user ID
543 * @return User The corresponding User object
544 */
545 public static function newFromId( $id ) {
546 $u = new User;
547 $u->mId = $id;
548 $u->mFrom = 'id';
549 $u->setItemLoaded( 'id' );
550 return $u;
551 }
552
553 /**
554 * Factory method to fetch whichever user has a given email confirmation code.
555 * This code is generated when an account is created or its e-mail address
556 * has changed.
557 *
558 * If the code is invalid or has expired, returns NULL.
559 *
560 * @param string $code Confirmation code
561 * @param int $flags User::READ_* bitfield
562 * @return User|null
563 */
564 public static function newFromConfirmationCode( $code, $flags = 0 ) {
565 $db = ( $flags & self::READ_LATEST ) == self::READ_LATEST
566 ? wfGetDB( DB_MASTER )
567 : wfGetDB( DB_SLAVE );
568
569 $id = $db->selectField(
570 'user',
571 'user_id',
572 [
573 'user_email_token' => md5( $code ),
574 'user_email_token_expires > ' . $db->addQuotes( $db->timestamp() ),
575 ]
576 );
577
578 return $id ? User::newFromId( $id ) : null;
579 }
580
581 /**
582 * Create a new user object using data from session. If the login
583 * credentials are invalid, the result is an anonymous user.
584 *
585 * @param WebRequest|null $request Object to use; $wgRequest will be used if omitted.
586 * @return User
587 */
588 public static function newFromSession( WebRequest $request = null ) {
589 $user = new User;
590 $user->mFrom = 'session';
591 $user->mRequest = $request;
592 return $user;
593 }
594
595 /**
596 * Create a new user object from a user row.
597 * The row should have the following fields from the user table in it:
598 * - either user_name or user_id to load further data if needed (or both)
599 * - user_real_name
600 * - all other fields (email, etc.)
601 * It is useless to provide the remaining fields if either user_id,
602 * user_name and user_real_name are not provided because the whole row
603 * will be loaded once more from the database when accessing them.
604 *
605 * @param stdClass $row A row from the user table
606 * @param array $data Further data to load into the object (see User::loadFromRow for valid keys)
607 * @return User
608 */
609 public static function newFromRow( $row, $data = null ) {
610 $user = new User;
611 $user->loadFromRow( $row, $data );
612 return $user;
613 }
614
615 /**
616 * Static factory method for creation of a "system" user from username.
617 *
618 * A "system" user is an account that's used to attribute logged actions
619 * taken by MediaWiki itself, as opposed to a bot or human user. Examples
620 * might include the 'Maintenance script' or 'Conversion script' accounts
621 * used by various scripts in the maintenance/ directory or accounts such
622 * as 'MediaWiki message delivery' used by the MassMessage extension.
623 *
624 * This can optionally create the user if it doesn't exist, and "steal" the
625 * account if it does exist.
626 *
627 * "Stealing" an existing user is intended to make it impossible for normal
628 * authentication processes to use the account, effectively disabling the
629 * account for normal use:
630 * - Email is invalidated, to prevent account recovery by emailing a
631 * temporary password and to disassociate the account from the existing
632 * human.
633 * - The token is set to a magic invalid value, to kill existing sessions
634 * and to prevent $this->setToken() calls from resetting the token to a
635 * valid value.
636 * - SessionManager is instructed to prevent new sessions for the user, to
637 * do things like deauthorizing OAuth consumers.
638 * - AuthManager is instructed to revoke access, to invalidate or remove
639 * passwords and other credentials.
640 *
641 * @param string $name Username
642 * @param array $options Options are:
643 * - validate: As for User::getCanonicalName(), default 'valid'
644 * - create: Whether to create the user if it doesn't already exist, default true
645 * - steal: Whether to "disable" the account for normal use if it already
646 * exists, default false
647 * @return User|null
648 * @since 1.27
649 */
650 public static function newSystemUser( $name, $options = [] ) {
651 global $wgDisableAuthManager;
652
653 $options += [
654 'validate' => 'valid',
655 'create' => true,
656 'steal' => false,
657 ];
658
659 $name = self::getCanonicalName( $name, $options['validate'] );
660 if ( $name === false ) {
661 return null;
662 }
663
664 $fields = self::selectFields();
665 if ( $wgDisableAuthManager ) {
666 $fields = array_merge( $fields, [ 'user_password', 'user_newpassword' ] );
667 }
668
669 $dbw = wfGetDB( DB_MASTER );
670 $row = $dbw->selectRow(
671 'user',
672 $fields,
673 [ 'user_name' => $name ],
674 __METHOD__
675 );
676 if ( !$row ) {
677 // No user. Create it?
678 return $options['create'] ? self::createNew( $name ) : null;
679 }
680 $user = self::newFromRow( $row );
681
682 // A user is considered to exist as a non-system user if it can
683 // authenticate, or has an email set, or has a non-invalid token.
684 if ( !$user->mEmail && $user->mToken === self::INVALID_TOKEN ) {
685 if ( $wgDisableAuthManager ) {
686 $passwordFactory = new PasswordFactory();
687 $passwordFactory->init( RequestContext::getMain()->getConfig() );
688 try {
689 $password = $passwordFactory->newFromCiphertext( $row->user_password );
690 } catch ( PasswordError $e ) {
691 wfDebug( 'Invalid password hash found in database.' );
692 $password = PasswordFactory::newInvalidPassword();
693 }
694 try {
695 $newpassword = $passwordFactory->newFromCiphertext( $row->user_newpassword );
696 } catch ( PasswordError $e ) {
697 wfDebug( 'Invalid password hash found in database.' );
698 $newpassword = PasswordFactory::newInvalidPassword();
699 }
700 $canAuthenticate = !$password instanceof InvalidPassword ||
701 !$newpassword instanceof InvalidPassword;
702 } else {
703 $canAuthenticate = AuthManager::singleton()->userCanAuthenticate( $name );
704 }
705 }
706 if ( $user->mEmail || $user->mToken !== self::INVALID_TOKEN || $canAuthenticate ) {
707 // User exists. Steal it?
708 if ( !$options['steal'] ) {
709 return null;
710 }
711
712 if ( $wgDisableAuthManager ) {
713 $nopass = PasswordFactory::newInvalidPassword()->toString();
714 $dbw->update(
715 'user',
716 [
717 'user_password' => $nopass,
718 'user_newpassword' => $nopass,
719 'user_newpass_time' => null,
720 ],
721 [ 'user_id' => $user->getId() ],
722 __METHOD__
723 );
724 } else {
725 AuthManager::singleton()->revokeAccessForUser( $name );
726 }
727
728 $user->invalidateEmail();
729 $user->mToken = self::INVALID_TOKEN;
730 $user->saveSettings();
731 SessionManager::singleton()->preventSessionsForUser( $user->getName() );
732 }
733
734 return $user;
735 }
736
737 // @}
738
739 /**
740 * Get the username corresponding to a given user ID
741 * @param int $id User ID
742 * @return string|bool The corresponding username
743 */
744 public static function whoIs( $id ) {
745 return UserCache::singleton()->getProp( $id, 'name' );
746 }
747
748 /**
749 * Get the real name of a user given their user ID
750 *
751 * @param int $id User ID
752 * @return string|bool The corresponding user's real name
753 */
754 public static function whoIsReal( $id ) {
755 return UserCache::singleton()->getProp( $id, 'real_name' );
756 }
757
758 /**
759 * Get database id given a user name
760 * @param string $name Username
761 * @param integer $flags User::READ_* constant bitfield
762 * @return int|null The corresponding user's ID, or null if user is nonexistent
763 */
764 public static function idFromName( $name, $flags = self::READ_NORMAL ) {
765 $nt = Title::makeTitleSafe( NS_USER, $name );
766 if ( is_null( $nt ) ) {
767 // Illegal name
768 return null;
769 }
770
771 if ( !( $flags & self::READ_LATEST ) && isset( self::$idCacheByName[$name] ) ) {
772 return self::$idCacheByName[$name];
773 }
774
775 $db = ( $flags & self::READ_LATEST )
776 ? wfGetDB( DB_MASTER )
777 : wfGetDB( DB_SLAVE );
778
779 $s = $db->selectRow(
780 'user',
781 [ 'user_id' ],
782 [ 'user_name' => $nt->getText() ],
783 __METHOD__
784 );
785
786 if ( $s === false ) {
787 $result = null;
788 } else {
789 $result = $s->user_id;
790 }
791
792 self::$idCacheByName[$name] = $result;
793
794 if ( count( self::$idCacheByName ) > 1000 ) {
795 self::$idCacheByName = [];
796 }
797
798 return $result;
799 }
800
801 /**
802 * Reset the cache used in idFromName(). For use in tests.
803 */
804 public static function resetIdByNameCache() {
805 self::$idCacheByName = [];
806 }
807
808 /**
809 * Does the string match an anonymous IPv4 address?
810 *
811 * This function exists for username validation, in order to reject
812 * usernames which are similar in form to IP addresses. Strings such
813 * as 300.300.300.300 will return true because it looks like an IP
814 * address, despite not being strictly valid.
815 *
816 * We match "\d{1,3}\.\d{1,3}\.\d{1,3}\.xxx" as an anonymous IP
817 * address because the usemod software would "cloak" anonymous IP
818 * addresses like this, if we allowed accounts like this to be created
819 * new users could get the old edits of these anonymous users.
820 *
821 * @param string $name Name to match
822 * @return bool
823 */
824 public static function isIP( $name ) {
825 return preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/', $name )
826 || IP::isIPv6( $name );
827 }
828
829 /**
830 * Is the input a valid username?
831 *
832 * Checks if the input is a valid username, we don't want an empty string,
833 * an IP address, anything that contains slashes (would mess up subpages),
834 * is longer than the maximum allowed username size or doesn't begin with
835 * a capital letter.
836 *
837 * @param string $name Name to match
838 * @return bool
839 */
840 public static function isValidUserName( $name ) {
841 global $wgContLang, $wgMaxNameChars;
842
843 if ( $name == ''
844 || User::isIP( $name )
845 || strpos( $name, '/' ) !== false
846 || strlen( $name ) > $wgMaxNameChars
847 || $name != $wgContLang->ucfirst( $name )
848 ) {
849 return false;
850 }
851
852 // Ensure that the name can't be misresolved as a different title,
853 // such as with extra namespace keys at the start.
854 $parsed = Title::newFromText( $name );
855 if ( is_null( $parsed )
856 || $parsed->getNamespace()
857 || strcmp( $name, $parsed->getPrefixedText() ) ) {
858 return false;
859 }
860
861 // Check an additional blacklist of troublemaker characters.
862 // Should these be merged into the title char list?
863 $unicodeBlacklist = '/[' .
864 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
865 '\x{00a0}' . # non-breaking space
866 '\x{2000}-\x{200f}' . # various whitespace
867 '\x{2028}-\x{202f}' . # breaks and control chars
868 '\x{3000}' . # ideographic space
869 '\x{e000}-\x{f8ff}' . # private use
870 ']/u';
871 if ( preg_match( $unicodeBlacklist, $name ) ) {
872 return false;
873 }
874
875 return true;
876 }
877
878 /**
879 * Usernames which fail to pass this function will be blocked
880 * from user login and new account registrations, but may be used
881 * internally by batch processes.
882 *
883 * If an account already exists in this form, login will be blocked
884 * by a failure to pass this function.
885 *
886 * @param string $name Name to match
887 * @return bool
888 */
889 public static function isUsableName( $name ) {
890 global $wgReservedUsernames;
891 // Must be a valid username, obviously ;)
892 if ( !self::isValidUserName( $name ) ) {
893 return false;
894 }
895
896 static $reservedUsernames = false;
897 if ( !$reservedUsernames ) {
898 $reservedUsernames = $wgReservedUsernames;
899 Hooks::run( 'UserGetReservedNames', [ &$reservedUsernames ] );
900 }
901
902 // Certain names may be reserved for batch processes.
903 foreach ( $reservedUsernames as $reserved ) {
904 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
905 $reserved = wfMessage( substr( $reserved, 4 ) )->inContentLanguage()->text();
906 }
907 if ( $reserved == $name ) {
908 return false;
909 }
910 }
911 return true;
912 }
913
914 /**
915 * Usernames which fail to pass this function will be blocked
916 * from new account registrations, but may be used internally
917 * either by batch processes or by user accounts which have
918 * already been created.
919 *
920 * Additional blacklisting may be added here rather than in
921 * isValidUserName() to avoid disrupting existing accounts.
922 *
923 * @param string $name String to match
924 * @return bool
925 */
926 public static function isCreatableName( $name ) {
927 global $wgInvalidUsernameCharacters;
928
929 // Ensure that the username isn't longer than 235 bytes, so that
930 // (at least for the builtin skins) user javascript and css files
931 // will work. (bug 23080)
932 if ( strlen( $name ) > 235 ) {
933 wfDebugLog( 'username', __METHOD__ .
934 ": '$name' invalid due to length" );
935 return false;
936 }
937
938 // Preg yells if you try to give it an empty string
939 if ( $wgInvalidUsernameCharacters !== '' ) {
940 if ( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
941 wfDebugLog( 'username', __METHOD__ .
942 ": '$name' invalid due to wgInvalidUsernameCharacters" );
943 return false;
944 }
945 }
946
947 return self::isUsableName( $name );
948 }
949
950 /**
951 * Is the input a valid password for this user?
952 *
953 * @param string $password Desired password
954 * @return bool
955 */
956 public function isValidPassword( $password ) {
957 // simple boolean wrapper for getPasswordValidity
958 return $this->getPasswordValidity( $password ) === true;
959 }
960
961 /**
962 * Given unvalidated password input, return error message on failure.
963 *
964 * @param string $password Desired password
965 * @return bool|string|array True on success, string or array of error message on failure
966 */
967 public function getPasswordValidity( $password ) {
968 $result = $this->checkPasswordValidity( $password );
969 if ( $result->isGood() ) {
970 return true;
971 } else {
972 $messages = [];
973 foreach ( $result->getErrorsByType( 'error' ) as $error ) {
974 $messages[] = $error['message'];
975 }
976 foreach ( $result->getErrorsByType( 'warning' ) as $warning ) {
977 $messages[] = $warning['message'];
978 }
979 if ( count( $messages ) === 1 ) {
980 return $messages[0];
981 }
982 return $messages;
983 }
984 }
985
986 /**
987 * Check if this is a valid password for this user
988 *
989 * Create a Status object based on the password's validity.
990 * The Status should be set to fatal if the user should not
991 * be allowed to log in, and should have any errors that
992 * would block changing the password.
993 *
994 * If the return value of this is not OK, the password
995 * should not be checked. If the return value is not Good,
996 * the password can be checked, but the user should not be
997 * able to set their password to this.
998 *
999 * @param string $password Desired password
1000 * @param string $purpose one of 'login', 'create', 'reset'
1001 * @return Status
1002 * @since 1.23
1003 */
1004 public function checkPasswordValidity( $password, $purpose = 'login' ) {
1005 global $wgPasswordPolicy;
1006
1007 $upp = new UserPasswordPolicy(
1008 $wgPasswordPolicy['policies'],
1009 $wgPasswordPolicy['checks']
1010 );
1011
1012 $status = Status::newGood();
1013 $result = false; // init $result to false for the internal checks
1014
1015 if ( !Hooks::run( 'isValidPassword', [ $password, &$result, $this ] ) ) {
1016 $status->error( $result );
1017 return $status;
1018 }
1019
1020 if ( $result === false ) {
1021 $status->merge( $upp->checkUserPassword( $this, $password, $purpose ) );
1022 return $status;
1023 } elseif ( $result === true ) {
1024 return $status;
1025 } else {
1026 $status->error( $result );
1027 return $status; // the isValidPassword hook set a string $result and returned true
1028 }
1029 }
1030
1031 /**
1032 * Given unvalidated user input, return a canonical username, or false if
1033 * the username is invalid.
1034 * @param string $name User input
1035 * @param string|bool $validate Type of validation to use:
1036 * - false No validation
1037 * - 'valid' Valid for batch processes
1038 * - 'usable' Valid for batch processes and login
1039 * - 'creatable' Valid for batch processes, login and account creation
1040 *
1041 * @throws InvalidArgumentException
1042 * @return bool|string
1043 */
1044 public static function getCanonicalName( $name, $validate = 'valid' ) {
1045 // Force usernames to capital
1046 global $wgContLang;
1047 $name = $wgContLang->ucfirst( $name );
1048
1049 # Reject names containing '#'; these will be cleaned up
1050 # with title normalisation, but then it's too late to
1051 # check elsewhere
1052 if ( strpos( $name, '#' ) !== false ) {
1053 return false;
1054 }
1055
1056 // Clean up name according to title rules,
1057 // but only when validation is requested (bug 12654)
1058 $t = ( $validate !== false ) ?
1059 Title::newFromText( $name, NS_USER ) : Title::makeTitle( NS_USER, $name );
1060 // Check for invalid titles
1061 if ( is_null( $t ) || $t->getNamespace() !== NS_USER || $t->isExternal() ) {
1062 return false;
1063 }
1064
1065 // Reject various classes of invalid names
1066 $name = AuthManager::callLegacyAuthPlugin(
1067 'getCanonicalName', [ $t->getText() ], $t->getText()
1068 );
1069
1070 switch ( $validate ) {
1071 case false:
1072 break;
1073 case 'valid':
1074 if ( !User::isValidUserName( $name ) ) {
1075 $name = false;
1076 }
1077 break;
1078 case 'usable':
1079 if ( !User::isUsableName( $name ) ) {
1080 $name = false;
1081 }
1082 break;
1083 case 'creatable':
1084 if ( !User::isCreatableName( $name ) ) {
1085 $name = false;
1086 }
1087 break;
1088 default:
1089 throw new InvalidArgumentException(
1090 'Invalid parameter value for $validate in ' . __METHOD__ );
1091 }
1092 return $name;
1093 }
1094
1095 /**
1096 * Count the number of edits of a user
1097 *
1098 * @param int $uid User ID to check
1099 * @return int The user's edit count
1100 *
1101 * @deprecated since 1.21 in favour of User::getEditCount
1102 */
1103 public static function edits( $uid ) {
1104 wfDeprecated( __METHOD__, '1.21' );
1105 $user = self::newFromId( $uid );
1106 return $user->getEditCount();
1107 }
1108
1109 /**
1110 * Return a random password.
1111 *
1112 * @deprecated since 1.27, use PasswordFactory::generateRandomPasswordString()
1113 * @return string New random password
1114 */
1115 public static function randomPassword() {
1116 global $wgMinimalPasswordLength;
1117 return PasswordFactory::generateRandomPasswordString( $wgMinimalPasswordLength );
1118 }
1119
1120 /**
1121 * Set cached properties to default.
1122 *
1123 * @note This no longer clears uncached lazy-initialised properties;
1124 * the constructor does that instead.
1125 *
1126 * @param string|bool $name
1127 */
1128 public function loadDefaults( $name = false ) {
1129 $this->mId = 0;
1130 $this->mName = $name;
1131 $this->mRealName = '';
1132 $this->mEmail = '';
1133 $this->mOptionOverrides = null;
1134 $this->mOptionsLoaded = false;
1135
1136 $loggedOut = $this->mRequest && !defined( 'MW_NO_SESSION' )
1137 ? $this->mRequest->getSession()->getLoggedOutTimestamp() : 0;
1138 if ( $loggedOut !== 0 ) {
1139 $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
1140 } else {
1141 $this->mTouched = '1'; # Allow any pages to be cached
1142 }
1143
1144 $this->mToken = null; // Don't run cryptographic functions till we need a token
1145 $this->mEmailAuthenticated = null;
1146 $this->mEmailToken = '';
1147 $this->mEmailTokenExpires = null;
1148 $this->mRegistration = wfTimestamp( TS_MW );
1149 $this->mGroups = [];
1150
1151 Hooks::run( 'UserLoadDefaults', [ $this, $name ] );
1152 }
1153
1154 /**
1155 * Return whether an item has been loaded.
1156 *
1157 * @param string $item Item to check. Current possibilities:
1158 * - id
1159 * - name
1160 * - realname
1161 * @param string $all 'all' to check if the whole object has been loaded
1162 * or any other string to check if only the item is available (e.g.
1163 * for optimisation)
1164 * @return bool
1165 */
1166 public function isItemLoaded( $item, $all = 'all' ) {
1167 return ( $this->mLoadedItems === true && $all === 'all' ) ||
1168 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
1169 }
1170
1171 /**
1172 * Set that an item has been loaded
1173 *
1174 * @param string $item
1175 */
1176 protected function setItemLoaded( $item ) {
1177 if ( is_array( $this->mLoadedItems ) ) {
1178 $this->mLoadedItems[$item] = true;
1179 }
1180 }
1181
1182 /**
1183 * Load user data from the session.
1184 *
1185 * @return bool True if the user is logged in, false otherwise.
1186 */
1187 private function loadFromSession() {
1188 // Deprecated hook
1189 $result = null;
1190 Hooks::run( 'UserLoadFromSession', [ $this, &$result ], '1.27' );
1191 if ( $result !== null ) {
1192 return $result;
1193 }
1194
1195 // MediaWiki\Session\Session already did the necessary authentication of the user
1196 // returned here, so just use it if applicable.
1197 $session = $this->getRequest()->getSession();
1198 $user = $session->getUser();
1199 if ( $user->isLoggedIn() ) {
1200 $this->loadFromUserObject( $user );
1201 // Other code expects these to be set in the session, so set them.
1202 $session->set( 'wsUserID', $this->getId() );
1203 $session->set( 'wsUserName', $this->getName() );
1204 $session->set( 'wsToken', $this->getToken() );
1205 return true;
1206 }
1207
1208 return false;
1209 }
1210
1211 /**
1212 * Load user and user_group data from the database.
1213 * $this->mId must be set, this is how the user is identified.
1214 *
1215 * @param integer $flags User::READ_* constant bitfield
1216 * @return bool True if the user exists, false if the user is anonymous
1217 */
1218 public function loadFromDatabase( $flags = self::READ_LATEST ) {
1219 // Paranoia
1220 $this->mId = intval( $this->mId );
1221
1222 if ( !$this->mId ) {
1223 // Anonymous users are not in the database
1224 $this->loadDefaults();
1225 return false;
1226 }
1227
1228 list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
1229 $db = wfGetDB( $index );
1230
1231 $s = $db->selectRow(
1232 'user',
1233 self::selectFields(),
1234 [ 'user_id' => $this->mId ],
1235 __METHOD__,
1236 $options
1237 );
1238
1239 $this->queryFlagsUsed = $flags;
1240 Hooks::run( 'UserLoadFromDatabase', [ $this, &$s ] );
1241
1242 if ( $s !== false ) {
1243 // Initialise user table data
1244 $this->loadFromRow( $s );
1245 $this->mGroups = null; // deferred
1246 $this->getEditCount(); // revalidation for nulls
1247 return true;
1248 } else {
1249 // Invalid user_id
1250 $this->mId = 0;
1251 $this->loadDefaults();
1252 return false;
1253 }
1254 }
1255
1256 /**
1257 * Initialize this object from a row from the user table.
1258 *
1259 * @param stdClass $row Row from the user table to load.
1260 * @param array $data Further user data to load into the object
1261 *
1262 * user_groups Array with groups out of the user_groups table
1263 * user_properties Array with properties out of the user_properties table
1264 */
1265 protected function loadFromRow( $row, $data = null ) {
1266 $all = true;
1267
1268 $this->mGroups = null; // deferred
1269
1270 if ( isset( $row->user_name ) ) {
1271 $this->mName = $row->user_name;
1272 $this->mFrom = 'name';
1273 $this->setItemLoaded( 'name' );
1274 } else {
1275 $all = false;
1276 }
1277
1278 if ( isset( $row->user_real_name ) ) {
1279 $this->mRealName = $row->user_real_name;
1280 $this->setItemLoaded( 'realname' );
1281 } else {
1282 $all = false;
1283 }
1284
1285 if ( isset( $row->user_id ) ) {
1286 $this->mId = intval( $row->user_id );
1287 $this->mFrom = 'id';
1288 $this->setItemLoaded( 'id' );
1289 } else {
1290 $all = false;
1291 }
1292
1293 if ( isset( $row->user_id ) && isset( $row->user_name ) ) {
1294 self::$idCacheByName[$row->user_name] = $row->user_id;
1295 }
1296
1297 if ( isset( $row->user_editcount ) ) {
1298 $this->mEditCount = $row->user_editcount;
1299 } else {
1300 $all = false;
1301 }
1302
1303 if ( isset( $row->user_touched ) ) {
1304 $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
1305 } else {
1306 $all = false;
1307 }
1308
1309 if ( isset( $row->user_token ) ) {
1310 // The definition for the column is binary(32), so trim the NULs
1311 // that appends. The previous definition was char(32), so trim
1312 // spaces too.
1313 $this->mToken = rtrim( $row->user_token, " \0" );
1314 if ( $this->mToken === '' ) {
1315 $this->mToken = null;
1316 }
1317 } else {
1318 $all = false;
1319 }
1320
1321 if ( isset( $row->user_email ) ) {
1322 $this->mEmail = $row->user_email;
1323 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1324 $this->mEmailToken = $row->user_email_token;
1325 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1326 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1327 } else {
1328 $all = false;
1329 }
1330
1331 if ( $all ) {
1332 $this->mLoadedItems = true;
1333 }
1334
1335 if ( is_array( $data ) ) {
1336 if ( isset( $data['user_groups'] ) && is_array( $data['user_groups'] ) ) {
1337 $this->mGroups = $data['user_groups'];
1338 }
1339 if ( isset( $data['user_properties'] ) && is_array( $data['user_properties'] ) ) {
1340 $this->loadOptions( $data['user_properties'] );
1341 }
1342 }
1343 }
1344
1345 /**
1346 * Load the data for this user object from another user object.
1347 *
1348 * @param User $user
1349 */
1350 protected function loadFromUserObject( $user ) {
1351 $user->load();
1352 $user->loadGroups();
1353 $user->loadOptions();
1354 foreach ( self::$mCacheVars as $var ) {
1355 $this->$var = $user->$var;
1356 }
1357 }
1358
1359 /**
1360 * Load the groups from the database if they aren't already loaded.
1361 */
1362 private function loadGroups() {
1363 if ( is_null( $this->mGroups ) ) {
1364 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
1365 ? wfGetDB( DB_MASTER )
1366 : wfGetDB( DB_SLAVE );
1367 $res = $db->select( 'user_groups',
1368 [ 'ug_group' ],
1369 [ 'ug_user' => $this->mId ],
1370 __METHOD__ );
1371 $this->mGroups = [];
1372 foreach ( $res as $row ) {
1373 $this->mGroups[] = $row->ug_group;
1374 }
1375 }
1376 }
1377
1378 /**
1379 * Add the user to the group if he/she meets given criteria.
1380 *
1381 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1382 * possible to remove manually via Special:UserRights. In such case it
1383 * will not be re-added automatically. The user will also not lose the
1384 * group if they no longer meet the criteria.
1385 *
1386 * @param string $event Key in $wgAutopromoteOnce (each one has groups/criteria)
1387 *
1388 * @return array Array of groups the user has been promoted to.
1389 *
1390 * @see $wgAutopromoteOnce
1391 */
1392 public function addAutopromoteOnceGroups( $event ) {
1393 global $wgAutopromoteOnceLogInRC;
1394
1395 if ( wfReadOnly() || !$this->getId() ) {
1396 return [];
1397 }
1398
1399 $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1400 if ( !count( $toPromote ) ) {
1401 return [];
1402 }
1403
1404 if ( !$this->checkAndSetTouched() ) {
1405 return []; // raced out (bug T48834)
1406 }
1407
1408 $oldGroups = $this->getGroups(); // previous groups
1409 foreach ( $toPromote as $group ) {
1410 $this->addGroup( $group );
1411 }
1412 // update groups in external authentication database
1413 Hooks::run( 'UserGroupsChanged', [ $this, $toPromote, [], false, false ] );
1414 AuthManager::callLegacyAuthPlugin( 'updateExternalDBGroups', [ $this, $toPromote ] );
1415
1416 $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1417
1418 $logEntry = new ManualLogEntry( 'rights', 'autopromote' );
1419 $logEntry->setPerformer( $this );
1420 $logEntry->setTarget( $this->getUserPage() );
1421 $logEntry->setParameters( [
1422 '4::oldgroups' => $oldGroups,
1423 '5::newgroups' => $newGroups,
1424 ] );
1425 $logid = $logEntry->insert();
1426 if ( $wgAutopromoteOnceLogInRC ) {
1427 $logEntry->publish( $logid );
1428 }
1429
1430 return $toPromote;
1431 }
1432
1433 /**
1434 * Builds update conditions. Additional conditions may be added to $conditions to
1435 * protected against race conditions using a compare-and-set (CAS) mechanism
1436 * based on comparing $this->mTouched with the user_touched field.
1437 *
1438 * @param DatabaseBase $db
1439 * @param array $conditions WHERE conditions for use with DatabaseBase::update
1440 * @return array WHERE conditions for use with DatabaseBase::update
1441 */
1442 protected function makeUpdateConditions( DatabaseBase $db, array $conditions ) {
1443 if ( $this->mTouched ) {
1444 // CAS check: only update if the row wasn't changed sicne it was loaded.
1445 $conditions['user_touched'] = $db->timestamp( $this->mTouched );
1446 }
1447
1448 return $conditions;
1449 }
1450
1451 /**
1452 * Bump user_touched if it didn't change since this object was loaded
1453 *
1454 * On success, the mTouched field is updated.
1455 * The user serialization cache is always cleared.
1456 *
1457 * @return bool Whether user_touched was actually updated
1458 * @since 1.26
1459 */
1460 protected function checkAndSetTouched() {
1461 $this->load();
1462
1463 if ( !$this->mId ) {
1464 return false; // anon
1465 }
1466
1467 // Get a new user_touched that is higher than the old one
1468 $newTouched = $this->newTouchedTimestamp();
1469
1470 $dbw = wfGetDB( DB_MASTER );
1471 $dbw->update( 'user',
1472 [ 'user_touched' => $dbw->timestamp( $newTouched ) ],
1473 $this->makeUpdateConditions( $dbw, [
1474 'user_id' => $this->mId,
1475 ] ),
1476 __METHOD__
1477 );
1478 $success = ( $dbw->affectedRows() > 0 );
1479
1480 if ( $success ) {
1481 $this->mTouched = $newTouched;
1482 $this->clearSharedCache();
1483 } else {
1484 // Clears on failure too since that is desired if the cache is stale
1485 $this->clearSharedCache( 'refresh' );
1486 }
1487
1488 return $success;
1489 }
1490
1491 /**
1492 * Clear various cached data stored in this object. The cache of the user table
1493 * data (i.e. self::$mCacheVars) is not cleared unless $reloadFrom is given.
1494 *
1495 * @param bool|string $reloadFrom Reload user and user_groups table data from a
1496 * given source. May be "name", "id", "defaults", "session", or false for no reload.
1497 */
1498 public function clearInstanceCache( $reloadFrom = false ) {
1499 $this->mNewtalk = -1;
1500 $this->mDatePreference = null;
1501 $this->mBlockedby = -1; # Unset
1502 $this->mHash = false;
1503 $this->mRights = null;
1504 $this->mEffectiveGroups = null;
1505 $this->mImplicitGroups = null;
1506 $this->mGroups = null;
1507 $this->mOptions = null;
1508 $this->mOptionsLoaded = false;
1509 $this->mEditCount = null;
1510
1511 if ( $reloadFrom ) {
1512 $this->mLoadedItems = [];
1513 $this->mFrom = $reloadFrom;
1514 }
1515 }
1516
1517 /**
1518 * Combine the language default options with any site-specific options
1519 * and add the default language variants.
1520 *
1521 * @return array Array of String options
1522 */
1523 public static function getDefaultOptions() {
1524 global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1525
1526 static $defOpt = null;
1527 if ( !defined( 'MW_PHPUNIT_TEST' ) && $defOpt !== null ) {
1528 // Disabling this for the unit tests, as they rely on being able to change $wgContLang
1529 // mid-request and see that change reflected in the return value of this function.
1530 // Which is insane and would never happen during normal MW operation
1531 return $defOpt;
1532 }
1533
1534 $defOpt = $wgDefaultUserOptions;
1535 // Default language setting
1536 $defOpt['language'] = $wgContLang->getCode();
1537 foreach ( LanguageConverter::$languagesWithVariants as $langCode ) {
1538 $defOpt[$langCode == $wgContLang->getCode() ? 'variant' : "variant-$langCode"] = $langCode;
1539 }
1540 $namespaces = MediaWikiServices::getInstance()->getSearchEngineConfig()->searchableNamespaces();
1541 foreach ( $namespaces as $nsnum => $nsname ) {
1542 $defOpt['searchNs' . $nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1543 }
1544 $defOpt['skin'] = Skin::normalizeKey( $wgDefaultSkin );
1545
1546 Hooks::run( 'UserGetDefaultOptions', [ &$defOpt ] );
1547
1548 return $defOpt;
1549 }
1550
1551 /**
1552 * Get a given default option value.
1553 *
1554 * @param string $opt Name of option to retrieve
1555 * @return string Default option value
1556 */
1557 public static function getDefaultOption( $opt ) {
1558 $defOpts = self::getDefaultOptions();
1559 if ( isset( $defOpts[$opt] ) ) {
1560 return $defOpts[$opt];
1561 } else {
1562 return null;
1563 }
1564 }
1565
1566 /**
1567 * Get blocking information
1568 * @param bool $bFromSlave Whether to check the slave database first.
1569 * To improve performance, non-critical checks are done against slaves.
1570 * Check when actually saving should be done against master.
1571 */
1572 private function getBlockedStatus( $bFromSlave = true ) {
1573 global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff;
1574
1575 if ( -1 != $this->mBlockedby ) {
1576 return;
1577 }
1578
1579 wfDebug( __METHOD__ . ": checking...\n" );
1580
1581 // Initialize data...
1582 // Otherwise something ends up stomping on $this->mBlockedby when
1583 // things get lazy-loaded later, causing false positive block hits
1584 // due to -1 !== 0. Probably session-related... Nothing should be
1585 // overwriting mBlockedby, surely?
1586 $this->load();
1587
1588 # We only need to worry about passing the IP address to the Block generator if the
1589 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1590 # know which IP address they're actually coming from
1591 $ip = null;
1592 if ( !$this->isAllowed( 'ipblock-exempt' ) ) {
1593 // $wgUser->getName() only works after the end of Setup.php. Until
1594 // then, assume it's a logged-out user.
1595 $globalUserName = $wgUser->isSafeToLoad()
1596 ? $wgUser->getName()
1597 : IP::sanitizeIP( $wgUser->getRequest()->getIP() );
1598 if ( $this->getName() === $globalUserName ) {
1599 $ip = $this->getRequest()->getIP();
1600 }
1601 }
1602
1603 // User/IP blocking
1604 $block = Block::newFromTarget( $this, $ip, !$bFromSlave );
1605
1606 // Proxy blocking
1607 if ( !$block instanceof Block && $ip !== null && !in_array( $ip, $wgProxyWhitelist ) ) {
1608 // Local list
1609 if ( self::isLocallyBlockedProxy( $ip ) ) {
1610 $block = new Block;
1611 $block->setBlocker( wfMessage( 'proxyblocker' )->text() );
1612 $block->mReason = wfMessage( 'proxyblockreason' )->text();
1613 $block->setTarget( $ip );
1614 } elseif ( $this->isAnon() && $this->isDnsBlacklisted( $ip ) ) {
1615 $block = new Block;
1616 $block->setBlocker( wfMessage( 'sorbs' )->text() );
1617 $block->mReason = wfMessage( 'sorbsreason' )->text();
1618 $block->setTarget( $ip );
1619 }
1620 }
1621
1622 // (bug 23343) Apply IP blocks to the contents of XFF headers, if enabled
1623 if ( !$block instanceof Block
1624 && $wgApplyIpBlocksToXff
1625 && $ip !== null
1626 && !in_array( $ip, $wgProxyWhitelist )
1627 ) {
1628 $xff = $this->getRequest()->getHeader( 'X-Forwarded-For' );
1629 $xff = array_map( 'trim', explode( ',', $xff ) );
1630 $xff = array_diff( $xff, [ $ip ] );
1631 $xffblocks = Block::getBlocksForIPList( $xff, $this->isAnon(), !$bFromSlave );
1632 $block = Block::chooseBlock( $xffblocks, $xff );
1633 if ( $block instanceof Block ) {
1634 # Mangle the reason to alert the user that the block
1635 # originated from matching the X-Forwarded-For header.
1636 $block->mReason = wfMessage( 'xffblockreason', $block->mReason )->text();
1637 }
1638 }
1639
1640 if ( $block instanceof Block ) {
1641 wfDebug( __METHOD__ . ": Found block.\n" );
1642 $this->mBlock = $block;
1643 $this->mBlockedby = $block->getByName();
1644 $this->mBlockreason = $block->mReason;
1645 $this->mHideName = $block->mHideName;
1646 $this->mAllowUsertalk = !$block->prevents( 'editownusertalk' );
1647 } else {
1648 $this->mBlockedby = '';
1649 $this->mHideName = 0;
1650 $this->mAllowUsertalk = false;
1651 }
1652
1653 // Extensions
1654 Hooks::run( 'GetBlockedStatus', [ &$this ] );
1655
1656 }
1657
1658 /**
1659 * Whether the given IP is in a DNS blacklist.
1660 *
1661 * @param string $ip IP to check
1662 * @param bool $checkWhitelist Whether to check the whitelist first
1663 * @return bool True if blacklisted.
1664 */
1665 public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1666 global $wgEnableDnsBlacklist, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1667
1668 if ( !$wgEnableDnsBlacklist ) {
1669 return false;
1670 }
1671
1672 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) ) {
1673 return false;
1674 }
1675
1676 return $this->inDnsBlacklist( $ip, $wgDnsBlacklistUrls );
1677 }
1678
1679 /**
1680 * Whether the given IP is in a given DNS blacklist.
1681 *
1682 * @param string $ip IP to check
1683 * @param string|array $bases Array of Strings: URL of the DNS blacklist
1684 * @return bool True if blacklisted.
1685 */
1686 public function inDnsBlacklist( $ip, $bases ) {
1687
1688 $found = false;
1689 // @todo FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1690 if ( IP::isIPv4( $ip ) ) {
1691 // Reverse IP, bug 21255
1692 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1693
1694 foreach ( (array)$bases as $base ) {
1695 // Make hostname
1696 // If we have an access key, use that too (ProjectHoneypot, etc.)
1697 $basename = $base;
1698 if ( is_array( $base ) ) {
1699 if ( count( $base ) >= 2 ) {
1700 // Access key is 1, base URL is 0
1701 $host = "{$base[1]}.$ipReversed.{$base[0]}";
1702 } else {
1703 $host = "$ipReversed.{$base[0]}";
1704 }
1705 $basename = $base[0];
1706 } else {
1707 $host = "$ipReversed.$base";
1708 }
1709
1710 // Send query
1711 $ipList = gethostbynamel( $host );
1712
1713 if ( $ipList ) {
1714 wfDebugLog( 'dnsblacklist', "Hostname $host is {$ipList[0]}, it's a proxy says $basename!" );
1715 $found = true;
1716 break;
1717 } else {
1718 wfDebugLog( 'dnsblacklist', "Requested $host, not found in $basename." );
1719 }
1720 }
1721 }
1722
1723 return $found;
1724 }
1725
1726 /**
1727 * Check if an IP address is in the local proxy list
1728 *
1729 * @param string $ip
1730 *
1731 * @return bool
1732 */
1733 public static function isLocallyBlockedProxy( $ip ) {
1734 global $wgProxyList;
1735
1736 if ( !$wgProxyList ) {
1737 return false;
1738 }
1739
1740 if ( !is_array( $wgProxyList ) ) {
1741 // Load from the specified file
1742 $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
1743 }
1744
1745 if ( !is_array( $wgProxyList ) ) {
1746 $ret = false;
1747 } elseif ( array_search( $ip, $wgProxyList ) !== false ) {
1748 $ret = true;
1749 } elseif ( array_key_exists( $ip, $wgProxyList ) ) {
1750 // Old-style flipped proxy list
1751 $ret = true;
1752 } else {
1753 $ret = false;
1754 }
1755 return $ret;
1756 }
1757
1758 /**
1759 * Is this user subject to rate limiting?
1760 *
1761 * @return bool True if rate limited
1762 */
1763 public function isPingLimitable() {
1764 global $wgRateLimitsExcludedIPs;
1765 if ( in_array( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
1766 // No other good way currently to disable rate limits
1767 // for specific IPs. :P
1768 // But this is a crappy hack and should die.
1769 return false;
1770 }
1771 return !$this->isAllowed( 'noratelimit' );
1772 }
1773
1774 /**
1775 * Primitive rate limits: enforce maximum actions per time period
1776 * to put a brake on flooding.
1777 *
1778 * The method generates both a generic profiling point and a per action one
1779 * (suffix being "-$action".
1780 *
1781 * @note When using a shared cache like memcached, IP-address
1782 * last-hit counters will be shared across wikis.
1783 *
1784 * @param string $action Action to enforce; 'edit' if unspecified
1785 * @param int $incrBy Positive amount to increment counter by [defaults to 1]
1786 * @return bool True if a rate limiter was tripped
1787 */
1788 public function pingLimiter( $action = 'edit', $incrBy = 1 ) {
1789 // Call the 'PingLimiter' hook
1790 $result = false;
1791 if ( !Hooks::run( 'PingLimiter', [ &$this, $action, &$result, $incrBy ] ) ) {
1792 return $result;
1793 }
1794
1795 global $wgRateLimits;
1796 if ( !isset( $wgRateLimits[$action] ) ) {
1797 return false;
1798 }
1799
1800 // Some groups shouldn't trigger the ping limiter, ever
1801 if ( !$this->isPingLimitable() ) {
1802 return false;
1803 }
1804
1805 $limits = $wgRateLimits[$action];
1806 $keys = [];
1807 $id = $this->getId();
1808 $userLimit = false;
1809 $isNewbie = $this->isNewbie();
1810
1811 if ( $id == 0 ) {
1812 // limits for anons
1813 if ( isset( $limits['anon'] ) ) {
1814 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1815 }
1816 } else {
1817 // limits for logged-in users
1818 if ( isset( $limits['user'] ) ) {
1819 $userLimit = $limits['user'];
1820 }
1821 // limits for newbie logged-in users
1822 if ( $isNewbie && isset( $limits['newbie'] ) ) {
1823 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1824 }
1825 }
1826
1827 // limits for anons and for newbie logged-in users
1828 if ( $isNewbie ) {
1829 // ip-based limits
1830 if ( isset( $limits['ip'] ) ) {
1831 $ip = $this->getRequest()->getIP();
1832 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1833 }
1834 // subnet-based limits
1835 if ( isset( $limits['subnet'] ) ) {
1836 $ip = $this->getRequest()->getIP();
1837 $subnet = IP::getSubnet( $ip );
1838 if ( $subnet !== false ) {
1839 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1840 }
1841 }
1842 }
1843
1844 // Check for group-specific permissions
1845 // If more than one group applies, use the group with the highest limit ratio (max/period)
1846 foreach ( $this->getGroups() as $group ) {
1847 if ( isset( $limits[$group] ) ) {
1848 if ( $userLimit === false
1849 || $limits[$group][0] / $limits[$group][1] > $userLimit[0] / $userLimit[1]
1850 ) {
1851 $userLimit = $limits[$group];
1852 }
1853 }
1854 }
1855
1856 // Set the user limit key
1857 if ( $userLimit !== false ) {
1858 list( $max, $period ) = $userLimit;
1859 wfDebug( __METHOD__ . ": effective user limit: $max in {$period}s\n" );
1860 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $userLimit;
1861 }
1862
1863 // ip-based limits for all ping-limitable users
1864 if ( isset( $limits['ip-all'] ) ) {
1865 $ip = $this->getRequest()->getIP();
1866 // ignore if user limit is more permissive
1867 if ( $isNewbie || $userLimit === false
1868 || $limits['ip-all'][0] / $limits['ip-all'][1] > $userLimit[0] / $userLimit[1] ) {
1869 $keys["mediawiki:limiter:$action:ip-all:$ip"] = $limits['ip-all'];
1870 }
1871 }
1872
1873 // subnet-based limits for all ping-limitable users
1874 if ( isset( $limits['subnet-all'] ) ) {
1875 $ip = $this->getRequest()->getIP();
1876 $subnet = IP::getSubnet( $ip );
1877 if ( $subnet !== false ) {
1878 // ignore if user limit is more permissive
1879 if ( $isNewbie || $userLimit === false
1880 || $limits['ip-all'][0] / $limits['ip-all'][1]
1881 > $userLimit[0] / $userLimit[1] ) {
1882 $keys["mediawiki:limiter:$action:subnet-all:$subnet"] = $limits['subnet-all'];
1883 }
1884 }
1885 }
1886
1887 $cache = ObjectCache::getLocalClusterInstance();
1888
1889 $triggered = false;
1890 foreach ( $keys as $key => $limit ) {
1891 list( $max, $period ) = $limit;
1892 $summary = "(limit $max in {$period}s)";
1893 $count = $cache->get( $key );
1894 // Already pinged?
1895 if ( $count ) {
1896 if ( $count >= $max ) {
1897 wfDebugLog( 'ratelimit', "User '{$this->getName()}' " .
1898 "(IP {$this->getRequest()->getIP()}) tripped $key at $count $summary" );
1899 $triggered = true;
1900 } else {
1901 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1902 }
1903 } else {
1904 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1905 if ( $incrBy > 0 ) {
1906 $cache->add( $key, 0, intval( $period ) ); // first ping
1907 }
1908 }
1909 if ( $incrBy > 0 ) {
1910 $cache->incr( $key, $incrBy );
1911 }
1912 }
1913
1914 return $triggered;
1915 }
1916
1917 /**
1918 * Check if user is blocked
1919 *
1920 * @param bool $bFromSlave Whether to check the slave database instead of
1921 * the master. Hacked from false due to horrible probs on site.
1922 * @return bool True if blocked, false otherwise
1923 */
1924 public function isBlocked( $bFromSlave = true ) {
1925 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
1926 }
1927
1928 /**
1929 * Get the block affecting the user, or null if the user is not blocked
1930 *
1931 * @param bool $bFromSlave Whether to check the slave database instead of the master
1932 * @return Block|null
1933 */
1934 public function getBlock( $bFromSlave = true ) {
1935 $this->getBlockedStatus( $bFromSlave );
1936 return $this->mBlock instanceof Block ? $this->mBlock : null;
1937 }
1938
1939 /**
1940 * Check if user is blocked from editing a particular article
1941 *
1942 * @param Title $title Title to check
1943 * @param bool $bFromSlave Whether to check the slave database instead of the master
1944 * @return bool
1945 */
1946 public function isBlockedFrom( $title, $bFromSlave = false ) {
1947 global $wgBlockAllowsUTEdit;
1948
1949 $blocked = $this->isBlocked( $bFromSlave );
1950 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1951 // If a user's name is suppressed, they cannot make edits anywhere
1952 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName()
1953 && $title->getNamespace() == NS_USER_TALK ) {
1954 $blocked = false;
1955 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1956 }
1957
1958 Hooks::run( 'UserIsBlockedFrom', [ $this, $title, &$blocked, &$allowUsertalk ] );
1959
1960 return $blocked;
1961 }
1962
1963 /**
1964 * If user is blocked, return the name of the user who placed the block
1965 * @return string Name of blocker
1966 */
1967 public function blockedBy() {
1968 $this->getBlockedStatus();
1969 return $this->mBlockedby;
1970 }
1971
1972 /**
1973 * If user is blocked, return the specified reason for the block
1974 * @return string Blocking reason
1975 */
1976 public function blockedFor() {
1977 $this->getBlockedStatus();
1978 return $this->mBlockreason;
1979 }
1980
1981 /**
1982 * If user is blocked, return the ID for the block
1983 * @return int Block ID
1984 */
1985 public function getBlockId() {
1986 $this->getBlockedStatus();
1987 return ( $this->mBlock ? $this->mBlock->getId() : false );
1988 }
1989
1990 /**
1991 * Check if user is blocked on all wikis.
1992 * Do not use for actual edit permission checks!
1993 * This is intended for quick UI checks.
1994 *
1995 * @param string $ip IP address, uses current client if none given
1996 * @return bool True if blocked, false otherwise
1997 */
1998 public function isBlockedGlobally( $ip = '' ) {
1999 return $this->getGlobalBlock( $ip ) instanceof Block;
2000 }
2001
2002 /**
2003 * Check if user is blocked on all wikis.
2004 * Do not use for actual edit permission checks!
2005 * This is intended for quick UI checks.
2006 *
2007 * @param string $ip IP address, uses current client if none given
2008 * @return Block|null Block object if blocked, null otherwise
2009 * @throws FatalError
2010 * @throws MWException
2011 */
2012 public function getGlobalBlock( $ip = '' ) {
2013 if ( $this->mGlobalBlock !== null ) {
2014 return $this->mGlobalBlock ?: null;
2015 }
2016 // User is already an IP?
2017 if ( IP::isIPAddress( $this->getName() ) ) {
2018 $ip = $this->getName();
2019 } elseif ( !$ip ) {
2020 $ip = $this->getRequest()->getIP();
2021 }
2022 $blocked = false;
2023 $block = null;
2024 Hooks::run( 'UserIsBlockedGlobally', [ &$this, $ip, &$blocked, &$block ] );
2025
2026 if ( $blocked && $block === null ) {
2027 // back-compat: UserIsBlockedGlobally didn't have $block param first
2028 $block = new Block;
2029 $block->setTarget( $ip );
2030 }
2031
2032 $this->mGlobalBlock = $blocked ? $block : false;
2033 return $this->mGlobalBlock ?: null;
2034 }
2035
2036 /**
2037 * Check if user account is locked
2038 *
2039 * @return bool True if locked, false otherwise
2040 */
2041 public function isLocked() {
2042 if ( $this->mLocked !== null ) {
2043 return $this->mLocked;
2044 }
2045 $authUser = AuthManager::callLegacyAuthPlugin( 'getUserInstance', [ &$this ], null );
2046 $this->mLocked = $authUser && $authUser->isLocked();
2047 Hooks::run( 'UserIsLocked', [ $this, &$this->mLocked ] );
2048 return $this->mLocked;
2049 }
2050
2051 /**
2052 * Check if user account is hidden
2053 *
2054 * @return bool True if hidden, false otherwise
2055 */
2056 public function isHidden() {
2057 if ( $this->mHideName !== null ) {
2058 return $this->mHideName;
2059 }
2060 $this->getBlockedStatus();
2061 if ( !$this->mHideName ) {
2062 $authUser = AuthManager::callLegacyAuthPlugin( 'getUserInstance', [ &$this ], null );
2063 $this->mHideName = $authUser && $authUser->isHidden();
2064 Hooks::run( 'UserIsHidden', [ $this, &$this->mHideName ] );
2065 }
2066 return $this->mHideName;
2067 }
2068
2069 /**
2070 * Get the user's ID.
2071 * @return int The user's ID; 0 if the user is anonymous or nonexistent
2072 */
2073 public function getId() {
2074 if ( $this->mId === null && $this->mName !== null && User::isIP( $this->mName ) ) {
2075 // Special case, we know the user is anonymous
2076 return 0;
2077 } elseif ( !$this->isItemLoaded( 'id' ) ) {
2078 // Don't load if this was initialized from an ID
2079 $this->load();
2080 }
2081
2082 return (int)$this->mId;
2083 }
2084
2085 /**
2086 * Set the user and reload all fields according to a given ID
2087 * @param int $v User ID to reload
2088 */
2089 public function setId( $v ) {
2090 $this->mId = $v;
2091 $this->clearInstanceCache( 'id' );
2092 }
2093
2094 /**
2095 * Get the user name, or the IP of an anonymous user
2096 * @return string User's name or IP address
2097 */
2098 public function getName() {
2099 if ( $this->isItemLoaded( 'name', 'only' ) ) {
2100 // Special case optimisation
2101 return $this->mName;
2102 } else {
2103 $this->load();
2104 if ( $this->mName === false ) {
2105 // Clean up IPs
2106 $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
2107 }
2108 return $this->mName;
2109 }
2110 }
2111
2112 /**
2113 * Set the user name.
2114 *
2115 * This does not reload fields from the database according to the given
2116 * name. Rather, it is used to create a temporary "nonexistent user" for
2117 * later addition to the database. It can also be used to set the IP
2118 * address for an anonymous user to something other than the current
2119 * remote IP.
2120 *
2121 * @note User::newFromName() has roughly the same function, when the named user
2122 * does not exist.
2123 * @param string $str New user name to set
2124 */
2125 public function setName( $str ) {
2126 $this->load();
2127 $this->mName = $str;
2128 }
2129
2130 /**
2131 * Get the user's name escaped by underscores.
2132 * @return string Username escaped by underscores.
2133 */
2134 public function getTitleKey() {
2135 return str_replace( ' ', '_', $this->getName() );
2136 }
2137
2138 /**
2139 * Check if the user has new messages.
2140 * @return bool True if the user has new messages
2141 */
2142 public function getNewtalk() {
2143 $this->load();
2144
2145 // Load the newtalk status if it is unloaded (mNewtalk=-1)
2146 if ( $this->mNewtalk === -1 ) {
2147 $this->mNewtalk = false; # reset talk page status
2148
2149 // Check memcached separately for anons, who have no
2150 // entire User object stored in there.
2151 if ( !$this->mId ) {
2152 global $wgDisableAnonTalk;
2153 if ( $wgDisableAnonTalk ) {
2154 // Anon newtalk disabled by configuration.
2155 $this->mNewtalk = false;
2156 } else {
2157 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName() );
2158 }
2159 } else {
2160 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
2161 }
2162 }
2163
2164 return (bool)$this->mNewtalk;
2165 }
2166
2167 /**
2168 * Return the data needed to construct links for new talk page message
2169 * alerts. If there are new messages, this will return an associative array
2170 * with the following data:
2171 * wiki: The database name of the wiki
2172 * link: Root-relative link to the user's talk page
2173 * rev: The last talk page revision that the user has seen or null. This
2174 * is useful for building diff links.
2175 * If there are no new messages, it returns an empty array.
2176 * @note This function was designed to accomodate multiple talk pages, but
2177 * currently only returns a single link and revision.
2178 * @return array
2179 */
2180 public function getNewMessageLinks() {
2181 $talks = [];
2182 if ( !Hooks::run( 'UserRetrieveNewTalks', [ &$this, &$talks ] ) ) {
2183 return $talks;
2184 } elseif ( !$this->getNewtalk() ) {
2185 return [];
2186 }
2187 $utp = $this->getTalkPage();
2188 $dbr = wfGetDB( DB_SLAVE );
2189 // Get the "last viewed rev" timestamp from the oldest message notification
2190 $timestamp = $dbr->selectField( 'user_newtalk',
2191 'MIN(user_last_timestamp)',
2192 $this->isAnon() ? [ 'user_ip' => $this->getName() ] : [ 'user_id' => $this->getId() ],
2193 __METHOD__ );
2194 $rev = $timestamp ? Revision::loadFromTimestamp( $dbr, $utp, $timestamp ) : null;
2195 return [ [ 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL(), 'rev' => $rev ] ];
2196 }
2197
2198 /**
2199 * Get the revision ID for the last talk page revision viewed by the talk
2200 * page owner.
2201 * @return int|null Revision ID or null
2202 */
2203 public function getNewMessageRevisionId() {
2204 $newMessageRevisionId = null;
2205 $newMessageLinks = $this->getNewMessageLinks();
2206 if ( $newMessageLinks ) {
2207 // Note: getNewMessageLinks() never returns more than a single link
2208 // and it is always for the same wiki, but we double-check here in
2209 // case that changes some time in the future.
2210 if ( count( $newMessageLinks ) === 1
2211 && $newMessageLinks[0]['wiki'] === wfWikiID()
2212 && $newMessageLinks[0]['rev']
2213 ) {
2214 /** @var Revision $newMessageRevision */
2215 $newMessageRevision = $newMessageLinks[0]['rev'];
2216 $newMessageRevisionId = $newMessageRevision->getId();
2217 }
2218 }
2219 return $newMessageRevisionId;
2220 }
2221
2222 /**
2223 * Internal uncached check for new messages
2224 *
2225 * @see getNewtalk()
2226 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2227 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2228 * @return bool True if the user has new messages
2229 */
2230 protected function checkNewtalk( $field, $id ) {
2231 $dbr = wfGetDB( DB_SLAVE );
2232
2233 $ok = $dbr->selectField( 'user_newtalk', $field, [ $field => $id ], __METHOD__ );
2234
2235 return $ok !== false;
2236 }
2237
2238 /**
2239 * Add or update the new messages flag
2240 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2241 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2242 * @param Revision|null $curRev New, as yet unseen revision of the user talk page. Ignored if null.
2243 * @return bool True if successful, false otherwise
2244 */
2245 protected function updateNewtalk( $field, $id, $curRev = null ) {
2246 // Get timestamp of the talk page revision prior to the current one
2247 $prevRev = $curRev ? $curRev->getPrevious() : false;
2248 $ts = $prevRev ? $prevRev->getTimestamp() : null;
2249 // Mark the user as having new messages since this revision
2250 $dbw = wfGetDB( DB_MASTER );
2251 $dbw->insert( 'user_newtalk',
2252 [ $field => $id, 'user_last_timestamp' => $dbw->timestampOrNull( $ts ) ],
2253 __METHOD__,
2254 'IGNORE' );
2255 if ( $dbw->affectedRows() ) {
2256 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
2257 return true;
2258 } else {
2259 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
2260 return false;
2261 }
2262 }
2263
2264 /**
2265 * Clear the new messages flag for the given user
2266 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2267 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2268 * @return bool True if successful, false otherwise
2269 */
2270 protected function deleteNewtalk( $field, $id ) {
2271 $dbw = wfGetDB( DB_MASTER );
2272 $dbw->delete( 'user_newtalk',
2273 [ $field => $id ],
2274 __METHOD__ );
2275 if ( $dbw->affectedRows() ) {
2276 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
2277 return true;
2278 } else {
2279 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
2280 return false;
2281 }
2282 }
2283
2284 /**
2285 * Update the 'You have new messages!' status.
2286 * @param bool $val Whether the user has new messages
2287 * @param Revision $curRev New, as yet unseen revision of the user talk
2288 * page. Ignored if null or !$val.
2289 */
2290 public function setNewtalk( $val, $curRev = null ) {
2291 if ( wfReadOnly() ) {
2292 return;
2293 }
2294
2295 $this->load();
2296 $this->mNewtalk = $val;
2297
2298 if ( $this->isAnon() ) {
2299 $field = 'user_ip';
2300 $id = $this->getName();
2301 } else {
2302 $field = 'user_id';
2303 $id = $this->getId();
2304 }
2305
2306 if ( $val ) {
2307 $changed = $this->updateNewtalk( $field, $id, $curRev );
2308 } else {
2309 $changed = $this->deleteNewtalk( $field, $id );
2310 }
2311
2312 if ( $changed ) {
2313 $this->invalidateCache();
2314 }
2315 }
2316
2317 /**
2318 * Generate a current or new-future timestamp to be stored in the
2319 * user_touched field when we update things.
2320 * @return string Timestamp in TS_MW format
2321 */
2322 private function newTouchedTimestamp() {
2323 global $wgClockSkewFudge;
2324
2325 $time = wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
2326 if ( $this->mTouched && $time <= $this->mTouched ) {
2327 $time = wfTimestamp( TS_MW, wfTimestamp( TS_UNIX, $this->mTouched ) + 1 );
2328 }
2329
2330 return $time;
2331 }
2332
2333 /**
2334 * Clear user data from memcached
2335 *
2336 * Use after applying updates to the database; caller's
2337 * responsibility to update user_touched if appropriate.
2338 *
2339 * Called implicitly from invalidateCache() and saveSettings().
2340 *
2341 * @param string $mode Use 'refresh' to clear now; otherwise before DB commit
2342 */
2343 public function clearSharedCache( $mode = 'changed' ) {
2344 if ( !$this->getId() ) {
2345 return;
2346 }
2347
2348 $cache = ObjectCache::getMainWANInstance();
2349 $key = $this->getCacheKey( $cache );
2350 if ( $mode === 'refresh' ) {
2351 $cache->delete( $key, 1 );
2352 } else {
2353 wfGetDB( DB_MASTER )->onTransactionPreCommitOrIdle(
2354 function() use ( $cache, $key ) {
2355 $cache->delete( $key );
2356 }
2357 );
2358 }
2359 }
2360
2361 /**
2362 * Immediately touch the user data cache for this account
2363 *
2364 * Calls touch() and removes account data from memcached
2365 */
2366 public function invalidateCache() {
2367 $this->touch();
2368 $this->clearSharedCache();
2369 }
2370
2371 /**
2372 * Update the "touched" timestamp for the user
2373 *
2374 * This is useful on various login/logout events when making sure that
2375 * a browser or proxy that has multiple tenants does not suffer cache
2376 * pollution where the new user sees the old users content. The value
2377 * of getTouched() is checked when determining 304 vs 200 responses.
2378 * Unlike invalidateCache(), this preserves the User object cache and
2379 * avoids database writes.
2380 *
2381 * @since 1.25
2382 */
2383 public function touch() {
2384 $id = $this->getId();
2385 if ( $id ) {
2386 $key = wfMemcKey( 'user-quicktouched', 'id', $id );
2387 ObjectCache::getMainWANInstance()->touchCheckKey( $key );
2388 $this->mQuickTouched = null;
2389 }
2390 }
2391
2392 /**
2393 * Validate the cache for this account.
2394 * @param string $timestamp A timestamp in TS_MW format
2395 * @return bool
2396 */
2397 public function validateCache( $timestamp ) {
2398 return ( $timestamp >= $this->getTouched() );
2399 }
2400
2401 /**
2402 * Get the user touched timestamp
2403 *
2404 * Use this value only to validate caches via inequalities
2405 * such as in the case of HTTP If-Modified-Since response logic
2406 *
2407 * @return string TS_MW Timestamp
2408 */
2409 public function getTouched() {
2410 $this->load();
2411
2412 if ( $this->mId ) {
2413 if ( $this->mQuickTouched === null ) {
2414 $key = wfMemcKey( 'user-quicktouched', 'id', $this->mId );
2415 $cache = ObjectCache::getMainWANInstance();
2416
2417 $this->mQuickTouched = wfTimestamp( TS_MW, $cache->getCheckKeyTime( $key ) );
2418 }
2419
2420 return max( $this->mTouched, $this->mQuickTouched );
2421 }
2422
2423 return $this->mTouched;
2424 }
2425
2426 /**
2427 * Get the user_touched timestamp field (time of last DB updates)
2428 * @return string TS_MW Timestamp
2429 * @since 1.26
2430 */
2431 public function getDBTouched() {
2432 $this->load();
2433
2434 return $this->mTouched;
2435 }
2436
2437 /**
2438 * @deprecated Removed in 1.27.
2439 * @return Password
2440 * @since 1.24
2441 */
2442 public function getPassword() {
2443 throw new BadMethodCallException( __METHOD__ . ' has been removed in 1.27' );
2444 }
2445
2446 /**
2447 * @deprecated Removed in 1.27.
2448 * @return Password
2449 * @since 1.24
2450 */
2451 public function getTemporaryPassword() {
2452 throw new BadMethodCallException( __METHOD__ . ' has been removed in 1.27' );
2453 }
2454
2455 /**
2456 * Set the password and reset the random token.
2457 * Calls through to authentication plugin if necessary;
2458 * will have no effect if the auth plugin refuses to
2459 * pass the change through or if the legal password
2460 * checks fail.
2461 *
2462 * As a special case, setting the password to null
2463 * wipes it, so the account cannot be logged in until
2464 * a new password is set, for instance via e-mail.
2465 *
2466 * @deprecated since 1.27, use AuthManager instead
2467 * @param string $str New password to set
2468 * @throws PasswordError On failure
2469 * @return bool
2470 */
2471 public function setPassword( $str ) {
2472 global $wgAuth, $wgDisableAuthManager;
2473
2474 if ( !$wgDisableAuthManager ) {
2475 return $this->setPasswordInternal( $str );
2476 }
2477
2478 if ( $str !== null ) {
2479 if ( !$wgAuth->allowPasswordChange() ) {
2480 throw new PasswordError( wfMessage( 'password-change-forbidden' )->text() );
2481 }
2482
2483 $status = $this->checkPasswordValidity( $str );
2484 if ( !$status->isGood() ) {
2485 throw new PasswordError( $status->getMessage()->text() );
2486 }
2487 }
2488
2489 if ( !$wgAuth->setPassword( $this, $str ) ) {
2490 throw new PasswordError( wfMessage( 'externaldberror' )->text() );
2491 }
2492
2493 $this->setOption( 'watchlisttoken', false );
2494 $this->setPasswordInternal( $str );
2495
2496 return true;
2497 }
2498
2499 /**
2500 * Set the password and reset the random token unconditionally.
2501 *
2502 * @deprecated since 1.27, use AuthManager instead
2503 * @param string|null $str New password to set or null to set an invalid
2504 * password hash meaning that the user will not be able to log in
2505 * through the web interface.
2506 */
2507 public function setInternalPassword( $str ) {
2508 global $wgAuth, $wgDisableAuthManager;
2509
2510 if ( !$wgDisableAuthManager ) {
2511 $this->setPasswordInternal( $str );
2512 }
2513
2514 if ( $wgAuth->allowSetLocalPassword() ) {
2515 $this->setOption( 'watchlisttoken', false );
2516 $this->setPasswordInternal( $str );
2517 }
2518 }
2519
2520 /**
2521 * Actually set the password and such
2522 * @since 1.27 cannot set a password for a user not in the database
2523 * @param string|null $str New password to set or null to set an invalid
2524 * password hash meaning that the user will not be able to log in
2525 * through the web interface.
2526 * @return bool Success
2527 */
2528 private function setPasswordInternal( $str ) {
2529 global $wgDisableAuthManager;
2530
2531 if ( $wgDisableAuthManager ) {
2532 $id = self::idFromName( $this->getName(), self::READ_LATEST );
2533 if ( $id == 0 ) {
2534 throw new LogicException( 'Cannot set a password for a user that is not in the database.' );
2535 }
2536
2537 $passwordFactory = new PasswordFactory();
2538 $passwordFactory->init( RequestContext::getMain()->getConfig() );
2539 $dbw = wfGetDB( DB_MASTER );
2540 $dbw->update(
2541 'user',
2542 [
2543 'user_password' => $passwordFactory->newFromPlaintext( $str )->toString(),
2544 'user_newpassword' => PasswordFactory::newInvalidPassword()->toString(),
2545 'user_newpass_time' => $dbw->timestampOrNull( null ),
2546 ],
2547 [
2548 'user_id' => $id,
2549 ],
2550 __METHOD__
2551 );
2552
2553 // When the main password is changed, invalidate all bot passwords too
2554 BotPassword::invalidateAllPasswordsForUser( $this->getName() );
2555 } else {
2556 $manager = AuthManager::singleton();
2557
2558 // If the user doesn't exist yet, fail
2559 if ( !$manager->userExists( $this->getName() ) ) {
2560 throw new LogicException( 'Cannot set a password for a user that is not in the database.' );
2561 }
2562
2563 $data = [
2564 'username' => $this->getName(),
2565 'password' => $str,
2566 'retype' => $str,
2567 ];
2568 $reqs = $manager->getAuthenticationRequests( AuthManager::ACTION_CHANGE, $this );
2569 $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
2570 foreach ( $reqs as $req ) {
2571 $status = $manager->allowsAuthenticationDataChange( $req );
2572 if ( !$status->isOk() ) {
2573 \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' )
2574 ->info( __METHOD__ . ': Password change rejected: ' . $status->getWikiText() );
2575 return false;
2576 }
2577 }
2578 foreach ( $reqs as $req ) {
2579 $manager->changeAuthenticationData( $req );
2580 }
2581
2582 $this->setOption( 'watchlisttoken', false );
2583 }
2584
2585 SessionManager::singleton()->invalidateSessionsForUser( $this );
2586
2587 return true;
2588 }
2589
2590 /**
2591 * Get the user's current token.
2592 * @param bool $forceCreation Force the generation of a new token if the
2593 * user doesn't have one (default=true for backwards compatibility).
2594 * @return string|null Token
2595 */
2596 public function getToken( $forceCreation = true ) {
2597 global $wgAuthenticationTokenVersion;
2598
2599 $this->load();
2600 if ( !$this->mToken && $forceCreation ) {
2601 $this->setToken();
2602 }
2603
2604 if ( !$this->mToken ) {
2605 // The user doesn't have a token, return null to indicate that.
2606 return null;
2607 } elseif ( $this->mToken === self::INVALID_TOKEN ) {
2608 // We return a random value here so existing token checks are very
2609 // likely to fail.
2610 return MWCryptRand::generateHex( self::TOKEN_LENGTH );
2611 } elseif ( $wgAuthenticationTokenVersion === null ) {
2612 // $wgAuthenticationTokenVersion not in use, so return the raw secret
2613 return $this->mToken;
2614 } else {
2615 // $wgAuthenticationTokenVersion in use, so hmac it.
2616 $ret = MWCryptHash::hmac( $wgAuthenticationTokenVersion, $this->mToken, false );
2617
2618 // The raw hash can be overly long. Shorten it up.
2619 $len = max( 32, self::TOKEN_LENGTH );
2620 if ( strlen( $ret ) < $len ) {
2621 // Should never happen, even md5 is 128 bits
2622 throw new \UnexpectedValueException( 'Hmac returned less than 128 bits' );
2623 }
2624 return substr( $ret, -$len );
2625 }
2626 }
2627
2628 /**
2629 * Set the random token (used for persistent authentication)
2630 * Called from loadDefaults() among other places.
2631 *
2632 * @param string|bool $token If specified, set the token to this value
2633 */
2634 public function setToken( $token = false ) {
2635 $this->load();
2636 if ( $this->mToken === self::INVALID_TOKEN ) {
2637 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
2638 ->debug( __METHOD__ . ": Ignoring attempt to set token for system user \"$this\"" );
2639 } elseif ( !$token ) {
2640 $this->mToken = MWCryptRand::generateHex( self::TOKEN_LENGTH );
2641 } else {
2642 $this->mToken = $token;
2643 }
2644 }
2645
2646 /**
2647 * Set the password for a password reminder or new account email
2648 *
2649 * @deprecated Removed in 1.27. Use PasswordReset instead.
2650 * @param string $str New password to set or null to set an invalid
2651 * password hash meaning that the user will not be able to use it
2652 * @param bool $throttle If true, reset the throttle timestamp to the present
2653 */
2654 public function setNewpassword( $str, $throttle = true ) {
2655 global $wgDisableAuthManager;
2656
2657 if ( $wgDisableAuthManager ) {
2658 $id = $this->getId();
2659 if ( $id == 0 ) {
2660 throw new LogicException( 'Cannot set new password for a user that is not in the database.' );
2661 }
2662
2663 $dbw = wfGetDB( DB_MASTER );
2664
2665 $passwordFactory = new PasswordFactory();
2666 $passwordFactory->init( RequestContext::getMain()->getConfig() );
2667 $update = [
2668 'user_newpassword' => $passwordFactory->newFromPlaintext( $str )->toString(),
2669 ];
2670
2671 if ( $str === null ) {
2672 $update['user_newpass_time'] = null;
2673 } elseif ( $throttle ) {
2674 $update['user_newpass_time'] = $dbw->timestamp();
2675 }
2676
2677 $dbw->update( 'user', $update, [ 'user_id' => $id ], __METHOD__ );
2678 } else {
2679 throw new BadMethodCallException( __METHOD__ . ' has been removed in 1.27' );
2680 }
2681 }
2682
2683 /**
2684 * Has password reminder email been sent within the last
2685 * $wgPasswordReminderResendTime hours?
2686 * @deprecated Removed in 1.27. See above.
2687 * @return bool
2688 */
2689 public function isPasswordReminderThrottled() {
2690 global $wgPasswordReminderResendTime, $wgDisableAuthManager;
2691
2692 if ( $wgDisableAuthManager ) {
2693 if ( !$wgPasswordReminderResendTime ) {
2694 return false;
2695 }
2696
2697 $this->load();
2698
2699 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
2700 ? wfGetDB( DB_MASTER )
2701 : wfGetDB( DB_SLAVE );
2702 $newpassTime = $db->selectField(
2703 'user',
2704 'user_newpass_time',
2705 [ 'user_id' => $this->getId() ],
2706 __METHOD__
2707 );
2708
2709 if ( $newpassTime === null ) {
2710 return false;
2711 }
2712 $expiry = wfTimestamp( TS_UNIX, $newpassTime ) + $wgPasswordReminderResendTime * 3600;
2713 return time() < $expiry;
2714 } else {
2715 throw new BadMethodCallException( __METHOD__ . ' has been removed in 1.27' );
2716 }
2717 }
2718
2719 /**
2720 * Get the user's e-mail address
2721 * @return string User's email address
2722 */
2723 public function getEmail() {
2724 $this->load();
2725 Hooks::run( 'UserGetEmail', [ $this, &$this->mEmail ] );
2726 return $this->mEmail;
2727 }
2728
2729 /**
2730 * Get the timestamp of the user's e-mail authentication
2731 * @return string TS_MW timestamp
2732 */
2733 public function getEmailAuthenticationTimestamp() {
2734 $this->load();
2735 Hooks::run( 'UserGetEmailAuthenticationTimestamp', [ $this, &$this->mEmailAuthenticated ] );
2736 return $this->mEmailAuthenticated;
2737 }
2738
2739 /**
2740 * Set the user's e-mail address
2741 * @param string $str New e-mail address
2742 */
2743 public function setEmail( $str ) {
2744 $this->load();
2745 if ( $str == $this->mEmail ) {
2746 return;
2747 }
2748 $this->invalidateEmail();
2749 $this->mEmail = $str;
2750 Hooks::run( 'UserSetEmail', [ $this, &$this->mEmail ] );
2751 }
2752
2753 /**
2754 * Set the user's e-mail address and a confirmation mail if needed.
2755 *
2756 * @since 1.20
2757 * @param string $str New e-mail address
2758 * @return Status
2759 */
2760 public function setEmailWithConfirmation( $str ) {
2761 global $wgEnableEmail, $wgEmailAuthentication;
2762
2763 if ( !$wgEnableEmail ) {
2764 return Status::newFatal( 'emaildisabled' );
2765 }
2766
2767 $oldaddr = $this->getEmail();
2768 if ( $str === $oldaddr ) {
2769 return Status::newGood( true );
2770 }
2771
2772 $type = $oldaddr != '' ? 'changed' : 'set';
2773 $notificationResult = null;
2774
2775 if ( $wgEmailAuthentication ) {
2776 // Send the user an email notifying the user of the change in registered
2777 // email address on their previous email address
2778 if ( $type == 'changed' ) {
2779 $change = $str != '' ? 'changed' : 'removed';
2780 $notificationResult = $this->sendMail(
2781 wfMessage( 'notificationemail_subject_' . $change )->text(),
2782 wfMessage( 'notificationemail_body_' . $change,
2783 $this->getRequest()->getIP(),
2784 $this->getName(),
2785 $str )->text()
2786 );
2787 }
2788 }
2789
2790 $this->setEmail( $str );
2791
2792 if ( $str !== '' && $wgEmailAuthentication ) {
2793 // Send a confirmation request to the new address if needed
2794 $result = $this->sendConfirmationMail( $type );
2795
2796 if ( $notificationResult !== null ) {
2797 $result->merge( $notificationResult );
2798 }
2799
2800 if ( $result->isGood() ) {
2801 // Say to the caller that a confirmation and notification mail has been sent
2802 $result->value = 'eauth';
2803 }
2804 } else {
2805 $result = Status::newGood( true );
2806 }
2807
2808 return $result;
2809 }
2810
2811 /**
2812 * Get the user's real name
2813 * @return string User's real name
2814 */
2815 public function getRealName() {
2816 if ( !$this->isItemLoaded( 'realname' ) ) {
2817 $this->load();
2818 }
2819
2820 return $this->mRealName;
2821 }
2822
2823 /**
2824 * Set the user's real name
2825 * @param string $str New real name
2826 */
2827 public function setRealName( $str ) {
2828 $this->load();
2829 $this->mRealName = $str;
2830 }
2831
2832 /**
2833 * Get the user's current setting for a given option.
2834 *
2835 * @param string $oname The option to check
2836 * @param string $defaultOverride A default value returned if the option does not exist
2837 * @param bool $ignoreHidden Whether to ignore the effects of $wgHiddenPrefs
2838 * @return string User's current value for the option
2839 * @see getBoolOption()
2840 * @see getIntOption()
2841 */
2842 public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
2843 global $wgHiddenPrefs;
2844 $this->loadOptions();
2845
2846 # We want 'disabled' preferences to always behave as the default value for
2847 # users, even if they have set the option explicitly in their settings (ie they
2848 # set it, and then it was disabled removing their ability to change it). But
2849 # we don't want to erase the preferences in the database in case the preference
2850 # is re-enabled again. So don't touch $mOptions, just override the returned value
2851 if ( !$ignoreHidden && in_array( $oname, $wgHiddenPrefs ) ) {
2852 return self::getDefaultOption( $oname );
2853 }
2854
2855 if ( array_key_exists( $oname, $this->mOptions ) ) {
2856 return $this->mOptions[$oname];
2857 } else {
2858 return $defaultOverride;
2859 }
2860 }
2861
2862 /**
2863 * Get all user's options
2864 *
2865 * @param int $flags Bitwise combination of:
2866 * User::GETOPTIONS_EXCLUDE_DEFAULTS Exclude user options that are set
2867 * to the default value. (Since 1.25)
2868 * @return array
2869 */
2870 public function getOptions( $flags = 0 ) {
2871 global $wgHiddenPrefs;
2872 $this->loadOptions();
2873 $options = $this->mOptions;
2874
2875 # We want 'disabled' preferences to always behave as the default value for
2876 # users, even if they have set the option explicitly in their settings (ie they
2877 # set it, and then it was disabled removing their ability to change it). But
2878 # we don't want to erase the preferences in the database in case the preference
2879 # is re-enabled again. So don't touch $mOptions, just override the returned value
2880 foreach ( $wgHiddenPrefs as $pref ) {
2881 $default = self::getDefaultOption( $pref );
2882 if ( $default !== null ) {
2883 $options[$pref] = $default;
2884 }
2885 }
2886
2887 if ( $flags & self::GETOPTIONS_EXCLUDE_DEFAULTS ) {
2888 $options = array_diff_assoc( $options, self::getDefaultOptions() );
2889 }
2890
2891 return $options;
2892 }
2893
2894 /**
2895 * Get the user's current setting for a given option, as a boolean value.
2896 *
2897 * @param string $oname The option to check
2898 * @return bool User's current value for the option
2899 * @see getOption()
2900 */
2901 public function getBoolOption( $oname ) {
2902 return (bool)$this->getOption( $oname );
2903 }
2904
2905 /**
2906 * Get the user's current setting for a given option, as an integer value.
2907 *
2908 * @param string $oname The option to check
2909 * @param int $defaultOverride A default value returned if the option does not exist
2910 * @return int User's current value for the option
2911 * @see getOption()
2912 */
2913 public function getIntOption( $oname, $defaultOverride = 0 ) {
2914 $val = $this->getOption( $oname );
2915 if ( $val == '' ) {
2916 $val = $defaultOverride;
2917 }
2918 return intval( $val );
2919 }
2920
2921 /**
2922 * Set the given option for a user.
2923 *
2924 * You need to call saveSettings() to actually write to the database.
2925 *
2926 * @param string $oname The option to set
2927 * @param mixed $val New value to set
2928 */
2929 public function setOption( $oname, $val ) {
2930 $this->loadOptions();
2931
2932 // Explicitly NULL values should refer to defaults
2933 if ( is_null( $val ) ) {
2934 $val = self::getDefaultOption( $oname );
2935 }
2936
2937 $this->mOptions[$oname] = $val;
2938 }
2939
2940 /**
2941 * Get a token stored in the preferences (like the watchlist one),
2942 * resetting it if it's empty (and saving changes).
2943 *
2944 * @param string $oname The option name to retrieve the token from
2945 * @return string|bool User's current value for the option, or false if this option is disabled.
2946 * @see resetTokenFromOption()
2947 * @see getOption()
2948 * @deprecated 1.26 Applications should use the OAuth extension
2949 */
2950 public function getTokenFromOption( $oname ) {
2951 global $wgHiddenPrefs;
2952
2953 $id = $this->getId();
2954 if ( !$id || in_array( $oname, $wgHiddenPrefs ) ) {
2955 return false;
2956 }
2957
2958 $token = $this->getOption( $oname );
2959 if ( !$token ) {
2960 // Default to a value based on the user token to avoid space
2961 // wasted on storing tokens for all users. When this option
2962 // is set manually by the user, only then is it stored.
2963 $token = hash_hmac( 'sha1', "$oname:$id", $this->getToken() );
2964 }
2965
2966 return $token;
2967 }
2968
2969 /**
2970 * Reset a token stored in the preferences (like the watchlist one).
2971 * *Does not* save user's preferences (similarly to setOption()).
2972 *
2973 * @param string $oname The option name to reset the token in
2974 * @return string|bool New token value, or false if this option is disabled.
2975 * @see getTokenFromOption()
2976 * @see setOption()
2977 */
2978 public function resetTokenFromOption( $oname ) {
2979 global $wgHiddenPrefs;
2980 if ( in_array( $oname, $wgHiddenPrefs ) ) {
2981 return false;
2982 }
2983
2984 $token = MWCryptRand::generateHex( 40 );
2985 $this->setOption( $oname, $token );
2986 return $token;
2987 }
2988
2989 /**
2990 * Return a list of the types of user options currently returned by
2991 * User::getOptionKinds().
2992 *
2993 * Currently, the option kinds are:
2994 * - 'registered' - preferences which are registered in core MediaWiki or
2995 * by extensions using the UserGetDefaultOptions hook.
2996 * - 'registered-multiselect' - as above, using the 'multiselect' type.
2997 * - 'registered-checkmatrix' - as above, using the 'checkmatrix' type.
2998 * - 'userjs' - preferences with names starting with 'userjs-', intended to
2999 * be used by user scripts.
3000 * - 'special' - "preferences" that are not accessible via User::getOptions
3001 * or User::setOptions.
3002 * - 'unused' - preferences about which MediaWiki doesn't know anything.
3003 * These are usually legacy options, removed in newer versions.
3004 *
3005 * The API (and possibly others) use this function to determine the possible
3006 * option types for validation purposes, so make sure to update this when a
3007 * new option kind is added.
3008 *
3009 * @see User::getOptionKinds
3010 * @return array Option kinds
3011 */
3012 public static function listOptionKinds() {
3013 return [
3014 'registered',
3015 'registered-multiselect',
3016 'registered-checkmatrix',
3017 'userjs',
3018 'special',
3019 'unused'
3020 ];
3021 }
3022
3023 /**
3024 * Return an associative array mapping preferences keys to the kind of a preference they're
3025 * used for. Different kinds are handled differently when setting or reading preferences.
3026 *
3027 * See User::listOptionKinds for the list of valid option types that can be provided.
3028 *
3029 * @see User::listOptionKinds
3030 * @param IContextSource $context
3031 * @param array $options Assoc. array with options keys to check as keys.
3032 * Defaults to $this->mOptions.
3033 * @return array The key => kind mapping data
3034 */
3035 public function getOptionKinds( IContextSource $context, $options = null ) {
3036 $this->loadOptions();
3037 if ( $options === null ) {
3038 $options = $this->mOptions;
3039 }
3040
3041 $prefs = Preferences::getPreferences( $this, $context );
3042 $mapping = [];
3043
3044 // Pull out the "special" options, so they don't get converted as
3045 // multiselect or checkmatrix.
3046 $specialOptions = array_fill_keys( Preferences::getSaveBlacklist(), true );
3047 foreach ( $specialOptions as $name => $value ) {
3048 unset( $prefs[$name] );
3049 }
3050
3051 // Multiselect and checkmatrix options are stored in the database with
3052 // one key per option, each having a boolean value. Extract those keys.
3053 $multiselectOptions = [];
3054 foreach ( $prefs as $name => $info ) {
3055 if ( ( isset( $info['type'] ) && $info['type'] == 'multiselect' ) ||
3056 ( isset( $info['class'] ) && $info['class'] == 'HTMLMultiSelectField' ) ) {
3057 $opts = HTMLFormField::flattenOptions( $info['options'] );
3058 $prefix = isset( $info['prefix'] ) ? $info['prefix'] : $name;
3059
3060 foreach ( $opts as $value ) {
3061 $multiselectOptions["$prefix$value"] = true;
3062 }
3063
3064 unset( $prefs[$name] );
3065 }
3066 }
3067 $checkmatrixOptions = [];
3068 foreach ( $prefs as $name => $info ) {
3069 if ( ( isset( $info['type'] ) && $info['type'] == 'checkmatrix' ) ||
3070 ( isset( $info['class'] ) && $info['class'] == 'HTMLCheckMatrix' ) ) {
3071 $columns = HTMLFormField::flattenOptions( $info['columns'] );
3072 $rows = HTMLFormField::flattenOptions( $info['rows'] );
3073 $prefix = isset( $info['prefix'] ) ? $info['prefix'] : $name;
3074
3075 foreach ( $columns as $column ) {
3076 foreach ( $rows as $row ) {
3077 $checkmatrixOptions["$prefix$column-$row"] = true;
3078 }
3079 }
3080
3081 unset( $prefs[$name] );
3082 }
3083 }
3084
3085 // $value is ignored
3086 foreach ( $options as $key => $value ) {
3087 if ( isset( $prefs[$key] ) ) {
3088 $mapping[$key] = 'registered';
3089 } elseif ( isset( $multiselectOptions[$key] ) ) {
3090 $mapping[$key] = 'registered-multiselect';
3091 } elseif ( isset( $checkmatrixOptions[$key] ) ) {
3092 $mapping[$key] = 'registered-checkmatrix';
3093 } elseif ( isset( $specialOptions[$key] ) ) {
3094 $mapping[$key] = 'special';
3095 } elseif ( substr( $key, 0, 7 ) === 'userjs-' ) {
3096 $mapping[$key] = 'userjs';
3097 } else {
3098 $mapping[$key] = 'unused';
3099 }
3100 }
3101
3102 return $mapping;
3103 }
3104
3105 /**
3106 * Reset certain (or all) options to the site defaults
3107 *
3108 * The optional parameter determines which kinds of preferences will be reset.
3109 * Supported values are everything that can be reported by getOptionKinds()
3110 * and 'all', which forces a reset of *all* preferences and overrides everything else.
3111 *
3112 * @param array|string $resetKinds Which kinds of preferences to reset. Defaults to
3113 * array( 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' )
3114 * for backwards-compatibility.
3115 * @param IContextSource|null $context Context source used when $resetKinds
3116 * does not contain 'all', passed to getOptionKinds().
3117 * Defaults to RequestContext::getMain() when null.
3118 */
3119 public function resetOptions(
3120 $resetKinds = [ 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' ],
3121 IContextSource $context = null
3122 ) {
3123 $this->load();
3124 $defaultOptions = self::getDefaultOptions();
3125
3126 if ( !is_array( $resetKinds ) ) {
3127 $resetKinds = [ $resetKinds ];
3128 }
3129
3130 if ( in_array( 'all', $resetKinds ) ) {
3131 $newOptions = $defaultOptions;
3132 } else {
3133 if ( $context === null ) {
3134 $context = RequestContext::getMain();
3135 }
3136
3137 $optionKinds = $this->getOptionKinds( $context );
3138 $resetKinds = array_intersect( $resetKinds, self::listOptionKinds() );
3139 $newOptions = [];
3140
3141 // Use default values for the options that should be deleted, and
3142 // copy old values for the ones that shouldn't.
3143 foreach ( $this->mOptions as $key => $value ) {
3144 if ( in_array( $optionKinds[$key], $resetKinds ) ) {
3145 if ( array_key_exists( $key, $defaultOptions ) ) {
3146 $newOptions[$key] = $defaultOptions[$key];
3147 }
3148 } else {
3149 $newOptions[$key] = $value;
3150 }
3151 }
3152 }
3153
3154 Hooks::run( 'UserResetAllOptions', [ $this, &$newOptions, $this->mOptions, $resetKinds ] );
3155
3156 $this->mOptions = $newOptions;
3157 $this->mOptionsLoaded = true;
3158 }
3159
3160 /**
3161 * Get the user's preferred date format.
3162 * @return string User's preferred date format
3163 */
3164 public function getDatePreference() {
3165 // Important migration for old data rows
3166 if ( is_null( $this->mDatePreference ) ) {
3167 global $wgLang;
3168 $value = $this->getOption( 'date' );
3169 $map = $wgLang->getDatePreferenceMigrationMap();
3170 if ( isset( $map[$value] ) ) {
3171 $value = $map[$value];
3172 }
3173 $this->mDatePreference = $value;
3174 }
3175 return $this->mDatePreference;
3176 }
3177
3178 /**
3179 * Determine based on the wiki configuration and the user's options,
3180 * whether this user must be over HTTPS no matter what.
3181 *
3182 * @return bool
3183 */
3184 public function requiresHTTPS() {
3185 global $wgSecureLogin;
3186 if ( !$wgSecureLogin ) {
3187 return false;
3188 } else {
3189 $https = $this->getBoolOption( 'prefershttps' );
3190 Hooks::run( 'UserRequiresHTTPS', [ $this, &$https ] );
3191 if ( $https ) {
3192 $https = wfCanIPUseHTTPS( $this->getRequest()->getIP() );
3193 }
3194 return $https;
3195 }
3196 }
3197
3198 /**
3199 * Get the user preferred stub threshold
3200 *
3201 * @return int
3202 */
3203 public function getStubThreshold() {
3204 global $wgMaxArticleSize; # Maximum article size, in Kb
3205 $threshold = $this->getIntOption( 'stubthreshold' );
3206 if ( $threshold > $wgMaxArticleSize * 1024 ) {
3207 // If they have set an impossible value, disable the preference
3208 // so we can use the parser cache again.
3209 $threshold = 0;
3210 }
3211 return $threshold;
3212 }
3213
3214 /**
3215 * Get the permissions this user has.
3216 * @return array Array of String permission names
3217 */
3218 public function getRights() {
3219 if ( is_null( $this->mRights ) ) {
3220 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
3221
3222 // Deny any rights denied by the user's session, unless this
3223 // endpoint has no sessions.
3224 if ( !defined( 'MW_NO_SESSION' ) ) {
3225 $allowedRights = $this->getRequest()->getSession()->getAllowedUserRights();
3226 if ( $allowedRights !== null ) {
3227 $this->mRights = array_intersect( $this->mRights, $allowedRights );
3228 }
3229 }
3230
3231 Hooks::run( 'UserGetRights', [ $this, &$this->mRights ] );
3232 // Force reindexation of rights when a hook has unset one of them
3233 $this->mRights = array_values( array_unique( $this->mRights ) );
3234 }
3235 return $this->mRights;
3236 }
3237
3238 /**
3239 * Get the list of explicit group memberships this user has.
3240 * The implicit * and user groups are not included.
3241 * @return array Array of String internal group names
3242 */
3243 public function getGroups() {
3244 $this->load();
3245 $this->loadGroups();
3246 return $this->mGroups;
3247 }
3248
3249 /**
3250 * Get the list of implicit group memberships this user has.
3251 * This includes all explicit groups, plus 'user' if logged in,
3252 * '*' for all accounts, and autopromoted groups
3253 * @param bool $recache Whether to avoid the cache
3254 * @return array Array of String internal group names
3255 */
3256 public function getEffectiveGroups( $recache = false ) {
3257 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
3258 $this->mEffectiveGroups = array_unique( array_merge(
3259 $this->getGroups(), // explicit groups
3260 $this->getAutomaticGroups( $recache ) // implicit groups
3261 ) );
3262 // Hook for additional groups
3263 Hooks::run( 'UserEffectiveGroups', [ &$this, &$this->mEffectiveGroups ] );
3264 // Force reindexation of groups when a hook has unset one of them
3265 $this->mEffectiveGroups = array_values( array_unique( $this->mEffectiveGroups ) );
3266 }
3267 return $this->mEffectiveGroups;
3268 }
3269
3270 /**
3271 * Get the list of implicit group memberships this user has.
3272 * This includes 'user' if logged in, '*' for all accounts,
3273 * and autopromoted groups
3274 * @param bool $recache Whether to avoid the cache
3275 * @return array Array of String internal group names
3276 */
3277 public function getAutomaticGroups( $recache = false ) {
3278 if ( $recache || is_null( $this->mImplicitGroups ) ) {
3279 $this->mImplicitGroups = [ '*' ];
3280 if ( $this->getId() ) {
3281 $this->mImplicitGroups[] = 'user';
3282
3283 $this->mImplicitGroups = array_unique( array_merge(
3284 $this->mImplicitGroups,
3285 Autopromote::getAutopromoteGroups( $this )
3286 ) );
3287 }
3288 if ( $recache ) {
3289 // Assure data consistency with rights/groups,
3290 // as getEffectiveGroups() depends on this function
3291 $this->mEffectiveGroups = null;
3292 }
3293 }
3294 return $this->mImplicitGroups;
3295 }
3296
3297 /**
3298 * Returns the groups the user has belonged to.
3299 *
3300 * The user may still belong to the returned groups. Compare with getGroups().
3301 *
3302 * The function will not return groups the user had belonged to before MW 1.17
3303 *
3304 * @return array Names of the groups the user has belonged to.
3305 */
3306 public function getFormerGroups() {
3307 $this->load();
3308
3309 if ( is_null( $this->mFormerGroups ) ) {
3310 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
3311 ? wfGetDB( DB_MASTER )
3312 : wfGetDB( DB_SLAVE );
3313 $res = $db->select( 'user_former_groups',
3314 [ 'ufg_group' ],
3315 [ 'ufg_user' => $this->mId ],
3316 __METHOD__ );
3317 $this->mFormerGroups = [];
3318 foreach ( $res as $row ) {
3319 $this->mFormerGroups[] = $row->ufg_group;
3320 }
3321 }
3322
3323 return $this->mFormerGroups;
3324 }
3325
3326 /**
3327 * Get the user's edit count.
3328 * @return int|null Null for anonymous users
3329 */
3330 public function getEditCount() {
3331 if ( !$this->getId() ) {
3332 return null;
3333 }
3334
3335 if ( $this->mEditCount === null ) {
3336 /* Populate the count, if it has not been populated yet */
3337 $dbr = wfGetDB( DB_SLAVE );
3338 // check if the user_editcount field has been initialized
3339 $count = $dbr->selectField(
3340 'user', 'user_editcount',
3341 [ 'user_id' => $this->mId ],
3342 __METHOD__
3343 );
3344
3345 if ( $count === null ) {
3346 // it has not been initialized. do so.
3347 $count = $this->initEditCount();
3348 }
3349 $this->mEditCount = $count;
3350 }
3351 return (int)$this->mEditCount;
3352 }
3353
3354 /**
3355 * Add the user to the given group.
3356 * This takes immediate effect.
3357 * @param string $group Name of the group to add
3358 * @return bool
3359 */
3360 public function addGroup( $group ) {
3361 $this->load();
3362
3363 if ( !Hooks::run( 'UserAddGroup', [ $this, &$group ] ) ) {
3364 return false;
3365 }
3366
3367 $dbw = wfGetDB( DB_MASTER );
3368 if ( $this->getId() ) {
3369 $dbw->insert( 'user_groups',
3370 [
3371 'ug_user' => $this->getId(),
3372 'ug_group' => $group,
3373 ],
3374 __METHOD__,
3375 [ 'IGNORE' ] );
3376 }
3377
3378 $this->loadGroups();
3379 $this->mGroups[] = $group;
3380 // In case loadGroups was not called before, we now have the right twice.
3381 // Get rid of the duplicate.
3382 $this->mGroups = array_unique( $this->mGroups );
3383
3384 // Refresh the groups caches, and clear the rights cache so it will be
3385 // refreshed on the next call to $this->getRights().
3386 $this->getEffectiveGroups( true );
3387 $this->mRights = null;
3388
3389 $this->invalidateCache();
3390
3391 return true;
3392 }
3393
3394 /**
3395 * Remove the user from the given group.
3396 * This takes immediate effect.
3397 * @param string $group Name of the group to remove
3398 * @return bool
3399 */
3400 public function removeGroup( $group ) {
3401 $this->load();
3402 if ( !Hooks::run( 'UserRemoveGroup', [ $this, &$group ] ) ) {
3403 return false;
3404 }
3405
3406 $dbw = wfGetDB( DB_MASTER );
3407 $dbw->delete( 'user_groups',
3408 [
3409 'ug_user' => $this->getId(),
3410 'ug_group' => $group,
3411 ], __METHOD__
3412 );
3413 // Remember that the user was in this group
3414 $dbw->insert( 'user_former_groups',
3415 [
3416 'ufg_user' => $this->getId(),
3417 'ufg_group' => $group,
3418 ],
3419 __METHOD__,
3420 [ 'IGNORE' ]
3421 );
3422
3423 $this->loadGroups();
3424 $this->mGroups = array_diff( $this->mGroups, [ $group ] );
3425
3426 // Refresh the groups caches, and clear the rights cache so it will be
3427 // refreshed on the next call to $this->getRights().
3428 $this->getEffectiveGroups( true );
3429 $this->mRights = null;
3430
3431 $this->invalidateCache();
3432
3433 return true;
3434 }
3435
3436 /**
3437 * Get whether the user is logged in
3438 * @return bool
3439 */
3440 public function isLoggedIn() {
3441 return $this->getId() != 0;
3442 }
3443
3444 /**
3445 * Get whether the user is anonymous
3446 * @return bool
3447 */
3448 public function isAnon() {
3449 return !$this->isLoggedIn();
3450 }
3451
3452 /**
3453 * @return bool Whether this user is flagged as being a bot role account
3454 * @since 1.28
3455 */
3456 public function isBot() {
3457 if ( in_array( 'bot', $this->getGroups() ) && $this->isAllowed( 'bot' ) ) {
3458 return true;
3459 }
3460
3461 $isBot = false;
3462 Hooks::run( "UserIsBot", [ $this, &$isBot ] );
3463
3464 return $isBot;
3465 }
3466
3467 /**
3468 * Check if user is allowed to access a feature / make an action
3469 *
3470 * @param string ... Permissions to test
3471 * @return bool True if user is allowed to perform *any* of the given actions
3472 */
3473 public function isAllowedAny() {
3474 $permissions = func_get_args();
3475 foreach ( $permissions as $permission ) {
3476 if ( $this->isAllowed( $permission ) ) {
3477 return true;
3478 }
3479 }
3480 return false;
3481 }
3482
3483 /**
3484 *
3485 * @param string ... Permissions to test
3486 * @return bool True if the user is allowed to perform *all* of the given actions
3487 */
3488 public function isAllowedAll() {
3489 $permissions = func_get_args();
3490 foreach ( $permissions as $permission ) {
3491 if ( !$this->isAllowed( $permission ) ) {
3492 return false;
3493 }
3494 }
3495 return true;
3496 }
3497
3498 /**
3499 * Internal mechanics of testing a permission
3500 * @param string $action
3501 * @return bool
3502 */
3503 public function isAllowed( $action = '' ) {
3504 if ( $action === '' ) {
3505 return true; // In the spirit of DWIM
3506 }
3507 // Use strict parameter to avoid matching numeric 0 accidentally inserted
3508 // by misconfiguration: 0 == 'foo'
3509 return in_array( $action, $this->getRights(), true );
3510 }
3511
3512 /**
3513 * Check whether to enable recent changes patrol features for this user
3514 * @return bool True or false
3515 */
3516 public function useRCPatrol() {
3517 global $wgUseRCPatrol;
3518 return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
3519 }
3520
3521 /**
3522 * Check whether to enable new pages patrol features for this user
3523 * @return bool True or false
3524 */
3525 public function useNPPatrol() {
3526 global $wgUseRCPatrol, $wgUseNPPatrol;
3527 return (
3528 ( $wgUseRCPatrol || $wgUseNPPatrol )
3529 && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) )
3530 );
3531 }
3532
3533 /**
3534 * Check whether to enable new files patrol features for this user
3535 * @return bool True or false
3536 */
3537 public function useFilePatrol() {
3538 global $wgUseRCPatrol, $wgUseFilePatrol;
3539 return (
3540 ( $wgUseRCPatrol || $wgUseFilePatrol )
3541 && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) )
3542 );
3543 }
3544
3545 /**
3546 * Get the WebRequest object to use with this object
3547 *
3548 * @return WebRequest
3549 */
3550 public function getRequest() {
3551 if ( $this->mRequest ) {
3552 return $this->mRequest;
3553 } else {
3554 global $wgRequest;
3555 return $wgRequest;
3556 }
3557 }
3558
3559 /**
3560 * Check the watched status of an article.
3561 * @since 1.22 $checkRights parameter added
3562 * @param Title $title Title of the article to look at
3563 * @param bool $checkRights Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
3564 * Pass User::CHECK_USER_RIGHTS or User::IGNORE_USER_RIGHTS.
3565 * @return bool
3566 */
3567 public function isWatched( $title, $checkRights = self::CHECK_USER_RIGHTS ) {
3568 if ( $title->isWatchable() && ( !$checkRights || $this->isAllowed( 'viewmywatchlist' ) ) ) {
3569 return MediaWikiServices::getInstance()->getWatchedItemStore()->isWatched( $this, $title );
3570 }
3571 return false;
3572 }
3573
3574 /**
3575 * Watch an article.
3576 * @since 1.22 $checkRights parameter added
3577 * @param Title $title Title of the article to look at
3578 * @param bool $checkRights Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
3579 * Pass User::CHECK_USER_RIGHTS or User::IGNORE_USER_RIGHTS.
3580 */
3581 public function addWatch( $title, $checkRights = self::CHECK_USER_RIGHTS ) {
3582 if ( !$checkRights || $this->isAllowed( 'editmywatchlist' ) ) {
3583 MediaWikiServices::getInstance()->getWatchedItemStore()->addWatchBatchForUser(
3584 $this,
3585 [ $title->getSubjectPage(), $title->getTalkPage() ]
3586 );
3587 }
3588 $this->invalidateCache();
3589 }
3590
3591 /**
3592 * Stop watching an article.
3593 * @since 1.22 $checkRights parameter added
3594 * @param Title $title Title of the article to look at
3595 * @param bool $checkRights Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
3596 * Pass User::CHECK_USER_RIGHTS or User::IGNORE_USER_RIGHTS.
3597 */
3598 public function removeWatch( $title, $checkRights = self::CHECK_USER_RIGHTS ) {
3599 if ( !$checkRights || $this->isAllowed( 'editmywatchlist' ) ) {
3600 $store = MediaWikiServices::getInstance()->getWatchedItemStore();
3601 $store->removeWatch( $this, $title->getSubjectPage() );
3602 $store->removeWatch( $this, $title->getTalkPage() );
3603 }
3604 $this->invalidateCache();
3605 }
3606
3607 /**
3608 * Clear the user's notification timestamp for the given title.
3609 * If e-notif e-mails are on, they will receive notification mails on
3610 * the next change of the page if it's watched etc.
3611 * @note If the user doesn't have 'editmywatchlist', this will do nothing.
3612 * @param Title $title Title of the article to look at
3613 * @param int $oldid The revision id being viewed. If not given or 0, latest revision is assumed.
3614 */
3615 public function clearNotification( &$title, $oldid = 0 ) {
3616 global $wgUseEnotif, $wgShowUpdatedMarker;
3617
3618 // Do nothing if the database is locked to writes
3619 if ( wfReadOnly() ) {
3620 return;
3621 }
3622
3623 // Do nothing if not allowed to edit the watchlist
3624 if ( !$this->isAllowed( 'editmywatchlist' ) ) {
3625 return;
3626 }
3627
3628 // If we're working on user's talk page, we should update the talk page message indicator
3629 if ( $title->getNamespace() == NS_USER_TALK && $title->getText() == $this->getName() ) {
3630 if ( !Hooks::run( 'UserClearNewTalkNotification', [ &$this, $oldid ] ) ) {
3631 return;
3632 }
3633
3634 // Try to update the DB post-send and only if needed...
3635 DeferredUpdates::addCallableUpdate( function() use ( $title, $oldid ) {
3636 if ( !$this->getNewtalk() ) {
3637 return; // no notifications to clear
3638 }
3639
3640 // Delete the last notifications (they stack up)
3641 $this->setNewtalk( false );
3642
3643 // If there is a new, unseen, revision, use its timestamp
3644 $nextid = $oldid
3645 ? $title->getNextRevisionID( $oldid, Title::GAID_FOR_UPDATE )
3646 : null;
3647 if ( $nextid ) {
3648 $this->setNewtalk( true, Revision::newFromId( $nextid ) );
3649 }
3650 } );
3651 }
3652
3653 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
3654 return;
3655 }
3656
3657 if ( $this->isAnon() ) {
3658 // Nothing else to do...
3659 return;
3660 }
3661
3662 // Only update the timestamp if the page is being watched.
3663 // The query to find out if it is watched is cached both in memcached and per-invocation,
3664 // and when it does have to be executed, it can be on a slave
3665 // If this is the user's newtalk page, we always update the timestamp
3666 $force = '';
3667 if ( $title->getNamespace() == NS_USER_TALK && $title->getText() == $this->getName() ) {
3668 $force = 'force';
3669 }
3670
3671 MediaWikiServices::getInstance()->getWatchedItemStore()
3672 ->resetNotificationTimestamp( $this, $title, $force, $oldid );
3673 }
3674
3675 /**
3676 * Resets all of the given user's page-change notification timestamps.
3677 * If e-notif e-mails are on, they will receive notification mails on
3678 * the next change of any watched page.
3679 * @note If the user doesn't have 'editmywatchlist', this will do nothing.
3680 */
3681 public function clearAllNotifications() {
3682 if ( wfReadOnly() ) {
3683 return;
3684 }
3685
3686 // Do nothing if not allowed to edit the watchlist
3687 if ( !$this->isAllowed( 'editmywatchlist' ) ) {
3688 return;
3689 }
3690
3691 global $wgUseEnotif, $wgShowUpdatedMarker;
3692 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
3693 $this->setNewtalk( false );
3694 return;
3695 }
3696 $id = $this->getId();
3697 if ( $id != 0 ) {
3698 $dbw = wfGetDB( DB_MASTER );
3699 $dbw->update( 'watchlist',
3700 [ /* SET */ 'wl_notificationtimestamp' => null ],
3701 [ /* WHERE */ 'wl_user' => $id, 'wl_notificationtimestamp IS NOT NULL' ],
3702 __METHOD__
3703 );
3704 // We also need to clear here the "you have new message" notification for the own user_talk page;
3705 // it's cleared one page view later in WikiPage::doViewUpdates().
3706 }
3707 }
3708
3709 /**
3710 * Set a cookie on the user's client. Wrapper for
3711 * WebResponse::setCookie
3712 * @deprecated since 1.27
3713 * @param string $name Name of the cookie to set
3714 * @param string $value Value to set
3715 * @param int $exp Expiration time, as a UNIX time value;
3716 * if 0 or not specified, use the default $wgCookieExpiration
3717 * @param bool $secure
3718 * true: Force setting the secure attribute when setting the cookie
3719 * false: Force NOT setting the secure attribute when setting the cookie
3720 * null (default): Use the default ($wgCookieSecure) to set the secure attribute
3721 * @param array $params Array of options sent passed to WebResponse::setcookie()
3722 * @param WebRequest|null $request WebRequest object to use; $wgRequest will be used if null
3723 * is passed.
3724 */
3725 protected function setCookie(
3726 $name, $value, $exp = 0, $secure = null, $params = [], $request = null
3727 ) {
3728 wfDeprecated( __METHOD__, '1.27' );
3729 if ( $request === null ) {
3730 $request = $this->getRequest();
3731 }
3732 $params['secure'] = $secure;
3733 $request->response()->setCookie( $name, $value, $exp, $params );
3734 }
3735
3736 /**
3737 * Clear a cookie on the user's client
3738 * @deprecated since 1.27
3739 * @param string $name Name of the cookie to clear
3740 * @param bool $secure
3741 * true: Force setting the secure attribute when setting the cookie
3742 * false: Force NOT setting the secure attribute when setting the cookie
3743 * null (default): Use the default ($wgCookieSecure) to set the secure attribute
3744 * @param array $params Array of options sent passed to WebResponse::setcookie()
3745 */
3746 protected function clearCookie( $name, $secure = null, $params = [] ) {
3747 wfDeprecated( __METHOD__, '1.27' );
3748 $this->setCookie( $name, '', time() - 86400, $secure, $params );
3749 }
3750
3751 /**
3752 * Set an extended login cookie on the user's client. The expiry of the cookie
3753 * is controlled by the $wgExtendedLoginCookieExpiration configuration
3754 * variable.
3755 *
3756 * @see User::setCookie
3757 *
3758 * @deprecated since 1.27
3759 * @param string $name Name of the cookie to set
3760 * @param string $value Value to set
3761 * @param bool $secure
3762 * true: Force setting the secure attribute when setting the cookie
3763 * false: Force NOT setting the secure attribute when setting the cookie
3764 * null (default): Use the default ($wgCookieSecure) to set the secure attribute
3765 */
3766 protected function setExtendedLoginCookie( $name, $value, $secure ) {
3767 global $wgExtendedLoginCookieExpiration, $wgCookieExpiration;
3768
3769 wfDeprecated( __METHOD__, '1.27' );
3770
3771 $exp = time();
3772 $exp += $wgExtendedLoginCookieExpiration !== null
3773 ? $wgExtendedLoginCookieExpiration
3774 : $wgCookieExpiration;
3775
3776 $this->setCookie( $name, $value, $exp, $secure );
3777 }
3778
3779 /**
3780 * Persist this user's session (e.g. set cookies)
3781 *
3782 * @param WebRequest|null $request WebRequest object to use; $wgRequest will be used if null
3783 * is passed.
3784 * @param bool $secure Whether to force secure/insecure cookies or use default
3785 * @param bool $rememberMe Whether to add a Token cookie for elongated sessions
3786 */
3787 public function setCookies( $request = null, $secure = null, $rememberMe = false ) {
3788 $this->load();
3789 if ( 0 == $this->mId ) {
3790 return;
3791 }
3792
3793 $session = $this->getRequest()->getSession();
3794 if ( $request && $session->getRequest() !== $request ) {
3795 $session = $session->sessionWithRequest( $request );
3796 }
3797 $delay = $session->delaySave();
3798
3799 if ( !$session->getUser()->equals( $this ) ) {
3800 if ( !$session->canSetUser() ) {
3801 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
3802 ->warning( __METHOD__ .
3803 ": Cannot save user \"$this\" to a user \"{$session->getUser()}\"'s immutable session"
3804 );
3805 return;
3806 }
3807 $session->setUser( $this );
3808 }
3809
3810 $session->setRememberUser( $rememberMe );
3811 if ( $secure !== null ) {
3812 $session->setForceHTTPS( $secure );
3813 }
3814
3815 $session->persist();
3816
3817 ScopedCallback::consume( $delay );
3818 }
3819
3820 /**
3821 * Log this user out.
3822 */
3823 public function logout() {
3824 if ( Hooks::run( 'UserLogout', [ &$this ] ) ) {
3825 $this->doLogout();
3826 }
3827 }
3828
3829 /**
3830 * Clear the user's session, and reset the instance cache.
3831 * @see logout()
3832 */
3833 public function doLogout() {
3834 $session = $this->getRequest()->getSession();
3835 if ( !$session->canSetUser() ) {
3836 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
3837 ->warning( __METHOD__ . ": Cannot log out of an immutable session" );
3838 $error = 'immutable';
3839 } elseif ( !$session->getUser()->equals( $this ) ) {
3840 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
3841 ->warning( __METHOD__ .
3842 ": Cannot log user \"$this\" out of a user \"{$session->getUser()}\"'s session"
3843 );
3844 // But we still may as well make this user object anon
3845 $this->clearInstanceCache( 'defaults' );
3846 $error = 'wronguser';
3847 } else {
3848 $this->clearInstanceCache( 'defaults' );
3849 $delay = $session->delaySave();
3850 $session->unpersist(); // Clear cookies (T127436)
3851 $session->setLoggedOutTimestamp( time() );
3852 $session->setUser( new User );
3853 $session->set( 'wsUserID', 0 ); // Other code expects this
3854 $session->resetAllTokens();
3855 ScopedCallback::consume( $delay );
3856 $error = false;
3857 }
3858 \MediaWiki\Logger\LoggerFactory::getInstance( 'authmanager' )->info( 'Logout', [
3859 'event' => 'logout',
3860 'successful' => $error === false,
3861 'status' => $error ?: 'success',
3862 ] );
3863 }
3864
3865 /**
3866 * Save this user's settings into the database.
3867 * @todo Only rarely do all these fields need to be set!
3868 */
3869 public function saveSettings() {
3870 if ( wfReadOnly() ) {
3871 // @TODO: caller should deal with this instead!
3872 // This should really just be an exception.
3873 MWExceptionHandler::logException( new DBExpectedError(
3874 null,
3875 "Could not update user with ID '{$this->mId}'; DB is read-only."
3876 ) );
3877 return;
3878 }
3879
3880 $this->load();
3881 if ( 0 == $this->mId ) {
3882 return; // anon
3883 }
3884
3885 // Get a new user_touched that is higher than the old one.
3886 // This will be used for a CAS check as a last-resort safety
3887 // check against race conditions and slave lag.
3888 $newTouched = $this->newTouchedTimestamp();
3889
3890 $dbw = wfGetDB( DB_MASTER );
3891 $dbw->update( 'user',
3892 [ /* SET */
3893 'user_name' => $this->mName,
3894 'user_real_name' => $this->mRealName,
3895 'user_email' => $this->mEmail,
3896 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
3897 'user_touched' => $dbw->timestamp( $newTouched ),
3898 'user_token' => strval( $this->mToken ),
3899 'user_email_token' => $this->mEmailToken,
3900 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
3901 ], $this->makeUpdateConditions( $dbw, [ /* WHERE */
3902 'user_id' => $this->mId,
3903 ] ), __METHOD__
3904 );
3905
3906 if ( !$dbw->affectedRows() ) {
3907 // Maybe the problem was a missed cache update; clear it to be safe
3908 $this->clearSharedCache( 'refresh' );
3909 // User was changed in the meantime or loaded with stale data
3910 $from = ( $this->queryFlagsUsed & self::READ_LATEST ) ? 'master' : 'slave';
3911 throw new MWException(
3912 "CAS update failed on user_touched for user ID '{$this->mId}' (read from $from);" .
3913 " the version of the user to be saved is older than the current version."
3914 );
3915 }
3916
3917 $this->mTouched = $newTouched;
3918 $this->saveOptions();
3919
3920 Hooks::run( 'UserSaveSettings', [ $this ] );
3921 $this->clearSharedCache();
3922 $this->getUserPage()->invalidateCache();
3923 }
3924
3925 /**
3926 * If only this user's username is known, and it exists, return the user ID.
3927 *
3928 * @param int $flags Bitfield of User:READ_* constants; useful for existence checks
3929 * @return int
3930 */
3931 public function idForName( $flags = 0 ) {
3932 $s = trim( $this->getName() );
3933 if ( $s === '' ) {
3934 return 0;
3935 }
3936
3937 $db = ( ( $flags & self::READ_LATEST ) == self::READ_LATEST )
3938 ? wfGetDB( DB_MASTER )
3939 : wfGetDB( DB_SLAVE );
3940
3941 $options = ( ( $flags & self::READ_LOCKING ) == self::READ_LOCKING )
3942 ? [ 'LOCK IN SHARE MODE' ]
3943 : [];
3944
3945 $id = $db->selectField( 'user',
3946 'user_id', [ 'user_name' => $s ], __METHOD__, $options );
3947
3948 return (int)$id;
3949 }
3950
3951 /**
3952 * Add a user to the database, return the user object
3953 *
3954 * @param string $name Username to add
3955 * @param array $params Array of Strings Non-default parameters to save to
3956 * the database as user_* fields:
3957 * - email: The user's email address.
3958 * - email_authenticated: The email authentication timestamp.
3959 * - real_name: The user's real name.
3960 * - options: An associative array of non-default options.
3961 * - token: Random authentication token. Do not set.
3962 * - registration: Registration timestamp. Do not set.
3963 *
3964 * @return User|null User object, or null if the username already exists.
3965 */
3966 public static function createNew( $name, $params = [] ) {
3967 foreach ( [ 'password', 'newpassword', 'newpass_time', 'password_expires' ] as $field ) {
3968 if ( isset( $params[$field] ) ) {
3969 wfDeprecated( __METHOD__ . " with param '$field'", '1.27' );
3970 unset( $params[$field] );
3971 }
3972 }
3973
3974 $user = new User;
3975 $user->load();
3976 $user->setToken(); // init token
3977 if ( isset( $params['options'] ) ) {
3978 $user->mOptions = $params['options'] + (array)$user->mOptions;
3979 unset( $params['options'] );
3980 }
3981 $dbw = wfGetDB( DB_MASTER );
3982 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
3983
3984 $noPass = PasswordFactory::newInvalidPassword()->toString();
3985
3986 $fields = [
3987 'user_id' => $seqVal,
3988 'user_name' => $name,
3989 'user_password' => $noPass,
3990 'user_newpassword' => $noPass,
3991 'user_email' => $user->mEmail,
3992 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
3993 'user_real_name' => $user->mRealName,
3994 'user_token' => strval( $user->mToken ),
3995 'user_registration' => $dbw->timestamp( $user->mRegistration ),
3996 'user_editcount' => 0,
3997 'user_touched' => $dbw->timestamp( $user->newTouchedTimestamp() ),
3998 ];
3999 foreach ( $params as $name => $value ) {
4000 $fields["user_$name"] = $value;
4001 }
4002 $dbw->insert( 'user', $fields, __METHOD__, [ 'IGNORE' ] );
4003 if ( $dbw->affectedRows() ) {
4004 $newUser = User::newFromId( $dbw->insertId() );
4005 } else {
4006 $newUser = null;
4007 }
4008 return $newUser;
4009 }
4010
4011 /**
4012 * Add this existing user object to the database. If the user already
4013 * exists, a fatal status object is returned, and the user object is
4014 * initialised with the data from the database.
4015 *
4016 * Previously, this function generated a DB error due to a key conflict
4017 * if the user already existed. Many extension callers use this function
4018 * in code along the lines of:
4019 *
4020 * $user = User::newFromName( $name );
4021 * if ( !$user->isLoggedIn() ) {
4022 * $user->addToDatabase();
4023 * }
4024 * // do something with $user...
4025 *
4026 * However, this was vulnerable to a race condition (bug 16020). By
4027 * initialising the user object if the user exists, we aim to support this
4028 * calling sequence as far as possible.
4029 *
4030 * Note that if the user exists, this function will acquire a write lock,
4031 * so it is still advisable to make the call conditional on isLoggedIn(),
4032 * and to commit the transaction after calling.
4033 *
4034 * @throws MWException
4035 * @return Status
4036 */
4037 public function addToDatabase() {
4038 $this->load();
4039 if ( !$this->mToken ) {
4040 $this->setToken(); // init token
4041 }
4042
4043 $this->mTouched = $this->newTouchedTimestamp();
4044
4045 $noPass = PasswordFactory::newInvalidPassword()->toString();
4046
4047 $dbw = wfGetDB( DB_MASTER );
4048 $inWrite = $dbw->writesOrCallbacksPending();
4049 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
4050 $dbw->insert( 'user',
4051 [
4052 'user_id' => $seqVal,
4053 'user_name' => $this->mName,
4054 'user_password' => $noPass,
4055 'user_newpassword' => $noPass,
4056 'user_email' => $this->mEmail,
4057 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
4058 'user_real_name' => $this->mRealName,
4059 'user_token' => strval( $this->mToken ),
4060 'user_registration' => $dbw->timestamp( $this->mRegistration ),
4061 'user_editcount' => 0,
4062 'user_touched' => $dbw->timestamp( $this->mTouched ),
4063 ], __METHOD__,
4064 [ 'IGNORE' ]
4065 );
4066 if ( !$dbw->affectedRows() ) {
4067 // The queries below cannot happen in the same REPEATABLE-READ snapshot.
4068 // Handle this by COMMIT, if possible, or by LOCK IN SHARE MODE otherwise.
4069 if ( $inWrite ) {
4070 // Can't commit due to pending writes that may need atomicity.
4071 // This may cause some lock contention unlike the case below.
4072 $options = [ 'LOCK IN SHARE MODE' ];
4073 $flags = self::READ_LOCKING;
4074 } else {
4075 // Often, this case happens early in views before any writes when
4076 // using CentralAuth. It's should be OK to commit and break the snapshot.
4077 $dbw->commit( __METHOD__, 'flush' );
4078 $options = [];
4079 $flags = self::READ_LATEST;
4080 }
4081 $this->mId = $dbw->selectField( 'user', 'user_id',
4082 [ 'user_name' => $this->mName ], __METHOD__, $options );
4083 $loaded = false;
4084 if ( $this->mId ) {
4085 if ( $this->loadFromDatabase( $flags ) ) {
4086 $loaded = true;
4087 }
4088 }
4089 if ( !$loaded ) {
4090 throw new MWException( __METHOD__ . ": hit a key conflict attempting " .
4091 "to insert user '{$this->mName}' row, but it was not present in select!" );
4092 }
4093 return Status::newFatal( 'userexists' );
4094 }
4095 $this->mId = $dbw->insertId();
4096 self::$idCacheByName[$this->mName] = $this->mId;
4097
4098 // Clear instance cache other than user table data, which is already accurate
4099 $this->clearInstanceCache();
4100
4101 $this->saveOptions();
4102 return Status::newGood();
4103 }
4104
4105 /**
4106 * If this user is logged-in and blocked,
4107 * block any IP address they've successfully logged in from.
4108 * @return bool A block was spread
4109 */
4110 public function spreadAnyEditBlock() {
4111 if ( $this->isLoggedIn() && $this->isBlocked() ) {
4112 return $this->spreadBlock();
4113 }
4114
4115 return false;
4116 }
4117
4118 /**
4119 * If this (non-anonymous) user is blocked,
4120 * block the IP address they've successfully logged in from.
4121 * @return bool A block was spread
4122 */
4123 protected function spreadBlock() {
4124 wfDebug( __METHOD__ . "()\n" );
4125 $this->load();
4126 if ( $this->mId == 0 ) {
4127 return false;
4128 }
4129
4130 $userblock = Block::newFromTarget( $this->getName() );
4131 if ( !$userblock ) {
4132 return false;
4133 }
4134
4135 return (bool)$userblock->doAutoblock( $this->getRequest()->getIP() );
4136 }
4137
4138 /**
4139 * Get whether the user is explicitly blocked from account creation.
4140 * @return bool|Block
4141 */
4142 public function isBlockedFromCreateAccount() {
4143 $this->getBlockedStatus();
4144 if ( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ) {
4145 return $this->mBlock;
4146 }
4147
4148 # bug 13611: if the IP address the user is trying to create an account from is
4149 # blocked with createaccount disabled, prevent new account creation there even
4150 # when the user is logged in
4151 if ( $this->mBlockedFromCreateAccount === false && !$this->isAllowed( 'ipblock-exempt' ) ) {
4152 $this->mBlockedFromCreateAccount = Block::newFromTarget( null, $this->getRequest()->getIP() );
4153 }
4154 return $this->mBlockedFromCreateAccount instanceof Block
4155 && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
4156 ? $this->mBlockedFromCreateAccount
4157 : false;
4158 }
4159
4160 /**
4161 * Get whether the user is blocked from using Special:Emailuser.
4162 * @return bool
4163 */
4164 public function isBlockedFromEmailuser() {
4165 $this->getBlockedStatus();
4166 return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
4167 }
4168
4169 /**
4170 * Get whether the user is allowed to create an account.
4171 * @return bool
4172 */
4173 public function isAllowedToCreateAccount() {
4174 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
4175 }
4176
4177 /**
4178 * Get this user's personal page title.
4179 *
4180 * @return Title User's personal page title
4181 */
4182 public function getUserPage() {
4183 return Title::makeTitle( NS_USER, $this->getName() );
4184 }
4185
4186 /**
4187 * Get this user's talk page title.
4188 *
4189 * @return Title User's talk page title
4190 */
4191 public function getTalkPage() {
4192 $title = $this->getUserPage();
4193 return $title->getTalkPage();
4194 }
4195
4196 /**
4197 * Determine whether the user is a newbie. Newbies are either
4198 * anonymous IPs, or the most recently created accounts.
4199 * @return bool
4200 */
4201 public function isNewbie() {
4202 return !$this->isAllowed( 'autoconfirmed' );
4203 }
4204
4205 /**
4206 * Check to see if the given clear-text password is one of the accepted passwords
4207 * @deprecated since 1.27, use AuthManager instead
4208 * @param string $password User password
4209 * @return bool True if the given password is correct, otherwise False
4210 */
4211 public function checkPassword( $password ) {
4212 global $wgAuth, $wgLegacyEncoding, $wgDisableAuthManager;
4213
4214 if ( $wgDisableAuthManager ) {
4215 $this->load();
4216
4217 // Some passwords will give a fatal Status, which means there is
4218 // some sort of technical or security reason for this password to
4219 // be completely invalid and should never be checked (e.g., T64685)
4220 if ( !$this->checkPasswordValidity( $password )->isOK() ) {
4221 return false;
4222 }
4223
4224 // Certain authentication plugins do NOT want to save
4225 // domain passwords in a mysql database, so we should
4226 // check this (in case $wgAuth->strict() is false).
4227 if ( $wgAuth->authenticate( $this->getName(), $password ) ) {
4228 return true;
4229 } elseif ( $wgAuth->strict() ) {
4230 // Auth plugin doesn't allow local authentication
4231 return false;
4232 } elseif ( $wgAuth->strictUserAuth( $this->getName() ) ) {
4233 // Auth plugin doesn't allow local authentication for this user name
4234 return false;
4235 }
4236
4237 $passwordFactory = new PasswordFactory();
4238 $passwordFactory->init( RequestContext::getMain()->getConfig() );
4239 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
4240 ? wfGetDB( DB_MASTER )
4241 : wfGetDB( DB_SLAVE );
4242
4243 try {
4244 $mPassword = $passwordFactory->newFromCiphertext( $db->selectField(
4245 'user', 'user_password', [ 'user_id' => $this->getId() ], __METHOD__
4246 ) );
4247 } catch ( PasswordError $e ) {
4248 wfDebug( 'Invalid password hash found in database.' );
4249 $mPassword = PasswordFactory::newInvalidPassword();
4250 }
4251
4252 if ( !$mPassword->equals( $password ) ) {
4253 if ( $wgLegacyEncoding ) {
4254 // Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
4255 // Check for this with iconv
4256 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
4257 if ( $cp1252Password === $password || !$mPassword->equals( $cp1252Password ) ) {
4258 return false;
4259 }
4260 } else {
4261 return false;
4262 }
4263 }
4264
4265 if ( $passwordFactory->needsUpdate( $mPassword ) && !wfReadOnly() ) {
4266 $this->setPasswordInternal( $password );
4267 }
4268
4269 return true;
4270 } else {
4271 $manager = AuthManager::singleton();
4272 $reqs = AuthenticationRequest::loadRequestsFromSubmission(
4273 $manager->getAuthenticationRequests( AuthManager::ACTION_LOGIN ),
4274 [
4275 'username' => $this->getName(),
4276 'password' => $password,
4277 ]
4278 );
4279 $res = AuthManager::singleton()->beginAuthentication( $reqs, 'null:' );
4280 switch ( $res->status ) {
4281 case AuthenticationResponse::PASS:
4282 return true;
4283 case AuthenticationResponse::FAIL:
4284 // Hope it's not a PreAuthenticationProvider that failed...
4285 \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' )
4286 ->info( __METHOD__ . ': Authentication failed: ' . $res->message->plain() );
4287 return false;
4288 default:
4289 throw new BadMethodCallException(
4290 'AuthManager returned a response unsupported by ' . __METHOD__
4291 );
4292 }
4293 }
4294 }
4295
4296 /**
4297 * Check if the given clear-text password matches the temporary password
4298 * sent by e-mail for password reset operations.
4299 *
4300 * @deprecated since 1.27, use AuthManager instead
4301 * @param string $plaintext
4302 * @return bool True if matches, false otherwise
4303 */
4304 public function checkTemporaryPassword( $plaintext ) {
4305 global $wgNewPasswordExpiry, $wgDisableAuthManager;
4306
4307 if ( $wgDisableAuthManager ) {
4308 $this->load();
4309
4310 $passwordFactory = new PasswordFactory();
4311 $passwordFactory->init( RequestContext::getMain()->getConfig() );
4312 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
4313 ? wfGetDB( DB_MASTER )
4314 : wfGetDB( DB_SLAVE );
4315
4316 $row = $db->selectRow(
4317 'user',
4318 [ 'user_newpassword', 'user_newpass_time' ],
4319 [ 'user_id' => $this->getId() ],
4320 __METHOD__
4321 );
4322 try {
4323 $newPassword = $passwordFactory->newFromCiphertext( $row->user_newpassword );
4324 } catch ( PasswordError $e ) {
4325 wfDebug( 'Invalid password hash found in database.' );
4326 $newPassword = PasswordFactory::newInvalidPassword();
4327 }
4328
4329 if ( $newPassword->equals( $plaintext ) ) {
4330 if ( is_null( $row->user_newpass_time ) ) {
4331 return true;
4332 }
4333 $expiry = wfTimestamp( TS_UNIX, $row->user_newpass_time ) + $wgNewPasswordExpiry;
4334 return ( time() < $expiry );
4335 } else {
4336 return false;
4337 }
4338 } else {
4339 // Can't check the temporary password individually.
4340 return $this->checkPassword( $plaintext );
4341 }
4342 }
4343
4344 /**
4345 * Initialize (if necessary) and return a session token value
4346 * which can be used in edit forms to show that the user's
4347 * login credentials aren't being hijacked with a foreign form
4348 * submission.
4349 *
4350 * @since 1.27
4351 * @param string|array $salt Array of Strings Optional function-specific data for hashing
4352 * @param WebRequest|null $request WebRequest object to use or null to use $wgRequest
4353 * @return MediaWiki\Session\Token The new edit token
4354 */
4355 public function getEditTokenObject( $salt = '', $request = null ) {
4356 if ( $this->isAnon() ) {
4357 return new LoggedOutEditToken();
4358 }
4359
4360 if ( !$request ) {
4361 $request = $this->getRequest();
4362 }
4363 return $request->getSession()->getToken( $salt );
4364 }
4365
4366 /**
4367 * Initialize (if necessary) and return a session token value
4368 * which can be used in edit forms to show that the user's
4369 * login credentials aren't being hijacked with a foreign form
4370 * submission.
4371 *
4372 * @since 1.19
4373 * @param string|array $salt Array of Strings Optional function-specific data for hashing
4374 * @param WebRequest|null $request WebRequest object to use or null to use $wgRequest
4375 * @return string The new edit token
4376 */
4377 public function getEditToken( $salt = '', $request = null ) {
4378 return $this->getEditTokenObject( $salt, $request )->toString();
4379 }
4380
4381 /**
4382 * Get the embedded timestamp from a token.
4383 * @deprecated since 1.27, use \MediaWiki\Session\Token::getTimestamp instead.
4384 * @param string $val Input token
4385 * @return int|null
4386 */
4387 public static function getEditTokenTimestamp( $val ) {
4388 wfDeprecated( __METHOD__, '1.27' );
4389 return MediaWiki\Session\Token::getTimestamp( $val );
4390 }
4391
4392 /**
4393 * Check given value against the token value stored in the session.
4394 * A match should confirm that the form was submitted from the
4395 * user's own login session, not a form submission from a third-party
4396 * site.
4397 *
4398 * @param string $val Input value to compare
4399 * @param string $salt Optional function-specific data for hashing
4400 * @param WebRequest|null $request Object to use or null to use $wgRequest
4401 * @param int $maxage Fail tokens older than this, in seconds
4402 * @return bool Whether the token matches
4403 */
4404 public function matchEditToken( $val, $salt = '', $request = null, $maxage = null ) {
4405 return $this->getEditTokenObject( $salt, $request )->match( $val, $maxage );
4406 }
4407
4408 /**
4409 * Check given value against the token value stored in the session,
4410 * ignoring the suffix.
4411 *
4412 * @param string $val Input value to compare
4413 * @param string $salt Optional function-specific data for hashing
4414 * @param WebRequest|null $request Object to use or null to use $wgRequest
4415 * @param int $maxage Fail tokens older than this, in seconds
4416 * @return bool Whether the token matches
4417 */
4418 public function matchEditTokenNoSuffix( $val, $salt = '', $request = null, $maxage = null ) {
4419 $val = substr( $val, 0, strspn( $val, '0123456789abcdef' ) ) . Token::SUFFIX;
4420 return $this->matchEditToken( $val, $salt, $request, $maxage );
4421 }
4422
4423 /**
4424 * Generate a new e-mail confirmation token and send a confirmation/invalidation
4425 * mail to the user's given address.
4426 *
4427 * @param string $type Message to send, either "created", "changed" or "set"
4428 * @return Status
4429 */
4430 public function sendConfirmationMail( $type = 'created' ) {
4431 global $wgLang;
4432 $expiration = null; // gets passed-by-ref and defined in next line.
4433 $token = $this->confirmationToken( $expiration );
4434 $url = $this->confirmationTokenUrl( $token );
4435 $invalidateURL = $this->invalidationTokenUrl( $token );
4436 $this->saveSettings();
4437
4438 if ( $type == 'created' || $type === false ) {
4439 $message = 'confirmemail_body';
4440 } elseif ( $type === true ) {
4441 $message = 'confirmemail_body_changed';
4442 } else {
4443 // Messages: confirmemail_body_changed, confirmemail_body_set
4444 $message = 'confirmemail_body_' . $type;
4445 }
4446
4447 return $this->sendMail( wfMessage( 'confirmemail_subject' )->text(),
4448 wfMessage( $message,
4449 $this->getRequest()->getIP(),
4450 $this->getName(),
4451 $url,
4452 $wgLang->userTimeAndDate( $expiration, $this ),
4453 $invalidateURL,
4454 $wgLang->userDate( $expiration, $this ),
4455 $wgLang->userTime( $expiration, $this ) )->text() );
4456 }
4457
4458 /**
4459 * Send an e-mail to this user's account. Does not check for
4460 * confirmed status or validity.
4461 *
4462 * @param string $subject Message subject
4463 * @param string $body Message body
4464 * @param User|null $from Optional sending user; if unspecified, default
4465 * $wgPasswordSender will be used.
4466 * @param string $replyto Reply-To address
4467 * @return Status
4468 */
4469 public function sendMail( $subject, $body, $from = null, $replyto = null ) {
4470 global $wgPasswordSender;
4471
4472 if ( $from instanceof User ) {
4473 $sender = MailAddress::newFromUser( $from );
4474 } else {
4475 $sender = new MailAddress( $wgPasswordSender,
4476 wfMessage( 'emailsender' )->inContentLanguage()->text() );
4477 }
4478 $to = MailAddress::newFromUser( $this );
4479
4480 return UserMailer::send( $to, $sender, $subject, $body, [
4481 'replyTo' => $replyto,
4482 ] );
4483 }
4484
4485 /**
4486 * Generate, store, and return a new e-mail confirmation code.
4487 * A hash (unsalted, since it's used as a key) is stored.
4488 *
4489 * @note Call saveSettings() after calling this function to commit
4490 * this change to the database.
4491 *
4492 * @param string &$expiration Accepts the expiration time
4493 * @return string New token
4494 */
4495 protected function confirmationToken( &$expiration ) {
4496 global $wgUserEmailConfirmationTokenExpiry;
4497 $now = time();
4498 $expires = $now + $wgUserEmailConfirmationTokenExpiry;
4499 $expiration = wfTimestamp( TS_MW, $expires );
4500 $this->load();
4501 $token = MWCryptRand::generateHex( 32 );
4502 $hash = md5( $token );
4503 $this->mEmailToken = $hash;
4504 $this->mEmailTokenExpires = $expiration;
4505 return $token;
4506 }
4507
4508 /**
4509 * Return a URL the user can use to confirm their email address.
4510 * @param string $token Accepts the email confirmation token
4511 * @return string New token URL
4512 */
4513 protected function confirmationTokenUrl( $token ) {
4514 return $this->getTokenUrl( 'ConfirmEmail', $token );
4515 }
4516
4517 /**
4518 * Return a URL the user can use to invalidate their email address.
4519 * @param string $token Accepts the email confirmation token
4520 * @return string New token URL
4521 */
4522 protected function invalidationTokenUrl( $token ) {
4523 return $this->getTokenUrl( 'InvalidateEmail', $token );
4524 }
4525
4526 /**
4527 * Internal function to format the e-mail validation/invalidation URLs.
4528 * This uses a quickie hack to use the
4529 * hardcoded English names of the Special: pages, for ASCII safety.
4530 *
4531 * @note Since these URLs get dropped directly into emails, using the
4532 * short English names avoids insanely long URL-encoded links, which
4533 * also sometimes can get corrupted in some browsers/mailers
4534 * (bug 6957 with Gmail and Internet Explorer).
4535 *
4536 * @param string $page Special page
4537 * @param string $token Token
4538 * @return string Formatted URL
4539 */
4540 protected function getTokenUrl( $page, $token ) {
4541 // Hack to bypass localization of 'Special:'
4542 $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" );
4543 return $title->getCanonicalURL();
4544 }
4545
4546 /**
4547 * Mark the e-mail address confirmed.
4548 *
4549 * @note Call saveSettings() after calling this function to commit the change.
4550 *
4551 * @return bool
4552 */
4553 public function confirmEmail() {
4554 // Check if it's already confirmed, so we don't touch the database
4555 // and fire the ConfirmEmailComplete hook on redundant confirmations.
4556 if ( !$this->isEmailConfirmed() ) {
4557 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
4558 Hooks::run( 'ConfirmEmailComplete', [ $this ] );
4559 }
4560 return true;
4561 }
4562
4563 /**
4564 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
4565 * address if it was already confirmed.
4566 *
4567 * @note Call saveSettings() after calling this function to commit the change.
4568 * @return bool Returns true
4569 */
4570 public function invalidateEmail() {
4571 $this->load();
4572 $this->mEmailToken = null;
4573 $this->mEmailTokenExpires = null;
4574 $this->setEmailAuthenticationTimestamp( null );
4575 $this->mEmail = '';
4576 Hooks::run( 'InvalidateEmailComplete', [ $this ] );
4577 return true;
4578 }
4579
4580 /**
4581 * Set the e-mail authentication timestamp.
4582 * @param string $timestamp TS_MW timestamp
4583 */
4584 public function setEmailAuthenticationTimestamp( $timestamp ) {
4585 $this->load();
4586 $this->mEmailAuthenticated = $timestamp;
4587 Hooks::run( 'UserSetEmailAuthenticationTimestamp', [ $this, &$this->mEmailAuthenticated ] );
4588 }
4589
4590 /**
4591 * Is this user allowed to send e-mails within limits of current
4592 * site configuration?
4593 * @return bool
4594 */
4595 public function canSendEmail() {
4596 global $wgEnableEmail, $wgEnableUserEmail;
4597 if ( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
4598 return false;
4599 }
4600 $canSend = $this->isEmailConfirmed();
4601 Hooks::run( 'UserCanSendEmail', [ &$this, &$canSend ] );
4602 return $canSend;
4603 }
4604
4605 /**
4606 * Is this user allowed to receive e-mails within limits of current
4607 * site configuration?
4608 * @return bool
4609 */
4610 public function canReceiveEmail() {
4611 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
4612 }
4613
4614 /**
4615 * Is this user's e-mail address valid-looking and confirmed within
4616 * limits of the current site configuration?
4617 *
4618 * @note If $wgEmailAuthentication is on, this may require the user to have
4619 * confirmed their address by returning a code or using a password
4620 * sent to the address from the wiki.
4621 *
4622 * @return bool
4623 */
4624 public function isEmailConfirmed() {
4625 global $wgEmailAuthentication;
4626 $this->load();
4627 $confirmed = true;
4628 if ( Hooks::run( 'EmailConfirmed', [ &$this, &$confirmed ] ) ) {
4629 if ( $this->isAnon() ) {
4630 return false;
4631 }
4632 if ( !Sanitizer::validateEmail( $this->mEmail ) ) {
4633 return false;
4634 }
4635 if ( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() ) {
4636 return false;
4637 }
4638 return true;
4639 } else {
4640 return $confirmed;
4641 }
4642 }
4643
4644 /**
4645 * Check whether there is an outstanding request for e-mail confirmation.
4646 * @return bool
4647 */
4648 public function isEmailConfirmationPending() {
4649 global $wgEmailAuthentication;
4650 return $wgEmailAuthentication &&
4651 !$this->isEmailConfirmed() &&
4652 $this->mEmailToken &&
4653 $this->mEmailTokenExpires > wfTimestamp();
4654 }
4655
4656 /**
4657 * Get the timestamp of account creation.
4658 *
4659 * @return string|bool|null Timestamp of account creation, false for
4660 * non-existent/anonymous user accounts, or null if existing account
4661 * but information is not in database.
4662 */
4663 public function getRegistration() {
4664 if ( $this->isAnon() ) {
4665 return false;
4666 }
4667 $this->load();
4668 return $this->mRegistration;
4669 }
4670
4671 /**
4672 * Get the timestamp of the first edit
4673 *
4674 * @return string|bool Timestamp of first edit, or false for
4675 * non-existent/anonymous user accounts.
4676 */
4677 public function getFirstEditTimestamp() {
4678 if ( $this->getId() == 0 ) {
4679 return false; // anons
4680 }
4681 $dbr = wfGetDB( DB_SLAVE );
4682 $time = $dbr->selectField( 'revision', 'rev_timestamp',
4683 [ 'rev_user' => $this->getId() ],
4684 __METHOD__,
4685 [ 'ORDER BY' => 'rev_timestamp ASC' ]
4686 );
4687 if ( !$time ) {
4688 return false; // no edits
4689 }
4690 return wfTimestamp( TS_MW, $time );
4691 }
4692
4693 /**
4694 * Get the permissions associated with a given list of groups
4695 *
4696 * @param array $groups Array of Strings List of internal group names
4697 * @return array Array of Strings List of permission key names for given groups combined
4698 */
4699 public static function getGroupPermissions( $groups ) {
4700 global $wgGroupPermissions, $wgRevokePermissions;
4701 $rights = [];
4702 // grant every granted permission first
4703 foreach ( $groups as $group ) {
4704 if ( isset( $wgGroupPermissions[$group] ) ) {
4705 $rights = array_merge( $rights,
4706 // array_filter removes empty items
4707 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
4708 }
4709 }
4710 // now revoke the revoked permissions
4711 foreach ( $groups as $group ) {
4712 if ( isset( $wgRevokePermissions[$group] ) ) {
4713 $rights = array_diff( $rights,
4714 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
4715 }
4716 }
4717 return array_unique( $rights );
4718 }
4719
4720 /**
4721 * Get all the groups who have a given permission
4722 *
4723 * @param string $role Role to check
4724 * @return array Array of Strings List of internal group names with the given permission
4725 */
4726 public static function getGroupsWithPermission( $role ) {
4727 global $wgGroupPermissions;
4728 $allowedGroups = [];
4729 foreach ( array_keys( $wgGroupPermissions ) as $group ) {
4730 if ( self::groupHasPermission( $group, $role ) ) {
4731 $allowedGroups[] = $group;
4732 }
4733 }
4734 return $allowedGroups;
4735 }
4736
4737 /**
4738 * Check, if the given group has the given permission
4739 *
4740 * If you're wanting to check whether all users have a permission, use
4741 * User::isEveryoneAllowed() instead. That properly checks if it's revoked
4742 * from anyone.
4743 *
4744 * @since 1.21
4745 * @param string $group Group to check
4746 * @param string $role Role to check
4747 * @return bool
4748 */
4749 public static function groupHasPermission( $group, $role ) {
4750 global $wgGroupPermissions, $wgRevokePermissions;
4751 return isset( $wgGroupPermissions[$group][$role] ) && $wgGroupPermissions[$group][$role]
4752 && !( isset( $wgRevokePermissions[$group][$role] ) && $wgRevokePermissions[$group][$role] );
4753 }
4754
4755 /**
4756 * Check if all users may be assumed to have the given permission
4757 *
4758 * We generally assume so if the right is granted to '*' and isn't revoked
4759 * on any group. It doesn't attempt to take grants or other extension
4760 * limitations on rights into account in the general case, though, as that
4761 * would require it to always return false and defeat the purpose.
4762 * Specifically, session-based rights restrictions (such as OAuth or bot
4763 * passwords) are applied based on the current session.
4764 *
4765 * @since 1.22
4766 * @param string $right Right to check
4767 * @return bool
4768 */
4769 public static function isEveryoneAllowed( $right ) {
4770 global $wgGroupPermissions, $wgRevokePermissions;
4771 static $cache = [];
4772
4773 // Use the cached results, except in unit tests which rely on
4774 // being able change the permission mid-request
4775 if ( isset( $cache[$right] ) && !defined( 'MW_PHPUNIT_TEST' ) ) {
4776 return $cache[$right];
4777 }
4778
4779 if ( !isset( $wgGroupPermissions['*'][$right] ) || !$wgGroupPermissions['*'][$right] ) {
4780 $cache[$right] = false;
4781 return false;
4782 }
4783
4784 // If it's revoked anywhere, then everyone doesn't have it
4785 foreach ( $wgRevokePermissions as $rights ) {
4786 if ( isset( $rights[$right] ) && $rights[$right] ) {
4787 $cache[$right] = false;
4788 return false;
4789 }
4790 }
4791
4792 // Remove any rights that aren't allowed to the global-session user,
4793 // unless there are no sessions for this endpoint.
4794 if ( !defined( 'MW_NO_SESSION' ) ) {
4795 $allowedRights = SessionManager::getGlobalSession()->getAllowedUserRights();
4796 if ( $allowedRights !== null && !in_array( $right, $allowedRights, true ) ) {
4797 $cache[$right] = false;
4798 return false;
4799 }
4800 }
4801
4802 // Allow extensions to say false
4803 if ( !Hooks::run( 'UserIsEveryoneAllowed', [ $right ] ) ) {
4804 $cache[$right] = false;
4805 return false;
4806 }
4807
4808 $cache[$right] = true;
4809 return true;
4810 }
4811
4812 /**
4813 * Get the localized descriptive name for a group, if it exists
4814 *
4815 * @param string $group Internal group name
4816 * @return string Localized descriptive group name
4817 */
4818 public static function getGroupName( $group ) {
4819 $msg = wfMessage( "group-$group" );
4820 return $msg->isBlank() ? $group : $msg->text();
4821 }
4822
4823 /**
4824 * Get the localized descriptive name for a member of a group, if it exists
4825 *
4826 * @param string $group Internal group name
4827 * @param string $username Username for gender (since 1.19)
4828 * @return string Localized name for group member
4829 */
4830 public static function getGroupMember( $group, $username = '#' ) {
4831 $msg = wfMessage( "group-$group-member", $username );
4832 return $msg->isBlank() ? $group : $msg->text();
4833 }
4834
4835 /**
4836 * Return the set of defined explicit groups.
4837 * The implicit groups (by default *, 'user' and 'autoconfirmed')
4838 * are not included, as they are defined automatically, not in the database.
4839 * @return array Array of internal group names
4840 */
4841 public static function getAllGroups() {
4842 global $wgGroupPermissions, $wgRevokePermissions;
4843 return array_diff(
4844 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
4845 self::getImplicitGroups()
4846 );
4847 }
4848
4849 /**
4850 * Get a list of all available permissions.
4851 * @return string[] Array of permission names
4852 */
4853 public static function getAllRights() {
4854 if ( self::$mAllRights === false ) {
4855 global $wgAvailableRights;
4856 if ( count( $wgAvailableRights ) ) {
4857 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
4858 } else {
4859 self::$mAllRights = self::$mCoreRights;
4860 }
4861 Hooks::run( 'UserGetAllRights', [ &self::$mAllRights ] );
4862 }
4863 return self::$mAllRights;
4864 }
4865
4866 /**
4867 * Get a list of implicit groups
4868 * @return array Array of Strings Array of internal group names
4869 */
4870 public static function getImplicitGroups() {
4871 global $wgImplicitGroups;
4872
4873 $groups = $wgImplicitGroups;
4874 # Deprecated, use $wgImplicitGroups instead
4875 Hooks::run( 'UserGetImplicitGroups', [ &$groups ], '1.25' );
4876
4877 return $groups;
4878 }
4879
4880 /**
4881 * Get the title of a page describing a particular group
4882 *
4883 * @param string $group Internal group name
4884 * @return Title|bool Title of the page if it exists, false otherwise
4885 */
4886 public static function getGroupPage( $group ) {
4887 $msg = wfMessage( 'grouppage-' . $group )->inContentLanguage();
4888 if ( $msg->exists() ) {
4889 $title = Title::newFromText( $msg->text() );
4890 if ( is_object( $title ) ) {
4891 return $title;
4892 }
4893 }
4894 return false;
4895 }
4896
4897 /**
4898 * Create a link to the group in HTML, if available;
4899 * else return the group name.
4900 *
4901 * @param string $group Internal name of the group
4902 * @param string $text The text of the link
4903 * @return string HTML link to the group
4904 */
4905 public static function makeGroupLinkHTML( $group, $text = '' ) {
4906 if ( $text == '' ) {
4907 $text = self::getGroupName( $group );
4908 }
4909 $title = self::getGroupPage( $group );
4910 if ( $title ) {
4911 return Linker::link( $title, htmlspecialchars( $text ) );
4912 } else {
4913 return htmlspecialchars( $text );
4914 }
4915 }
4916
4917 /**
4918 * Create a link to the group in Wikitext, if available;
4919 * else return the group name.
4920 *
4921 * @param string $group Internal name of the group
4922 * @param string $text The text of the link
4923 * @return string Wikilink to the group
4924 */
4925 public static function makeGroupLinkWiki( $group, $text = '' ) {
4926 if ( $text == '' ) {
4927 $text = self::getGroupName( $group );
4928 }
4929 $title = self::getGroupPage( $group );
4930 if ( $title ) {
4931 $page = $title->getFullText();
4932 return "[[$page|$text]]";
4933 } else {
4934 return $text;
4935 }
4936 }
4937
4938 /**
4939 * Returns an array of the groups that a particular group can add/remove.
4940 *
4941 * @param string $group The group to check for whether it can add/remove
4942 * @return array Array( 'add' => array( addablegroups ),
4943 * 'remove' => array( removablegroups ),
4944 * 'add-self' => array( addablegroups to self),
4945 * 'remove-self' => array( removable groups from self) )
4946 */
4947 public static function changeableByGroup( $group ) {
4948 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
4949
4950 $groups = [
4951 'add' => [],
4952 'remove' => [],
4953 'add-self' => [],
4954 'remove-self' => []
4955 ];
4956
4957 if ( empty( $wgAddGroups[$group] ) ) {
4958 // Don't add anything to $groups
4959 } elseif ( $wgAddGroups[$group] === true ) {
4960 // You get everything
4961 $groups['add'] = self::getAllGroups();
4962 } elseif ( is_array( $wgAddGroups[$group] ) ) {
4963 $groups['add'] = $wgAddGroups[$group];
4964 }
4965
4966 // Same thing for remove
4967 if ( empty( $wgRemoveGroups[$group] ) ) {
4968 // Do nothing
4969 } elseif ( $wgRemoveGroups[$group] === true ) {
4970 $groups['remove'] = self::getAllGroups();
4971 } elseif ( is_array( $wgRemoveGroups[$group] ) ) {
4972 $groups['remove'] = $wgRemoveGroups[$group];
4973 }
4974
4975 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
4976 if ( empty( $wgGroupsAddToSelf['user'] ) || $wgGroupsAddToSelf['user'] !== true ) {
4977 foreach ( $wgGroupsAddToSelf as $key => $value ) {
4978 if ( is_int( $key ) ) {
4979 $wgGroupsAddToSelf['user'][] = $value;
4980 }
4981 }
4982 }
4983
4984 if ( empty( $wgGroupsRemoveFromSelf['user'] ) || $wgGroupsRemoveFromSelf['user'] !== true ) {
4985 foreach ( $wgGroupsRemoveFromSelf as $key => $value ) {
4986 if ( is_int( $key ) ) {
4987 $wgGroupsRemoveFromSelf['user'][] = $value;
4988 }
4989 }
4990 }
4991
4992 // Now figure out what groups the user can add to him/herself
4993 if ( empty( $wgGroupsAddToSelf[$group] ) ) {
4994 // Do nothing
4995 } elseif ( $wgGroupsAddToSelf[$group] === true ) {
4996 // No idea WHY this would be used, but it's there
4997 $groups['add-self'] = User::getAllGroups();
4998 } elseif ( is_array( $wgGroupsAddToSelf[$group] ) ) {
4999 $groups['add-self'] = $wgGroupsAddToSelf[$group];
5000 }
5001
5002 if ( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
5003 // Do nothing
5004 } elseif ( $wgGroupsRemoveFromSelf[$group] === true ) {
5005 $groups['remove-self'] = User::getAllGroups();
5006 } elseif ( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
5007 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
5008 }
5009
5010 return $groups;
5011 }
5012
5013 /**
5014 * Returns an array of groups that this user can add and remove
5015 * @return array Array( 'add' => array( addablegroups ),
5016 * 'remove' => array( removablegroups ),
5017 * 'add-self' => array( addablegroups to self),
5018 * 'remove-self' => array( removable groups from self) )
5019 */
5020 public function changeableGroups() {
5021 if ( $this->isAllowed( 'userrights' ) ) {
5022 // This group gives the right to modify everything (reverse-
5023 // compatibility with old "userrights lets you change
5024 // everything")
5025 // Using array_merge to make the groups reindexed
5026 $all = array_merge( User::getAllGroups() );
5027 return [
5028 'add' => $all,
5029 'remove' => $all,
5030 'add-self' => [],
5031 'remove-self' => []
5032 ];
5033 }
5034
5035 // Okay, it's not so simple, we will have to go through the arrays
5036 $groups = [
5037 'add' => [],
5038 'remove' => [],
5039 'add-self' => [],
5040 'remove-self' => []
5041 ];
5042 $addergroups = $this->getEffectiveGroups();
5043
5044 foreach ( $addergroups as $addergroup ) {
5045 $groups = array_merge_recursive(
5046 $groups, $this->changeableByGroup( $addergroup )
5047 );
5048 $groups['add'] = array_unique( $groups['add'] );
5049 $groups['remove'] = array_unique( $groups['remove'] );
5050 $groups['add-self'] = array_unique( $groups['add-self'] );
5051 $groups['remove-self'] = array_unique( $groups['remove-self'] );
5052 }
5053 return $groups;
5054 }
5055
5056 /**
5057 * Deferred version of incEditCountImmediate()
5058 */
5059 public function incEditCount() {
5060 wfGetDB( DB_MASTER )->onTransactionPreCommitOrIdle( function() {
5061 $this->incEditCountImmediate();
5062 } );
5063 }
5064
5065 /**
5066 * Increment the user's edit-count field.
5067 * Will have no effect for anonymous users.
5068 * @since 1.26
5069 */
5070 public function incEditCountImmediate() {
5071 if ( $this->isAnon() ) {
5072 return;
5073 }
5074
5075 $dbw = wfGetDB( DB_MASTER );
5076 // No rows will be "affected" if user_editcount is NULL
5077 $dbw->update(
5078 'user',
5079 [ 'user_editcount=user_editcount+1' ],
5080 [ 'user_id' => $this->getId(), 'user_editcount IS NOT NULL' ],
5081 __METHOD__
5082 );
5083 // Lazy initialization check...
5084 if ( $dbw->affectedRows() == 0 ) {
5085 // Now here's a goddamn hack...
5086 $dbr = wfGetDB( DB_SLAVE );
5087 if ( $dbr !== $dbw ) {
5088 // If we actually have a slave server, the count is
5089 // at least one behind because the current transaction
5090 // has not been committed and replicated.
5091 $this->initEditCount( 1 );
5092 } else {
5093 // But if DB_SLAVE is selecting the master, then the
5094 // count we just read includes the revision that was
5095 // just added in the working transaction.
5096 $this->initEditCount();
5097 }
5098 }
5099 // Edit count in user cache too
5100 $this->invalidateCache();
5101 }
5102
5103 /**
5104 * Initialize user_editcount from data out of the revision table
5105 *
5106 * @param int $add Edits to add to the count from the revision table
5107 * @return int Number of edits
5108 */
5109 protected function initEditCount( $add = 0 ) {
5110 // Pull from a slave to be less cruel to servers
5111 // Accuracy isn't the point anyway here
5112 $dbr = wfGetDB( DB_SLAVE );
5113 $count = (int)$dbr->selectField(
5114 'revision',
5115 'COUNT(rev_user)',
5116 [ 'rev_user' => $this->getId() ],
5117 __METHOD__
5118 );
5119 $count = $count + $add;
5120
5121 $dbw = wfGetDB( DB_MASTER );
5122 $dbw->update(
5123 'user',
5124 [ 'user_editcount' => $count ],
5125 [ 'user_id' => $this->getId() ],
5126 __METHOD__
5127 );
5128
5129 return $count;
5130 }
5131
5132 /**
5133 * Get the description of a given right
5134 *
5135 * @param string $right Right to query
5136 * @return string Localized description of the right
5137 */
5138 public static function getRightDescription( $right ) {
5139 $key = "right-$right";
5140 $msg = wfMessage( $key );
5141 return $msg->isBlank() ? $right : $msg->text();
5142 }
5143
5144 /**
5145 * Make a new-style password hash
5146 *
5147 * @param string $password Plain-text password
5148 * @param bool|string $salt Optional salt, may be random or the user ID.
5149 * If unspecified or false, will generate one automatically
5150 * @return string Password hash
5151 * @deprecated since 1.24, use Password class
5152 */
5153 public static function crypt( $password, $salt = false ) {
5154 wfDeprecated( __METHOD__, '1.24' );
5155 $passwordFactory = new PasswordFactory();
5156 $passwordFactory->init( RequestContext::getMain()->getConfig() );
5157 $hash = $passwordFactory->newFromPlaintext( $password );
5158 return $hash->toString();
5159 }
5160
5161 /**
5162 * Compare a password hash with a plain-text password. Requires the user
5163 * ID if there's a chance that the hash is an old-style hash.
5164 *
5165 * @param string $hash Password hash
5166 * @param string $password Plain-text password to compare
5167 * @param string|bool $userId User ID for old-style password salt
5168 *
5169 * @return bool
5170 * @deprecated since 1.24, use Password class
5171 */
5172 public static function comparePasswords( $hash, $password, $userId = false ) {
5173 wfDeprecated( __METHOD__, '1.24' );
5174
5175 // Check for *really* old password hashes that don't even have a type
5176 // The old hash format was just an md5 hex hash, with no type information
5177 if ( preg_match( '/^[0-9a-f]{32}$/', $hash ) ) {
5178 global $wgPasswordSalt;
5179 if ( $wgPasswordSalt ) {
5180 $password = ":B:{$userId}:{$hash}";
5181 } else {
5182 $password = ":A:{$hash}";
5183 }
5184 }
5185
5186 $passwordFactory = new PasswordFactory();
5187 $passwordFactory->init( RequestContext::getMain()->getConfig() );
5188 $hash = $passwordFactory->newFromCiphertext( $hash );
5189 return $hash->equals( $password );
5190 }
5191
5192 /**
5193 * Add a newuser log entry for this user.
5194 * Before 1.19 the return value was always true.
5195 *
5196 * @deprecated since 1.27, AuthManager handles logging
5197 * @param string|bool $action Account creation type.
5198 * - String, one of the following values:
5199 * - 'create' for an anonymous user creating an account for himself.
5200 * This will force the action's performer to be the created user itself,
5201 * no matter the value of $wgUser
5202 * - 'create2' for a logged in user creating an account for someone else
5203 * - 'byemail' when the created user will receive its password by e-mail
5204 * - 'autocreate' when the user is automatically created (such as by CentralAuth).
5205 * - Boolean means whether the account was created by e-mail (deprecated):
5206 * - true will be converted to 'byemail'
5207 * - false will be converted to 'create' if this object is the same as
5208 * $wgUser and to 'create2' otherwise
5209 * @param string $reason User supplied reason
5210 * @return int|bool True if not $wgNewUserLog or not $wgDisableAuthManager;
5211 * otherwise ID of log item or 0 on failure
5212 */
5213 public function addNewUserLogEntry( $action = false, $reason = '' ) {
5214 global $wgUser, $wgNewUserLog, $wgDisableAuthManager;
5215 if ( !$wgDisableAuthManager || empty( $wgNewUserLog ) ) {
5216 return true; // disabled
5217 }
5218
5219 if ( $action === true ) {
5220 $action = 'byemail';
5221 } elseif ( $action === false ) {
5222 if ( $this->equals( $wgUser ) ) {
5223 $action = 'create';
5224 } else {
5225 $action = 'create2';
5226 }
5227 }
5228
5229 if ( $action === 'create' || $action === 'autocreate' ) {
5230 $performer = $this;
5231 } else {
5232 $performer = $wgUser;
5233 }
5234
5235 $logEntry = new ManualLogEntry( 'newusers', $action );
5236 $logEntry->setPerformer( $performer );
5237 $logEntry->setTarget( $this->getUserPage() );
5238 $logEntry->setComment( $reason );
5239 $logEntry->setParameters( [
5240 '4::userid' => $this->getId(),
5241 ] );
5242 $logid = $logEntry->insert();
5243
5244 if ( $action !== 'autocreate' ) {
5245 $logEntry->publish( $logid );
5246 }
5247
5248 return (int)$logid;
5249 }
5250
5251 /**
5252 * Add an autocreate newuser log entry for this user
5253 * Used by things like CentralAuth and perhaps other authplugins.
5254 * Consider calling addNewUserLogEntry() directly instead.
5255 *
5256 * @deprecated since 1.27, AuthManager handles logging
5257 * @return bool
5258 */
5259 public function addNewUserLogEntryAutoCreate() {
5260 $this->addNewUserLogEntry( 'autocreate' );
5261
5262 return true;
5263 }
5264
5265 /**
5266 * Load the user options either from cache, the database or an array
5267 *
5268 * @param array $data Rows for the current user out of the user_properties table
5269 */
5270 protected function loadOptions( $data = null ) {
5271 global $wgContLang;
5272
5273 $this->load();
5274
5275 if ( $this->mOptionsLoaded ) {
5276 return;
5277 }
5278
5279 $this->mOptions = self::getDefaultOptions();
5280
5281 if ( !$this->getId() ) {
5282 // For unlogged-in users, load language/variant options from request.
5283 // There's no need to do it for logged-in users: they can set preferences,
5284 // and handling of page content is done by $pageLang->getPreferredVariant() and such,
5285 // so don't override user's choice (especially when the user chooses site default).
5286 $variant = $wgContLang->getDefaultVariant();
5287 $this->mOptions['variant'] = $variant;
5288 $this->mOptions['language'] = $variant;
5289 $this->mOptionsLoaded = true;
5290 return;
5291 }
5292
5293 // Maybe load from the object
5294 if ( !is_null( $this->mOptionOverrides ) ) {
5295 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
5296 foreach ( $this->mOptionOverrides as $key => $value ) {
5297 $this->mOptions[$key] = $value;
5298 }
5299 } else {
5300 if ( !is_array( $data ) ) {
5301 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
5302 // Load from database
5303 $dbr = ( $this->queryFlagsUsed & self::READ_LATEST )
5304 ? wfGetDB( DB_MASTER )
5305 : wfGetDB( DB_SLAVE );
5306
5307 $res = $dbr->select(
5308 'user_properties',
5309 [ 'up_property', 'up_value' ],
5310 [ 'up_user' => $this->getId() ],
5311 __METHOD__
5312 );
5313
5314 $this->mOptionOverrides = [];
5315 $data = [];
5316 foreach ( $res as $row ) {
5317 $data[$row->up_property] = $row->up_value;
5318 }
5319 }
5320 foreach ( $data as $property => $value ) {
5321 $this->mOptionOverrides[$property] = $value;
5322 $this->mOptions[$property] = $value;
5323 }
5324 }
5325
5326 $this->mOptionsLoaded = true;
5327
5328 Hooks::run( 'UserLoadOptions', [ $this, &$this->mOptions ] );
5329 }
5330
5331 /**
5332 * Saves the non-default options for this user, as previously set e.g. via
5333 * setOption(), in the database's "user_properties" (preferences) table.
5334 * Usually used via saveSettings().
5335 */
5336 protected function saveOptions() {
5337 $this->loadOptions();
5338
5339 // Not using getOptions(), to keep hidden preferences in database
5340 $saveOptions = $this->mOptions;
5341
5342 // Allow hooks to abort, for instance to save to a global profile.
5343 // Reset options to default state before saving.
5344 if ( !Hooks::run( 'UserSaveOptions', [ $this, &$saveOptions ] ) ) {
5345 return;
5346 }
5347
5348 $userId = $this->getId();
5349
5350 $insert_rows = []; // all the new preference rows
5351 foreach ( $saveOptions as $key => $value ) {
5352 // Don't bother storing default values
5353 $defaultOption = self::getDefaultOption( $key );
5354 if ( ( $defaultOption === null && $value !== false && $value !== null )
5355 || $value != $defaultOption
5356 ) {
5357 $insert_rows[] = [
5358 'up_user' => $userId,
5359 'up_property' => $key,
5360 'up_value' => $value,
5361 ];
5362 }
5363 }
5364
5365 $dbw = wfGetDB( DB_MASTER );
5366
5367 $res = $dbw->select( 'user_properties',
5368 [ 'up_property', 'up_value' ], [ 'up_user' => $userId ], __METHOD__ );
5369
5370 // Find prior rows that need to be removed or updated. These rows will
5371 // all be deleted (the later so that INSERT IGNORE applies the new values).
5372 $keysDelete = [];
5373 foreach ( $res as $row ) {
5374 if ( !isset( $saveOptions[$row->up_property] )
5375 || strcmp( $saveOptions[$row->up_property], $row->up_value ) != 0
5376 ) {
5377 $keysDelete[] = $row->up_property;
5378 }
5379 }
5380
5381 if ( count( $keysDelete ) ) {
5382 // Do the DELETE by PRIMARY KEY for prior rows.
5383 // In the past a very large portion of calls to this function are for setting
5384 // 'rememberpassword' for new accounts (a preference that has since been removed).
5385 // Doing a blanket per-user DELETE for new accounts with no rows in the table
5386 // caused gap locks on [max user ID,+infinity) which caused high contention since
5387 // updates would pile up on each other as they are for higher (newer) user IDs.
5388 // It might not be necessary these days, but it shouldn't hurt either.
5389 $dbw->delete( 'user_properties',
5390 [ 'up_user' => $userId, 'up_property' => $keysDelete ], __METHOD__ );
5391 }
5392 // Insert the new preference rows
5393 $dbw->insert( 'user_properties', $insert_rows, __METHOD__, [ 'IGNORE' ] );
5394 }
5395
5396 /**
5397 * Lazily instantiate and return a factory object for making passwords
5398 *
5399 * @deprecated since 1.27, create a PasswordFactory directly instead
5400 * @return PasswordFactory
5401 */
5402 public static function getPasswordFactory() {
5403 wfDeprecated( __METHOD__, '1.27' );
5404 $ret = new PasswordFactory();
5405 $ret->init( RequestContext::getMain()->getConfig() );
5406 return $ret;
5407 }
5408
5409 /**
5410 * Provide an array of HTML5 attributes to put on an input element
5411 * intended for the user to enter a new password. This may include
5412 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
5413 *
5414 * Do *not* use this when asking the user to enter his current password!
5415 * Regardless of configuration, users may have invalid passwords for whatever
5416 * reason (e.g., they were set before requirements were tightened up).
5417 * Only use it when asking for a new password, like on account creation or
5418 * ResetPass.
5419 *
5420 * Obviously, you still need to do server-side checking.
5421 *
5422 * NOTE: A combination of bugs in various browsers means that this function
5423 * actually just returns array() unconditionally at the moment. May as
5424 * well keep it around for when the browser bugs get fixed, though.
5425 *
5426 * @todo FIXME: This does not belong here; put it in Html or Linker or somewhere
5427 *
5428 * @deprecated since 1.27
5429 * @return array Array of HTML attributes suitable for feeding to
5430 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
5431 * That will get confused by the boolean attribute syntax used.)
5432 */
5433 public static function passwordChangeInputAttribs() {
5434 global $wgMinimalPasswordLength;
5435
5436 if ( $wgMinimalPasswordLength == 0 ) {
5437 return [];
5438 }
5439
5440 # Note that the pattern requirement will always be satisfied if the
5441 # input is empty, so we need required in all cases.
5442
5443 # @todo FIXME: Bug 23769: This needs to not claim the password is required
5444 # if e-mail confirmation is being used. Since HTML5 input validation
5445 # is b0rked anyway in some browsers, just return nothing. When it's
5446 # re-enabled, fix this code to not output required for e-mail
5447 # registration.
5448 # $ret = array( 'required' );
5449 $ret = [];
5450
5451 # We can't actually do this right now, because Opera 9.6 will print out
5452 # the entered password visibly in its error message! When other
5453 # browsers add support for this attribute, or Opera fixes its support,
5454 # we can add support with a version check to avoid doing this on Opera
5455 # versions where it will be a problem. Reported to Opera as
5456 # DSK-262266, but they don't have a public bug tracker for us to follow.
5457 /*
5458 if ( $wgMinimalPasswordLength > 1 ) {
5459 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
5460 $ret['title'] = wfMessage( 'passwordtooshort' )
5461 ->numParams( $wgMinimalPasswordLength )->text();
5462 }
5463 */
5464
5465 return $ret;
5466 }
5467
5468 /**
5469 * Return the list of user fields that should be selected to create
5470 * a new user object.
5471 * @return array
5472 */
5473 public static function selectFields() {
5474 return [
5475 'user_id',
5476 'user_name',
5477 'user_real_name',
5478 'user_email',
5479 'user_touched',
5480 'user_token',
5481 'user_email_authenticated',
5482 'user_email_token',
5483 'user_email_token_expires',
5484 'user_registration',
5485 'user_editcount',
5486 ];
5487 }
5488
5489 /**
5490 * Factory function for fatal permission-denied errors
5491 *
5492 * @since 1.22
5493 * @param string $permission User right required
5494 * @return Status
5495 */
5496 static function newFatalPermissionDeniedStatus( $permission ) {
5497 global $wgLang;
5498
5499 $groups = array_map(
5500 [ 'User', 'makeGroupLinkWiki' ],
5501 User::getGroupsWithPermission( $permission )
5502 );
5503
5504 if ( $groups ) {
5505 return Status::newFatal( 'badaccess-groups', $wgLang->commaList( $groups ), count( $groups ) );
5506 } else {
5507 return Status::newFatal( 'badaccess-group0' );
5508 }
5509 }
5510
5511 /**
5512 * Get a new instance of this user that was loaded from the master via a locking read
5513 *
5514 * Use this instead of the main context User when updating that user. This avoids races
5515 * where that user was loaded from a slave or even the master but without proper locks.
5516 *
5517 * @return User|null Returns null if the user was not found in the DB
5518 * @since 1.27
5519 */
5520 public function getInstanceForUpdate() {
5521 if ( !$this->getId() ) {
5522 return null; // anon
5523 }
5524
5525 $user = self::newFromId( $this->getId() );
5526 if ( !$user->loadFromId( self::READ_EXCLUSIVE ) ) {
5527 return null;
5528 }
5529
5530 return $user;
5531 }
5532
5533 /**
5534 * Checks if two user objects point to the same user.
5535 *
5536 * @since 1.25
5537 * @param User $user
5538 * @return bool
5539 */
5540 public function equals( User $user ) {
5541 return $this->getName() === $user->getName();
5542 }
5543 }
MediaWiki Core