search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patched jquery-1.4.2 to not crash in IE7 when a style property is set with 'null...
[mediawiki.git] / includes / User.php
blob275800f8062ed775bb9b7036d474914378a12d5e
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 * @file
5 */
6
7 /**
8 * \int Number of characters in user_token field.
9 * @ingroup Constants
10 */
11 define( 'USER_TOKEN_LENGTH', 32 );
12
13 /**
14 * \int Serialized record version.
15 * @ingroup Constants
16 */
17 define( 'MW_USER_VERSION', 8 );
18
19 /**
20 * \string Some punctuation to prevent editing from broken text-mangling proxies.
21 * @ingroup Constants
22 */
23 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
24
25 /**
26 * Thrown by User::setPassword() on error.
27 * @ingroup Exception
28 */
29 class PasswordError extends MWException {
30 // NOP
31 }
32
33 /**
34 * The User object encapsulates all of the user-specific settings (user_id,
35 * name, rights, password, email address, options, last login time). Client
36 * classes use the getXXX() functions to access these fields. These functions
37 * do all the work of determining whether the user is logged in,
38 * whether the requested option can be satisfied from cookies or
39 * whether a database query is needed. Most of the settings needed
40 * for rendering normal pages are set in the cookie to minimize use
41 * of the database.
42 */
43 class User {
44
45 /**
46 * \type{\arrayof{\string}} A list of default user toggles, i.e., boolean user
47 * preferences that are displayed by Special:Preferences as checkboxes.
48 * This list can be extended via the UserToggles hook or by
49 * $wgContLang::getExtraUserToggles().
50 * @showinitializer
51 */
52 public static $mToggles = array(
53 'highlightbroken',
54 'justify',
55 'hideminor',
56 'extendwatchlist',
57 'usenewrc',
58 'numberheadings',
59 'showtoolbar',
60 'editondblclick',
61 'editsection',
62 'editsectiononrightclick',
63 'showtoc',
64 'rememberpassword',
65 'watchcreations',
66 'watchdefault',
67 'watchmoves',
68 'watchdeletion',
69 'minordefault',
70 'previewontop',
71 'previewonfirst',
72 'nocache',
73 'enotifwatchlistpages',
74 'enotifusertalkpages',
75 'enotifminoredits',
76 'enotifrevealaddr',
77 'shownumberswatching',
78 'fancysig',
79 'externaleditor',
80 'externaldiff',
81 'showjumplinks',
82 'uselivepreview',
83 'forceeditsummary',
84 'watchlisthideminor',
85 'watchlisthidebots',
86 'watchlisthideown',
87 'watchlisthideanons',
88 'watchlisthideliu',
89 'ccmeonemails',
90 'diffonly',
91 'showhiddencats',
92 'noconvertlink',
93 'norollbackdiff',
94 );
95
96 /**
97 * \type{\arrayof{\string}} List of member variables which are saved to the
98 * shared cache (memcached). Any operation which changes the
99 * corresponding database fields must call a cache-clearing function.
100 * @showinitializer
101 */
102 static $mCacheVars = array(
103 // user table
104 'mId',
105 'mName',
106 'mRealName',
107 'mPassword',
108 'mNewpassword',
109 'mNewpassTime',
110 'mEmail',
111 'mTouched',
112 'mToken',
113 'mEmailAuthenticated',
114 'mEmailToken',
115 'mEmailTokenExpires',
116 'mRegistration',
117 'mEditCount',
118 // user_group table
119 'mGroups',
120 // user_properties table
121 'mOptionOverrides',
122 );
123
124 /**
125 * \type{\arrayof{\string}} Core rights.
126 * Each of these should have a corresponding message of the form
127 * "right-$right".
128 * @showinitializer
129 */
130 static $mCoreRights = array(
131 'apihighlimits',
132 'autoconfirmed',
133 'autopatrol',
134 'bigdelete',
135 'block',
136 'blockemail',
137 'bot',
138 'browsearchive',
139 'createaccount',
140 'createpage',
141 'createtalk',
142 'delete',
143 'deletedhistory',
144 'deletedtext',
145 'deleterevision',
146 'edit',
147 'editinterface',
148 'editusercssjs',
149 'hideuser',
150 'import',
151 'importupload',
152 'ipblock-exempt',
153 'markbotedits',
154 'minoredit',
155 'move',
156 'movefile',
157 'move-rootuserpages',
158 'move-subpages',
159 'nominornewtalk',
160 'noratelimit',
161 'override-export-depth',
162 'patrol',
163 'protect',
164 'proxyunbannable',
165 'purge',
166 'read',
167 'reupload',
168 'reupload-shared',
169 'rollback',
170 'sendemail',
171 'siteadmin',
172 'suppressionlog',
173 'suppressredirect',
174 'suppressrevision',
175 'trackback',
176 'undelete',
177 'unwatchedpages',
178 'upload',
179 'upload_by_url',
180 'userrights',
181 'userrights-interwiki',
182 'writeapi',
183 );
184 /**
185 * \string Cached results of getAllRights()
186 */
187 static $mAllRights = false;
188
189 /** @name Cache variables */
190 //@{
191 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
192 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
193 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups, $mOptionOverrides;
194 //@}
195
196 /**
197 * \bool Whether the cache variables have been loaded.
198 */
199 var $mDataLoaded, $mAuthLoaded, $mOptionsLoaded;
200
201 /**
202 * \string Initialization data source if mDataLoaded==false. May be one of:
203 * - 'defaults' anonymous user initialised from class defaults
204 * - 'name' initialise from mName
205 * - 'id' initialise from mId
206 * - 'session' log in from cookies or session if possible
207 *
208 * Use the User::newFrom*() family of functions to set this.
209 */
210 var $mFrom;
211
212 /** @name Lazy-initialized variables, invalidated with clearInstanceCache */
213 //@{
214 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mSkin, $mRights,
215 $mBlockreason, $mBlock, $mEffectiveGroups, $mBlockedGlobally,
216 $mLocked, $mHideName, $mOptions;
217 //@}
218
219 static $idCacheByName = array();
220
221 /**
222 * Lightweight constructor for an anonymous user.
223 * Use the User::newFrom* factory functions for other kinds of users.
224 *
225 * @see newFromName()
226 * @see newFromId()
227 * @see newFromConfirmationCode()
228 * @see newFromSession()
229 * @see newFromRow()
230 */
231 function User() {
232 $this->clearInstanceCache( 'defaults' );
233 }
234
235 /**
236 * Load the user table data for this object from the source given by mFrom.
237 */
238 function load() {
239 if ( $this->mDataLoaded ) {
240 return;
241 }
242 wfProfileIn( __METHOD__ );
243
244 # Set it now to avoid infinite recursion in accessors
245 $this->mDataLoaded = true;
246
247 switch ( $this->mFrom ) {
248 case 'defaults':
249 $this->loadDefaults();
250 break;
251 case 'name':
252 $this->mId = self::idFromName( $this->mName );
253 if ( !$this->mId ) {
254 # Nonexistent user placeholder object
255 $this->loadDefaults( $this->mName );
256 } else {
257 $this->loadFromId();
258 }
259 break;
260 case 'id':
261 $this->loadFromId();
262 break;
263 case 'session':
264 $this->loadFromSession();
265 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
266 break;
267 default:
268 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
269 }
270 wfProfileOut( __METHOD__ );
271 }
272
273 /**
274 * Load user table data, given mId has already been set.
275 * @return \bool false if the ID does not exist, true otherwise
276 * @private
277 */
278 function loadFromId() {
279 global $wgMemc;
280 if ( $this->mId == 0 ) {
281 $this->loadDefaults();
282 return false;
283 }
284
285 # Try cache
286 $key = wfMemcKey( 'user', 'id', $this->mId );
287 $data = $wgMemc->get( $key );
288 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
289 # Object is expired, load from DB
290 $data = false;
291 }
292
293 if ( !$data ) {
294 wfDebug( "Cache miss for user {$this->mId}\n" );
295 # Load from DB
296 if ( !$this->loadFromDatabase() ) {
297 # Can't load from ID, user is anonymous
298 return false;
299 }
300 $this->saveToCache();
301 } else {
302 wfDebug( "Got user {$this->mId} from cache\n" );
303 # Restore from cache
304 foreach ( self::$mCacheVars as $name ) {
305 $this->$name = $data[$name];
306 }
307 }
308 return true;
309 }
310
311 /**
312 * Save user data to the shared cache
313 */
314 function saveToCache() {
315 $this->load();
316 $this->loadGroups();
317 $this->loadOptions();
318 if ( $this->isAnon() ) {
319 // Anonymous users are uncached
320 return;
321 }
322 $data = array();
323 foreach ( self::$mCacheVars as $name ) {
324 $data[$name] = $this->$name;
325 }
326 $data['mVersion'] = MW_USER_VERSION;
327 $key = wfMemcKey( 'user', 'id', $this->mId );
328 global $wgMemc;
329 $wgMemc->set( $key, $data );
330 }
331
332
333 /** @name newFrom*() static factory methods */
334 //@{
335
336 /**
337 * Static factory method for creation from username.
338 *
339 * This is slightly less efficient than newFromId(), so use newFromId() if
340 * you have both an ID and a name handy.
341 *
342 * @param $name \string Username, validated by Title::newFromText()
343 * @param $validate \mixed Validate username. Takes the same parameters as
344 * User::getCanonicalName(), except that true is accepted as an alias
345 * for 'valid', for BC.
346 *
347 * @return \type{User} The User object, or false if the username is invalid
348 * (e.g. if it contains illegal characters or is an IP address). If the
349 * username is not present in the database, the result will be a user object
350 * with a name, zero user ID and default settings.
351 */
352 static function newFromName( $name, $validate = 'valid' ) {
353 if ( $validate === true ) {
354 $validate = 'valid';
355 }
356 $name = self::getCanonicalName( $name, $validate );
357 if ( $name === false ) {
358 return false;
359 } else {
360 # Create unloaded user object
361 $u = new User;
362 $u->mName = $name;
363 $u->mFrom = 'name';
364 return $u;
365 }
366 }
367
368 /**
369 * Static factory method for creation from a given user ID.
370 *
371 * @param $id \int Valid user ID
372 * @return \type{User} The corresponding User object
373 */
374 static function newFromId( $id ) {
375 $u = new User;
376 $u->mId = $id;
377 $u->mFrom = 'id';
378 return $u;
379 }
380
381 /**
382 * Factory method to fetch whichever user has a given email confirmation code.
383 * This code is generated when an account is created or its e-mail address
384 * has changed.
385 *
386 * If the code is invalid or has expired, returns NULL.
387 *
388 * @param $code \string Confirmation code
389 * @return \type{User}
390 */
391 static function newFromConfirmationCode( $code ) {
392 $dbr = wfGetDB( DB_SLAVE );
393 $id = $dbr->selectField( 'user', 'user_id', array(
394 'user_email_token' => md5( $code ),
395 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
396 ) );
397 if( $id !== false ) {
398 return User::newFromId( $id );
399 } else {
400 return null;
401 }
402 }
403
404 /**
405 * Create a new user object using data from session or cookies. If the
406 * login credentials are invalid, the result is an anonymous user.
407 *
408 * @return \type{User}
409 */
410 static function newFromSession() {
411 $user = new User;
412 $user->mFrom = 'session';
413 return $user;
414 }
415
416 /**
417 * Create a new user object from a user row.
418 * The row should have all fields from the user table in it.
419 * @param $row array A row from the user table
420 * @return \type{User}
421 */
422 static function newFromRow( $row ) {
423 $user = new User;
424 $user->loadFromRow( $row );
425 return $user;
426 }
427
428 //@}
429
430
431 /**
432 * Get the username corresponding to a given user ID
433 * @param $id \int User ID
434 * @return \string The corresponding username
435 */
436 static function whoIs( $id ) {
437 $dbr = wfGetDB( DB_SLAVE );
438 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), __METHOD__ );
439 }
440
441 /**
442 * Get the real name of a user given their user ID
443 *
444 * @param $id \int User ID
445 * @return \string The corresponding user's real name
446 */
447 static function whoIsReal( $id ) {
448 $dbr = wfGetDB( DB_SLAVE );
449 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), __METHOD__ );
450 }
451
452 /**
453 * Get database id given a user name
454 * @param $name \string Username
455 * @return \types{\int,\null} The corresponding user's ID, or null if user is nonexistent
456 */
457 static function idFromName( $name ) {
458 $nt = Title::makeTitleSafe( NS_USER, $name );
459 if( is_null( $nt ) ) {
460 # Illegal name
461 return null;
462 }
463
464 if ( isset( self::$idCacheByName[$name] ) ) {
465 return self::$idCacheByName[$name];
466 }
467
468 $dbr = wfGetDB( DB_SLAVE );
469 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
470
471 if ( $s === false ) {
472 $result = null;
473 } else {
474 $result = $s->user_id;
475 }
476
477 self::$idCacheByName[$name] = $result;
478
479 if ( count( self::$idCacheByName ) > 1000 ) {
480 self::$idCacheByName = array();
481 }
482
483 return $result;
484 }
485
486 /**
487 * Does the string match an anonymous IPv4 address?
488 *
489 * This function exists for username validation, in order to reject
490 * usernames which are similar in form to IP addresses. Strings such
491 * as 300.300.300.300 will return true because it looks like an IP
492 * address, despite not being strictly valid.
493 *
494 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
495 * address because the usemod software would "cloak" anonymous IP
496 * addresses like this, if we allowed accounts like this to be created
497 * new users could get the old edits of these anonymous users.
498 *
499 * @param $name \string String to match
500 * @return \bool True or false
501 */
502 static function isIP( $name ) {
503 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
504 }
505
506 /**
507 * Is the input a valid username?
508 *
509 * Checks if the input is a valid username, we don't want an empty string,
510 * an IP address, anything that containins slashes (would mess up subpages),
511 * is longer than the maximum allowed username size or doesn't begin with
512 * a capital letter.
513 *
514 * @param $name \string String to match
515 * @return \bool True or false
516 */
517 static function isValidUserName( $name ) {
518 global $wgContLang, $wgMaxNameChars;
519
520 if ( $name == ''
521 || User::isIP( $name )
522 || strpos( $name, '/' ) !== false
523 || strlen( $name ) > $wgMaxNameChars
524 || $name != $wgContLang->ucfirst( $name ) ) {
525 wfDebugLog( 'username', __METHOD__ .
526 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
527 return false;
528 }
529
530 // Ensure that the name can't be misresolved as a different title,
531 // such as with extra namespace keys at the start.
532 $parsed = Title::newFromText( $name );
533 if( is_null( $parsed )
534 || $parsed->getNamespace()
535 || strcmp( $name, $parsed->getPrefixedText() ) ) {
536 wfDebugLog( 'username', __METHOD__ .
537 ": '$name' invalid due to ambiguous prefixes" );
538 return false;
539 }
540
541 // Check an additional blacklist of troublemaker characters.
542 // Should these be merged into the title char list?
543 $unicodeBlacklist = '/[' .
544 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
545 '\x{00a0}' . # non-breaking space
546 '\x{2000}-\x{200f}' . # various whitespace
547 '\x{2028}-\x{202f}' . # breaks and control chars
548 '\x{3000}' . # ideographic space
549 '\x{e000}-\x{f8ff}' . # private use
550 ']/u';
551 if( preg_match( $unicodeBlacklist, $name ) ) {
552 wfDebugLog( 'username', __METHOD__ .
553 ": '$name' invalid due to blacklisted characters" );
554 return false;
555 }
556
557 return true;
558 }
559
560 /**
561 * Usernames which fail to pass this function will be blocked
562 * from user login and new account registrations, but may be used
563 * internally by batch processes.
564 *
565 * If an account already exists in this form, login will be blocked
566 * by a failure to pass this function.
567 *
568 * @param $name \string String to match
569 * @return \bool True or false
570 */
571 static function isUsableName( $name ) {
572 global $wgReservedUsernames;
573 // Must be a valid username, obviously ;)
574 if ( !self::isValidUserName( $name ) ) {
575 return false;
576 }
577
578 static $reservedUsernames = false;
579 if ( !$reservedUsernames ) {
580 $reservedUsernames = $wgReservedUsernames;
581 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
582 }
583
584 // Certain names may be reserved for batch processes.
585 foreach ( $reservedUsernames as $reserved ) {
586 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
587 $reserved = wfMsgForContent( substr( $reserved, 4 ) );
588 }
589 if ( $reserved == $name ) {
590 return false;
591 }
592 }
593 return true;
594 }
595
596 /**
597 * Usernames which fail to pass this function will be blocked
598 * from new account registrations, but may be used internally
599 * either by batch processes or by user accounts which have
600 * already been created.
601 *
602 * Additional blacklisting may be added here rather than in
603 * isValidUserName() to avoid disrupting existing accounts.
604 *
605 * @param $name \string String to match
606 * @return \bool True or false
607 */
608 static function isCreatableName( $name ) {
609 global $wgInvalidUsernameCharacters;
610
611 // Ensure that the username isn't longer than 235 bytes, so that
612 // (at least for the builtin skins) user javascript and css files
613 // will work. (bug 23080)
614 if( strlen( $name ) > 235 ) {
615 wfDebugLog( 'username', __METHOD__ .
616 ": '$name' invalid due to length" );
617 return false;
618 }
619
620 if( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
621 wfDebugLog( 'username', __METHOD__ .
622 ": '$name' invalid due to wgInvalidUsernameCharacters" );
623 return false;
624 }
625
626 return self::isUsableName( $name );
627 }
628
629 /**
630 * Is the input a valid password for this user?
631 *
632 * @param $password String Desired password
633 * @return bool True or false
634 */
635 function isValidPassword( $password ) {
636 //simple boolean wrapper for getPasswordValidity
637 return $this->getPasswordValidity( $password ) === true;
638 }
639
640 /**
641 * Given unvalidated password input, return error message on failure.
642 *
643 * @param $password String Desired password
644 * @return mixed: true on success, string of error message on failure
645 */
646 function getPasswordValidity( $password ) {
647 global $wgMinimalPasswordLength, $wgContLang;
648
649 $result = false; //init $result to false for the internal checks
650
651 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
652 return $result;
653
654 if ( $result === false ) {
655 if( strlen( $password ) < $wgMinimalPasswordLength ) {
656 return 'passwordtooshort';
657 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
658 return 'password-name-match';
659 } else {
660 //it seems weird returning true here, but this is because of the
661 //initialization of $result to false above. If the hook is never run or it
662 //doesn't modify $result, then we will likely get down into this if with
663 //a valid password.
664 return true;
665 }
666 } elseif( $result === true ) {
667 return true;
668 } else {
669 return $result; //the isValidPassword hook set a string $result and returned true
670 }
671 }
672
673 /**
674 * Does a string look like an e-mail address?
675 *
676 * There used to be a regular expression here, it got removed because it
677 * rejected valid addresses. Actually just check if there is '@' somewhere
678 * in the given address.
679 *
680 * @todo Check for RFC 2822 compilance (bug 959)
681 *
682 * @param $addr \string E-mail address
683 * @return \bool True or false
684 */
685 public static function isValidEmailAddr( $addr ) {
686 $result = null;
687 if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) {
688 return $result;
689 }
690
691 return strpos( $addr, '@' ) !== false;
692 }
693
694 /**
695 * Given unvalidated user input, return a canonical username, or false if
696 * the username is invalid.
697 * @param $name \string User input
698 * @param $validate \types{\string,\bool} Type of validation to use:
699 * - false No validation
700 * - 'valid' Valid for batch processes
701 * - 'usable' Valid for batch processes and login
702 * - 'creatable' Valid for batch processes, login and account creation
703 */
704 static function getCanonicalName( $name, $validate = 'valid' ) {
705 # Force usernames to capital
706 global $wgContLang;
707 $name = $wgContLang->ucfirst( $name );
708
709 # Reject names containing '#'; these will be cleaned up
710 # with title normalisation, but then it's too late to
711 # check elsewhere
712 if( strpos( $name, '#' ) !== false )
713 return false;
714
715 # Clean up name according to title rules
716 $t = ( $validate === 'valid' ) ?
717 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
718 # Check for invalid titles
719 if( is_null( $t ) ) {
720 return false;
721 }
722
723 # Reject various classes of invalid names
724 $name = $t->getText();
725 global $wgAuth;
726 $name = $wgAuth->getCanonicalName( $t->getText() );
727
728 switch ( $validate ) {
729 case false:
730 break;
731 case 'valid':
732 if ( !User::isValidUserName( $name ) ) {
733 $name = false;
734 }
735 break;
736 case 'usable':
737 if ( !User::isUsableName( $name ) ) {
738 $name = false;
739 }
740 break;
741 case 'creatable':
742 if ( !User::isCreatableName( $name ) ) {
743 $name = false;
744 }
745 break;
746 default:
747 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
748 }
749 return $name;
750 }
751
752 /**
753 * Count the number of edits of a user
754 * @todo It should not be static and some day should be merged as proper member function / deprecated -- domas
755 *
756 * @param $uid \int User ID to check
757 * @return \int The user's edit count
758 */
759 static function edits( $uid ) {
760 wfProfileIn( __METHOD__ );
761 $dbr = wfGetDB( DB_SLAVE );
762 // check if the user_editcount field has been initialized
763 $field = $dbr->selectField(
764 'user', 'user_editcount',
765 array( 'user_id' => $uid ),
766 __METHOD__
767 );
768
769 if( $field === null ) { // it has not been initialized. do so.
770 $dbw = wfGetDB( DB_MASTER );
771 $count = $dbr->selectField(
772 'revision', 'count(*)',
773 array( 'rev_user' => $uid ),
774 __METHOD__
775 );
776 $dbw->update(
777 'user',
778 array( 'user_editcount' => $count ),
779 array( 'user_id' => $uid ),
780 __METHOD__
781 );
782 } else {
783 $count = $field;
784 }
785 wfProfileOut( __METHOD__ );
786 return $count;
787 }
788
789 /**
790 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
791 * @todo hash random numbers to improve security, like generateToken()
792 *
793 * @return \string New random password
794 */
795 static function randomPassword() {
796 global $wgMinimalPasswordLength;
797 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
798 $l = strlen( $pwchars ) - 1;
799
800 $pwlength = max( 7, $wgMinimalPasswordLength );
801 $digit = mt_rand( 0, $pwlength - 1 );
802 $np = '';
803 for ( $i = 0; $i < $pwlength; $i++ ) {
804 $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars{ mt_rand( 0, $l ) };
805 }
806 return $np;
807 }
808
809 /**
810 * Set cached properties to default.
811 *
812 * @note This no longer clears uncached lazy-initialised properties;
813 * the constructor does that instead.
814 * @private
815 */
816 function loadDefaults( $name = false ) {
817 wfProfileIn( __METHOD__ );
818
819 global $wgCookiePrefix;
820
821 $this->mId = 0;
822 $this->mName = $name;
823 $this->mRealName = '';
824 $this->mPassword = $this->mNewpassword = '';
825 $this->mNewpassTime = null;
826 $this->mEmail = '';
827 $this->mOptionOverrides = null;
828 $this->mOptionsLoaded = false;
829
830 if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {
831 $this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );
832 } else {
833 $this->mTouched = '0'; # Allow any pages to be cached
834 }
835
836 $this->setToken(); # Random
837 $this->mEmailAuthenticated = null;
838 $this->mEmailToken = '';
839 $this->mEmailTokenExpires = null;
840 $this->mRegistration = wfTimestamp( TS_MW );
841 $this->mGroups = array();
842
843 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
844
845 wfProfileOut( __METHOD__ );
846 }
847
848 /**
849 * @deprecated Use wfSetupSession().
850 */
851 function SetupSession() {
852 wfDeprecated( __METHOD__ );
853 wfSetupSession();
854 }
855
856 /**
857 * Load user data from the session or login cookie. If there are no valid
858 * credentials, initialises the user as an anonymous user.
859 * @return \bool True if the user is logged in, false otherwise.
860 */
861 private function loadFromSession() {
862 global $wgMemc, $wgCookiePrefix, $wgExternalAuthType, $wgAutocreatePolicy;
863
864 $result = null;
865 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
866 if ( $result !== null ) {
867 return $result;
868 }
869
870 if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
871 $extUser = ExternalUser::newFromCookie();
872 if ( $extUser ) {
873 # TODO: Automatically create the user here (or probably a bit
874 # lower down, in fact)
875 }
876 }
877
878 if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
879 $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
880 if( isset( $_SESSION['wsUserID'] ) && $sId != $_SESSION['wsUserID'] ) {
881 $this->loadDefaults(); // Possible collision!
882 wfDebugLog( 'loginSessions', "Session user ID ({$_SESSION['wsUserID']}) and
883 cookie user ID ($sId) don't match!" );
884 return false;
885 }
886 $_SESSION['wsUserID'] = $sId;
887 } else if ( isset( $_SESSION['wsUserID'] ) ) {
888 if ( $_SESSION['wsUserID'] != 0 ) {
889 $sId = $_SESSION['wsUserID'];
890 } else {
891 $this->loadDefaults();
892 return false;
893 }
894 } else {
895 $this->loadDefaults();
896 return false;
897 }
898
899 if ( isset( $_SESSION['wsUserName'] ) ) {
900 $sName = $_SESSION['wsUserName'];
901 } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
902 $sName = $_COOKIE["{$wgCookiePrefix}UserName"];
903 $_SESSION['wsUserName'] = $sName;
904 } else {
905 $this->loadDefaults();
906 return false;
907 }
908
909 $passwordCorrect = FALSE;
910 $this->mId = $sId;
911 if ( !$this->loadFromId() ) {
912 # Not a valid ID, loadFromId has switched the object to anon for us
913 return false;
914 }
915
916 global $wgBlockDisablesLogin;
917 if( $wgBlockDisablesLogin && $this->isBlocked() ) {
918 # User blocked and we've disabled blocked user logins
919 $this->loadDefaults();
920 return false;
921 }
922
923 if ( isset( $_SESSION['wsToken'] ) ) {
924 $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
925 $from = 'session';
926 } else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
927 $passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
928 $from = 'cookie';
929 } else {
930 # No session or persistent login cookie
931 $this->loadDefaults();
932 return false;
933 }
934
935 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
936 $_SESSION['wsToken'] = $this->mToken;
937 wfDebug( "Logged in from $from\n" );
938 return true;
939 } else {
940 # Invalid credentials
941 wfDebug( "Can't log in from $from, invalid credentials\n" );
942 $this->loadDefaults();
943 return false;
944 }
945 }
946
947 /**
948 * Load user and user_group data from the database.
949 * $this::mId must be set, this is how the user is identified.
950 *
951 * @return \bool True if the user exists, false if the user is anonymous
952 * @private
953 */
954 function loadFromDatabase() {
955 # Paranoia
956 $this->mId = intval( $this->mId );
957
958 /** Anonymous user */
959 if( !$this->mId ) {
960 $this->loadDefaults();
961 return false;
962 }
963
964 $dbr = wfGetDB( DB_MASTER );
965 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
966
967 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
968
969 if ( $s !== false ) {
970 # Initialise user table data
971 $this->loadFromRow( $s );
972 $this->mGroups = null; // deferred
973 $this->getEditCount(); // revalidation for nulls
974 return true;
975 } else {
976 # Invalid user_id
977 $this->mId = 0;
978 $this->loadDefaults();
979 return false;
980 }
981 }
982
983 /**
984 * Initialize this object from a row from the user table.
985 *
986 * @param $row \type{\arrayof{\mixed}} Row from the user table to load.
987 */
988 function loadFromRow( $row ) {
989 $this->mDataLoaded = true;
990
991 if ( isset( $row->user_id ) ) {
992 $this->mId = intval( $row->user_id );
993 }
994 $this->mName = $row->user_name;
995 $this->mRealName = $row->user_real_name;
996 $this->mPassword = $row->user_password;
997 $this->mNewpassword = $row->user_newpassword;
998 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
999 $this->mEmail = $row->user_email;
1000 $this->decodeOptions( $row->user_options );
1001 $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
1002 $this->mToken = $row->user_token;
1003 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1004 $this->mEmailToken = $row->user_email_token;
1005 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1006 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1007 $this->mEditCount = $row->user_editcount;
1008 }
1009
1010 /**
1011 * Load the groups from the database if they aren't already loaded.
1012 * @private
1013 */
1014 function loadGroups() {
1015 if ( is_null( $this->mGroups ) ) {
1016 $dbr = wfGetDB( DB_MASTER );
1017 $res = $dbr->select( 'user_groups',
1018 array( 'ug_group' ),
1019 array( 'ug_user' => $this->mId ),
1020 __METHOD__ );
1021 $this->mGroups = array();
1022 while( $row = $dbr->fetchObject( $res ) ) {
1023 $this->mGroups[] = $row->ug_group;
1024 }
1025 }
1026 }
1027
1028 /**
1029 * Clear various cached data stored in this object.
1030 * @param $reloadFrom \string Reload user and user_groups table data from a
1031 * given source. May be "name", "id", "defaults", "session", or false for
1032 * no reload.
1033 */
1034 function clearInstanceCache( $reloadFrom = false ) {
1035 $this->mNewtalk = -1;
1036 $this->mDatePreference = null;
1037 $this->mBlockedby = -1; # Unset
1038 $this->mHash = false;
1039 $this->mSkin = null;
1040 $this->mRights = null;
1041 $this->mEffectiveGroups = null;
1042 $this->mOptions = null;
1043
1044 if ( $reloadFrom ) {
1045 $this->mDataLoaded = false;
1046 $this->mFrom = $reloadFrom;
1047 }
1048 }
1049
1050 /**
1051 * Combine the language default options with any site-specific options
1052 * and add the default language variants.
1053 *
1054 * @return \type{\arrayof{\string}} Array of options
1055 */
1056 static function getDefaultOptions() {
1057 global $wgNamespacesToBeSearchedDefault;
1058 /**
1059 * Site defaults will override the global/language defaults
1060 */
1061 global $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1062 $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptionOverrides();
1063
1064 /**
1065 * default language setting
1066 */
1067 $variant = $wgContLang->getPreferredVariant( false );
1068 $defOpt['variant'] = $variant;
1069 $defOpt['language'] = $variant;
1070 foreach( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1071 $defOpt['searchNs'.$nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1072 }
1073 $defOpt['skin'] = $wgDefaultSkin;
1074
1075 return $defOpt;
1076 }
1077
1078 /**
1079 * Get a given default option value.
1080 *
1081 * @param $opt \string Name of option to retrieve
1082 * @return \string Default option value
1083 */
1084 public static function getDefaultOption( $opt ) {
1085 $defOpts = self::getDefaultOptions();
1086 if( isset( $defOpts[$opt] ) ) {
1087 return $defOpts[$opt];
1088 } else {
1089 return null;
1090 }
1091 }
1092
1093 /**
1094 * Get a list of user toggle names
1095 * @return \type{\arrayof{\string}} Array of user toggle names
1096 */
1097 static function getToggles() {
1098 global $wgContLang, $wgUseRCPatrol;
1099 $extraToggles = array();
1100 wfRunHooks( 'UserToggles', array( &$extraToggles ) );
1101 if( $wgUseRCPatrol ) {
1102 $extraToggles[] = 'hidepatrolled';
1103 $extraToggles[] = 'newpageshidepatrolled';
1104 $extraToggles[] = 'watchlisthidepatrolled';
1105 }
1106 return array_merge( self::$mToggles, $extraToggles, $wgContLang->getExtraUserToggles() );
1107 }
1108
1109
1110 /**
1111 * Get blocking information
1112 * @private
1113 * @param $bFromSlave \bool Whether to check the slave database first. To
1114 * improve performance, non-critical checks are done
1115 * against slaves. Check when actually saving should be
1116 * done against master.
1117 */
1118 function getBlockedStatus( $bFromSlave = true ) {
1119 global $wgProxyWhitelist, $wgUser;
1120
1121 if ( -1 != $this->mBlockedby ) {
1122 wfDebug( "User::getBlockedStatus: already loaded.\n" );
1123 return;
1124 }
1125
1126 wfProfileIn( __METHOD__ );
1127 wfDebug( __METHOD__.": checking...\n" );
1128
1129 // Initialize data...
1130 // Otherwise something ends up stomping on $this->mBlockedby when
1131 // things get lazy-loaded later, causing false positive block hits
1132 // due to -1 !== 0. Probably session-related... Nothing should be
1133 // overwriting mBlockedby, surely?
1134 $this->load();
1135
1136 $this->mBlockedby = 0;
1137 $this->mHideName = 0;
1138 $this->mAllowUsertalk = 0;
1139
1140 # Check if we are looking at an IP or a logged-in user
1141 if ( $this->isIP( $this->getName() ) ) {
1142 $ip = $this->getName();
1143 } else {
1144 # Check if we are looking at the current user
1145 # If we don't, and the user is logged in, we don't know about
1146 # his IP / autoblock status, so ignore autoblock of current user's IP
1147 if ( $this->getID() != $wgUser->getID() ) {
1148 $ip = '';
1149 } else {
1150 # Get IP of current user
1151 $ip = wfGetIP();
1152 }
1153 }
1154
1155 if ( $this->isAllowed( 'ipblock-exempt' ) ) {
1156 # Exempt from all types of IP-block
1157 $ip = '';
1158 }
1159
1160 # User/IP blocking
1161 $this->mBlock = new Block();
1162 $this->mBlock->fromMaster( !$bFromSlave );
1163 if ( $this->mBlock->load( $ip , $this->mId ) ) {
1164 wfDebug( __METHOD__ . ": Found block.\n" );
1165 $this->mBlockedby = $this->mBlock->mBy;
1166 if( $this->mBlockedby == 0 )
1167 $this->mBlockedby = $this->mBlock->mByName;
1168 $this->mBlockreason = $this->mBlock->mReason;
1169 $this->mHideName = $this->mBlock->mHideName;
1170 $this->mAllowUsertalk = $this->mBlock->mAllowUsertalk;
1171 if ( $this->isLoggedIn() && $wgUser->getID() == $this->getID() ) {
1172 $this->spreadBlock();
1173 }
1174 } else {
1175 // Bug 13611: don't remove mBlock here, to allow account creation blocks to
1176 // apply to users. Note that the existence of $this->mBlock is not used to
1177 // check for edit blocks, $this->mBlockedby is instead.
1178 }
1179
1180 # Proxy blocking
1181 if ( !$this->isAllowed( 'proxyunbannable' ) && !in_array( $ip, $wgProxyWhitelist ) ) {
1182 # Local list
1183 if ( wfIsLocallyBlockedProxy( $ip ) ) {
1184 $this->mBlockedby = wfMsg( 'proxyblocker' );
1185 $this->mBlockreason = wfMsg( 'proxyblockreason' );
1186 }
1187
1188 # DNSBL
1189 if ( !$this->mBlockedby && !$this->getID() ) {
1190 if ( $this->isDnsBlacklisted( $ip ) ) {
1191 $this->mBlockedby = wfMsg( 'sorbs' );
1192 $this->mBlockreason = wfMsg( 'sorbsreason' );
1193 }
1194 }
1195 }
1196
1197 # Extensions
1198 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1199
1200 wfProfileOut( __METHOD__ );
1201 }
1202
1203 /**
1204 * Whether the given IP is in a DNS blacklist.
1205 *
1206 * @param $ip \string IP to check
1207 * @param $checkWhitelist Boolean: whether to check the whitelist first
1208 * @return \bool True if blacklisted.
1209 */
1210 function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1211 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1212 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1213
1214 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs )
1215 return false;
1216
1217 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) )
1218 return false;
1219
1220 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1221 return $this->inDnsBlacklist( $ip, $urls );
1222 }
1223
1224 /**
1225 * Whether the given IP is in a given DNS blacklist.
1226 *
1227 * @param $ip \string IP to check
1228 * @param $bases \string or Array of Strings: URL of the DNS blacklist
1229 * @return \bool True if blacklisted.
1230 */
1231 function inDnsBlacklist( $ip, $bases ) {
1232 wfProfileIn( __METHOD__ );
1233
1234 $found = false;
1235 $host = '';
1236 // FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1237 if( IP::isIPv4( $ip ) ) {
1238 # Reverse IP, bug 21255
1239 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1240
1241 foreach( (array)$bases as $base ) {
1242 # Make hostname
1243 $host = "$ipReversed.$base";
1244
1245 # Send query
1246 $ipList = gethostbynamel( $host );
1247
1248 if( $ipList ) {
1249 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1250 $found = true;
1251 break;
1252 } else {
1253 wfDebug( "Requested $host, not found in $base.\n" );
1254 }
1255 }
1256 }
1257
1258 wfProfileOut( __METHOD__ );
1259 return $found;
1260 }
1261
1262 /**
1263 * Is this user subject to rate limiting?
1264 *
1265 * @return \bool True if rate limited
1266 */
1267 public function isPingLimitable() {
1268 global $wgRateLimitsExcludedGroups;
1269 global $wgRateLimitsExcludedIPs;
1270 if( array_intersect( $this->getEffectiveGroups(), $wgRateLimitsExcludedGroups ) ) {
1271 // Deprecated, but kept for backwards-compatibility config
1272 return false;
1273 }
1274 if( in_array( wfGetIP(), $wgRateLimitsExcludedIPs ) ) {
1275 // No other good way currently to disable rate limits
1276 // for specific IPs. :P
1277 // But this is a crappy hack and should die.
1278 return false;
1279 }
1280 return !$this->isAllowed('noratelimit');
1281 }
1282
1283 /**
1284 * Primitive rate limits: enforce maximum actions per time period
1285 * to put a brake on flooding.
1286 *
1287 * @note When using a shared cache like memcached, IP-address
1288 * last-hit counters will be shared across wikis.
1289 *
1290 * @param $action \string Action to enforce; 'edit' if unspecified
1291 * @return \bool True if a rate limiter was tripped
1292 */
1293 function pingLimiter( $action = 'edit' ) {
1294 # Call the 'PingLimiter' hook
1295 $result = false;
1296 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1297 return $result;
1298 }
1299
1300 global $wgRateLimits;
1301 if( !isset( $wgRateLimits[$action] ) ) {
1302 return false;
1303 }
1304
1305 # Some groups shouldn't trigger the ping limiter, ever
1306 if( !$this->isPingLimitable() )
1307 return false;
1308
1309 global $wgMemc, $wgRateLimitLog;
1310 wfProfileIn( __METHOD__ );
1311
1312 $limits = $wgRateLimits[$action];
1313 $keys = array();
1314 $id = $this->getId();
1315 $ip = wfGetIP();
1316 $userLimit = false;
1317
1318 if( isset( $limits['anon'] ) && $id == 0 ) {
1319 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1320 }
1321
1322 if( isset( $limits['user'] ) && $id != 0 ) {
1323 $userLimit = $limits['user'];
1324 }
1325 if( $this->isNewbie() ) {
1326 if( isset( $limits['newbie'] ) && $id != 0 ) {
1327 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1328 }
1329 if( isset( $limits['ip'] ) ) {
1330 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1331 }
1332 $matches = array();
1333 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1334 $subnet = $matches[1];
1335 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1336 }
1337 }
1338 // Check for group-specific permissions
1339 // If more than one group applies, use the group with the highest limit
1340 foreach ( $this->getGroups() as $group ) {
1341 if ( isset( $limits[$group] ) ) {
1342 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1343 $userLimit = $limits[$group];
1344 }
1345 }
1346 }
1347 // Set the user limit key
1348 if ( $userLimit !== false ) {
1349 wfDebug( __METHOD__ . ": effective user limit: $userLimit\n" );
1350 $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
1351 }
1352
1353 $triggered = false;
1354 foreach( $keys as $key => $limit ) {
1355 list( $max, $period ) = $limit;
1356 $summary = "(limit $max in {$period}s)";
1357 $count = $wgMemc->get( $key );
1358 // Already pinged?
1359 if( $count ) {
1360 if( $count > $max ) {
1361 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1362 if( $wgRateLimitLog ) {
1363 @error_log( wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", 3, $wgRateLimitLog );
1364 }
1365 $triggered = true;
1366 } else {
1367 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1368 }
1369 } else {
1370 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1371 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1372 }
1373 $wgMemc->incr( $key );
1374 }
1375
1376 wfProfileOut( __METHOD__ );
1377 return $triggered;
1378 }
1379
1380 /**
1381 * Check if user is blocked
1382 *
1383 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1384 * @return \bool True if blocked, false otherwise
1385 */
1386 function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1387 wfDebug( "User::isBlocked: enter\n" );
1388 $this->getBlockedStatus( $bFromSlave );
1389 return $this->mBlockedby !== 0;
1390 }
1391
1392 /**
1393 * Check if user is blocked from editing a particular article
1394 *
1395 * @param $title \string Title to check
1396 * @param $bFromSlave \bool Whether to check the slave database instead of the master
1397 * @return \bool True if blocked, false otherwise
1398 */
1399 function isBlockedFrom( $title, $bFromSlave = false ) {
1400 global $wgBlockAllowsUTEdit;
1401 wfProfileIn( __METHOD__ );
1402 wfDebug( __METHOD__ . ": enter\n" );
1403
1404 wfDebug( __METHOD__ . ": asking isBlocked()\n" );
1405 $blocked = $this->isBlocked( $bFromSlave );
1406 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1407 # If a user's name is suppressed, they cannot make edits anywhere
1408 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1409 $title->getNamespace() == NS_USER_TALK ) {
1410 $blocked = false;
1411 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1412 }
1413
1414 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1415
1416 wfProfileOut( __METHOD__ );
1417 return $blocked;
1418 }
1419
1420 /**
1421 * If user is blocked, return the name of the user who placed the block
1422 * @return \string name of blocker
1423 */
1424 function blockedBy() {
1425 $this->getBlockedStatus();
1426 return $this->mBlockedby;
1427 }
1428
1429 /**
1430 * If user is blocked, return the specified reason for the block
1431 * @return \string Blocking reason
1432 */
1433 function blockedFor() {
1434 $this->getBlockedStatus();
1435 return $this->mBlockreason;
1436 }
1437
1438 /**
1439 * If user is blocked, return the ID for the block
1440 * @return \int Block ID
1441 */
1442 function getBlockId() {
1443 $this->getBlockedStatus();
1444 return ( $this->mBlock ? $this->mBlock->mId : false );
1445 }
1446
1447 /**
1448 * Check if user is blocked on all wikis.
1449 * Do not use for actual edit permission checks!
1450 * This is intented for quick UI checks.
1451 *
1452 * @param $ip \type{\string} IP address, uses current client if none given
1453 * @return \type{\bool} True if blocked, false otherwise
1454 */
1455 function isBlockedGlobally( $ip = '' ) {
1456 if( $this->mBlockedGlobally !== null ) {
1457 return $this->mBlockedGlobally;
1458 }
1459 // User is already an IP?
1460 if( IP::isIPAddress( $this->getName() ) ) {
1461 $ip = $this->getName();
1462 } else if( !$ip ) {
1463 $ip = wfGetIP();
1464 }
1465 $blocked = false;
1466 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1467 $this->mBlockedGlobally = (bool)$blocked;
1468 return $this->mBlockedGlobally;
1469 }
1470
1471 /**
1472 * Check if user account is locked
1473 *
1474 * @return \type{\bool} True if locked, false otherwise
1475 */
1476 function isLocked() {
1477 if( $this->mLocked !== null ) {
1478 return $this->mLocked;
1479 }
1480 global $wgAuth;
1481 $authUser = $wgAuth->getUserInstance( $this );
1482 $this->mLocked = (bool)$authUser->isLocked();
1483 return $this->mLocked;
1484 }
1485
1486 /**
1487 * Check if user account is hidden
1488 *
1489 * @return \type{\bool} True if hidden, false otherwise
1490 */
1491 function isHidden() {
1492 if( $this->mHideName !== null ) {
1493 return $this->mHideName;
1494 }
1495 $this->getBlockedStatus();
1496 if( !$this->mHideName ) {
1497 global $wgAuth;
1498 $authUser = $wgAuth->getUserInstance( $this );
1499 $this->mHideName = (bool)$authUser->isHidden();
1500 }
1501 return $this->mHideName;
1502 }
1503
1504 /**
1505 * Get the user's ID.
1506 * @return \int The user's ID; 0 if the user is anonymous or nonexistent
1507 */
1508 function getId() {
1509 if( $this->mId === null and $this->mName !== null
1510 and User::isIP( $this->mName ) ) {
1511 // Special case, we know the user is anonymous
1512 return 0;
1513 } elseif( $this->mId === null ) {
1514 // Don't load if this was initialized from an ID
1515 $this->load();
1516 }
1517 return $this->mId;
1518 }
1519
1520 /**
1521 * Set the user and reload all fields according to a given ID
1522 * @param $v \int User ID to reload
1523 */
1524 function setId( $v ) {
1525 $this->mId = $v;
1526 $this->clearInstanceCache( 'id' );
1527 }
1528
1529 /**
1530 * Get the user name, or the IP of an anonymous user
1531 * @return \string User's name or IP address
1532 */
1533 function getName() {
1534 if ( !$this->mDataLoaded && $this->mFrom == 'name' ) {
1535 # Special case optimisation
1536 return $this->mName;
1537 } else {
1538 $this->load();
1539 if ( $this->mName === false ) {
1540 # Clean up IPs
1541 $this->mName = IP::sanitizeIP( wfGetIP() );
1542 }
1543 return $this->mName;
1544 }
1545 }
1546
1547 /**
1548 * Set the user name.
1549 *
1550 * This does not reload fields from the database according to the given
1551 * name. Rather, it is used to create a temporary "nonexistent user" for
1552 * later addition to the database. It can also be used to set the IP
1553 * address for an anonymous user to something other than the current
1554 * remote IP.
1555 *
1556 * @note User::newFromName() has rougly the same function, when the named user
1557 * does not exist.
1558 * @param $str \string New user name to set
1559 */
1560 function setName( $str ) {
1561 $this->load();
1562 $this->mName = $str;
1563 }
1564
1565 /**
1566 * Get the user's name escaped by underscores.
1567 * @return \string Username escaped by underscores.
1568 */
1569 function getTitleKey() {
1570 return str_replace( ' ', '_', $this->getName() );
1571 }
1572
1573 /**
1574 * Check if the user has new messages.
1575 * @return \bool True if the user has new messages
1576 */
1577 function getNewtalk() {
1578 $this->load();
1579
1580 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1581 if( $this->mNewtalk === -1 ) {
1582 $this->mNewtalk = false; # reset talk page status
1583
1584 # Check memcached separately for anons, who have no
1585 # entire User object stored in there.
1586 if( !$this->mId ) {
1587 global $wgMemc;
1588 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1589 $newtalk = $wgMemc->get( $key );
1590 if( strval( $newtalk ) !== '' ) {
1591 $this->mNewtalk = (bool)$newtalk;
1592 } else {
1593 // Since we are caching this, make sure it is up to date by getting it
1594 // from the master
1595 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1596 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1597 }
1598 } else {
1599 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1600 }
1601 }
1602
1603 return (bool)$this->mNewtalk;
1604 }
1605
1606 /**
1607 * Return the talk page(s) this user has new messages on.
1608 * @return \type{\arrayof{\string}} Array of page URLs
1609 */
1610 function getNewMessageLinks() {
1611 $talks = array();
1612 if( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) )
1613 return $talks;
1614
1615 if( !$this->getNewtalk() )
1616 return array();
1617 $up = $this->getUserPage();
1618 $utp = $up->getTalkPage();
1619 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL() ) );
1620 }
1621
1622 /**
1623 * Internal uncached check for new messages
1624 *
1625 * @see getNewtalk()
1626 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1627 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1628 * @param $fromMaster \bool true to fetch from the master, false for a slave
1629 * @return \bool True if the user has new messages
1630 * @private
1631 */
1632 function checkNewtalk( $field, $id, $fromMaster = false ) {
1633 if ( $fromMaster ) {
1634 $db = wfGetDB( DB_MASTER );
1635 } else {
1636 $db = wfGetDB( DB_SLAVE );
1637 }
1638 $ok = $db->selectField( 'user_newtalk', $field,
1639 array( $field => $id ), __METHOD__ );
1640 return $ok !== false;
1641 }
1642
1643 /**
1644 * Add or update the new messages flag
1645 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1646 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1647 * @return \bool True if successful, false otherwise
1648 * @private
1649 */
1650 function updateNewtalk( $field, $id ) {
1651 $dbw = wfGetDB( DB_MASTER );
1652 $dbw->insert( 'user_newtalk',
1653 array( $field => $id ),
1654 __METHOD__,
1655 'IGNORE' );
1656 if ( $dbw->affectedRows() ) {
1657 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1658 return true;
1659 } else {
1660 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1661 return false;
1662 }
1663 }
1664
1665 /**
1666 * Clear the new messages flag for the given user
1667 * @param $field \string 'user_ip' for anonymous users, 'user_id' otherwise
1668 * @param $id \types{\string,\int} User's IP address for anonymous users, User ID otherwise
1669 * @return \bool True if successful, false otherwise
1670 * @private
1671 */
1672 function deleteNewtalk( $field, $id ) {
1673 $dbw = wfGetDB( DB_MASTER );
1674 $dbw->delete( 'user_newtalk',
1675 array( $field => $id ),
1676 __METHOD__ );
1677 if ( $dbw->affectedRows() ) {
1678 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1679 return true;
1680 } else {
1681 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1682 return false;
1683 }
1684 }
1685
1686 /**
1687 * Update the 'You have new messages!' status.
1688 * @param $val \bool Whether the user has new messages
1689 */
1690 function setNewtalk( $val ) {
1691 if( wfReadOnly() ) {
1692 return;
1693 }
1694
1695 $this->load();
1696 $this->mNewtalk = $val;
1697
1698 if( $this->isAnon() ) {
1699 $field = 'user_ip';
1700 $id = $this->getName();
1701 } else {
1702 $field = 'user_id';
1703 $id = $this->getId();
1704 }
1705 global $wgMemc;
1706
1707 if( $val ) {
1708 $changed = $this->updateNewtalk( $field, $id );
1709 } else {
1710 $changed = $this->deleteNewtalk( $field, $id );
1711 }
1712
1713 if( $this->isAnon() ) {
1714 // Anons have a separate memcached space, since
1715 // user records aren't kept for them.
1716 $key = wfMemcKey( 'newtalk', 'ip', $id );
1717 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1718 }
1719 if ( $changed ) {
1720 $this->invalidateCache();
1721 }
1722 }
1723
1724 /**
1725 * Generate a current or new-future timestamp to be stored in the
1726 * user_touched field when we update things.
1727 * @return \string Timestamp in TS_MW format
1728 */
1729 private static function newTouchedTimestamp() {
1730 global $wgClockSkewFudge;
1731 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1732 }
1733
1734 /**
1735 * Clear user data from memcached.
1736 * Use after applying fun updates to the database; caller's
1737 * responsibility to update user_touched if appropriate.
1738 *
1739 * Called implicitly from invalidateCache() and saveSettings().
1740 */
1741 private function clearSharedCache() {
1742 $this->load();
1743 if( $this->mId ) {
1744 global $wgMemc;
1745 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1746 }
1747 }
1748
1749 /**
1750 * Immediately touch the user data cache for this account.
1751 * Updates user_touched field, and removes account data from memcached
1752 * for reload on the next hit.
1753 */
1754 function invalidateCache() {
1755 if( wfReadOnly() ) {
1756 return;
1757 }
1758 $this->load();
1759 if( $this->mId ) {
1760 $this->mTouched = self::newTouchedTimestamp();
1761
1762 $dbw = wfGetDB( DB_MASTER );
1763 $dbw->update( 'user',
1764 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1765 array( 'user_id' => $this->mId ),
1766 __METHOD__ );
1767
1768 $this->clearSharedCache();
1769 }
1770 }
1771
1772 /**
1773 * Validate the cache for this account.
1774 * @param $timestamp \string A timestamp in TS_MW format
1775 */
1776 function validateCache( $timestamp ) {
1777 $this->load();
1778 return ( $timestamp >= $this->mTouched );
1779 }
1780
1781 /**
1782 * Get the user touched timestamp
1783 */
1784 function getTouched() {
1785 $this->load();
1786 return $this->mTouched;
1787 }
1788
1789 /**
1790 * Set the password and reset the random token.
1791 * Calls through to authentication plugin if necessary;
1792 * will have no effect if the auth plugin refuses to
1793 * pass the change through or if the legal password
1794 * checks fail.
1795 *
1796 * As a special case, setting the password to null
1797 * wipes it, so the account cannot be logged in until
1798 * a new password is set, for instance via e-mail.
1799 *
1800 * @param $str \string New password to set
1801 * @throws PasswordError on failure
1802 */
1803 function setPassword( $str ) {
1804 global $wgAuth;
1805
1806 if( $str !== null ) {
1807 if( !$wgAuth->allowPasswordChange() ) {
1808 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1809 }
1810
1811 if( !$this->isValidPassword( $str ) ) {
1812 global $wgMinimalPasswordLength;
1813 $valid = $this->getPasswordValidity( $str );
1814 throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
1815 $wgMinimalPasswordLength ) );
1816 }
1817 }
1818
1819 if( !$wgAuth->setPassword( $this, $str ) ) {
1820 throw new PasswordError( wfMsg( 'externaldberror' ) );
1821 }
1822
1823 $this->setInternalPassword( $str );
1824
1825 return true;
1826 }
1827
1828 /**
1829 * Set the password and reset the random token unconditionally.
1830 *
1831 * @param $str \string New password to set
1832 */
1833 function setInternalPassword( $str ) {
1834 $this->load();
1835 $this->setToken();
1836
1837 if( $str === null ) {
1838 // Save an invalid hash...
1839 $this->mPassword = '';
1840 } else {
1841 $this->mPassword = self::crypt( $str );
1842 }
1843 $this->mNewpassword = '';
1844 $this->mNewpassTime = null;
1845 }
1846
1847 /**
1848 * Get the user's current token.
1849 * @return \string Token
1850 */
1851 function getToken() {
1852 $this->load();
1853 return $this->mToken;
1854 }
1855
1856 /**
1857 * Set the random token (used for persistent authentication)
1858 * Called from loadDefaults() among other places.
1859 *
1860 * @param $token \string If specified, set the token to this value
1861 * @private
1862 */
1863 function setToken( $token = false ) {
1864 global $wgSecretKey, $wgProxyKey;
1865 $this->load();
1866 if ( !$token ) {
1867 if ( $wgSecretKey ) {
1868 $key = $wgSecretKey;
1869 } elseif ( $wgProxyKey ) {
1870 $key = $wgProxyKey;
1871 } else {
1872 $key = microtime();
1873 }
1874 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
1875 } else {
1876 $this->mToken = $token;
1877 }
1878 }
1879
1880 /**
1881 * Set the cookie password
1882 *
1883 * @param $str \string New cookie password
1884 * @private
1885 */
1886 function setCookiePassword( $str ) {
1887 $this->load();
1888 $this->mCookiePassword = md5( $str );
1889 }
1890
1891 /**
1892 * Set the password for a password reminder or new account email
1893 *
1894 * @param $str \string New password to set
1895 * @param $throttle \bool If true, reset the throttle timestamp to the present
1896 */
1897 function setNewpassword( $str, $throttle = true ) {
1898 $this->load();
1899 $this->mNewpassword = self::crypt( $str );
1900 if ( $throttle ) {
1901 $this->mNewpassTime = wfTimestampNow();
1902 }
1903 }
1904
1905 /**
1906 * Has password reminder email been sent within the last
1907 * $wgPasswordReminderResendTime hours?
1908 * @return \bool True or false
1909 */
1910 function isPasswordReminderThrottled() {
1911 global $wgPasswordReminderResendTime;
1912 $this->load();
1913 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
1914 return false;
1915 }
1916 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
1917 return time() < $expiry;
1918 }
1919
1920 /**
1921 * Get the user's e-mail address
1922 * @return \string User's email address
1923 */
1924 function getEmail() {
1925 $this->load();
1926 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
1927 return $this->mEmail;
1928 }
1929
1930 /**
1931 * Get the timestamp of the user's e-mail authentication
1932 * @return \string TS_MW timestamp
1933 */
1934 function getEmailAuthenticationTimestamp() {
1935 $this->load();
1936 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
1937 return $this->mEmailAuthenticated;
1938 }
1939
1940 /**
1941 * Set the user's e-mail address
1942 * @param $str \string New e-mail address
1943 */
1944 function setEmail( $str ) {
1945 $this->load();
1946 $this->mEmail = $str;
1947 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
1948 }
1949
1950 /**
1951 * Get the user's real name
1952 * @return \string User's real name
1953 */
1954 function getRealName() {
1955 $this->load();
1956 return $this->mRealName;
1957 }
1958
1959 /**
1960 * Set the user's real name
1961 * @param $str \string New real name
1962 */
1963 function setRealName( $str ) {
1964 $this->load();
1965 $this->mRealName = $str;
1966 }
1967
1968 /**
1969 * Get the user's current setting for a given option.
1970 *
1971 * @param $oname \string The option to check
1972 * @param $defaultOverride \string A default value returned if the option does not exist
1973 * @return \string User's current value for the option
1974 * @see getBoolOption()
1975 * @see getIntOption()
1976 */
1977 function getOption( $oname, $defaultOverride = null ) {
1978 $this->loadOptions();
1979
1980 if ( is_null( $this->mOptions ) ) {
1981 if($defaultOverride != '') {
1982 return $defaultOverride;
1983 }
1984 $this->mOptions = User::getDefaultOptions();
1985 }
1986
1987 if ( array_key_exists( $oname, $this->mOptions ) ) {
1988 return $this->mOptions[$oname];
1989 } else {
1990 return $defaultOverride;
1991 }
1992 }
1993
1994 /**
1995 * Get all user's options
1996 *
1997 * @return array
1998 */
1999 public function getOptions() {
2000 $this->loadOptions();
2001 return $this->mOptions;
2002 }
2003
2004 /**
2005 * Get the user's current setting for a given option, as a boolean value.
2006 *
2007 * @param $oname \string The option to check
2008 * @return \bool User's current value for the option
2009 * @see getOption()
2010 */
2011 function getBoolOption( $oname ) {
2012 return (bool)$this->getOption( $oname );
2013 }
2014
2015
2016 /**
2017 * Get the user's current setting for a given option, as a boolean value.
2018 *
2019 * @param $oname \string The option to check
2020 * @param $defaultOverride \int A default value returned if the option does not exist
2021 * @return \int User's current value for the option
2022 * @see getOption()
2023 */
2024 function getIntOption( $oname, $defaultOverride=0 ) {
2025 $val = $this->getOption( $oname );
2026 if( $val == '' ) {
2027 $val = $defaultOverride;
2028 }
2029 return intval( $val );
2030 }
2031
2032 /**
2033 * Set the given option for a user.
2034 *
2035 * @param $oname \string The option to set
2036 * @param $val \mixed New value to set
2037 */
2038 function setOption( $oname, $val ) {
2039 $this->load();
2040 $this->loadOptions();
2041
2042 if ( $oname == 'skin' ) {
2043 # Clear cached skin, so the new one displays immediately in Special:Preferences
2044 unset( $this->mSkin );
2045 }
2046
2047 // Explicitly NULL values should refer to defaults
2048 global $wgDefaultUserOptions;
2049 if( is_null( $val ) && isset( $wgDefaultUserOptions[$oname] ) ) {
2050 $val = $wgDefaultUserOptions[$oname];
2051 }
2052
2053 $this->mOptions[$oname] = $val;
2054 }
2055
2056 /**
2057 * Reset all options to the site defaults
2058 */
2059 function resetOptions() {
2060 $this->mOptions = User::getDefaultOptions();
2061 }
2062
2063 /**
2064 * Get the user's preferred date format.
2065 * @return \string User's preferred date format
2066 */
2067 function getDatePreference() {
2068 // Important migration for old data rows
2069 if ( is_null( $this->mDatePreference ) ) {
2070 global $wgLang;
2071 $value = $this->getOption( 'date' );
2072 $map = $wgLang->getDatePreferenceMigrationMap();
2073 if ( isset( $map[$value] ) ) {
2074 $value = $map[$value];
2075 }
2076 $this->mDatePreference = $value;
2077 }
2078 return $this->mDatePreference;
2079 }
2080
2081 /**
2082 * Get the permissions this user has.
2083 * @return \type{\arrayof{\string}} Array of permission names
2084 */
2085 function getRights() {
2086 if ( is_null( $this->mRights ) ) {
2087 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2088 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2089 // Force reindexation of rights when a hook has unset one of them
2090 $this->mRights = array_values( $this->mRights );
2091 }
2092 return $this->mRights;
2093 }
2094
2095 /**
2096 * Get the list of explicit group memberships this user has.
2097 * The implicit * and user groups are not included.
2098 * @return \type{\arrayof{\string}} Array of internal group names
2099 */
2100 function getGroups() {
2101 $this->load();
2102 return $this->mGroups;
2103 }
2104
2105 /**
2106 * Get the list of implicit group memberships this user has.
2107 * This includes all explicit groups, plus 'user' if logged in,
2108 * '*' for all accounts and autopromoted groups
2109 * @param $recache \bool Whether to avoid the cache
2110 * @return \type{\arrayof{\string}} Array of internal group names
2111 */
2112 function getEffectiveGroups( $recache = false ) {
2113 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2114 wfProfileIn( __METHOD__ );
2115 $this->mEffectiveGroups = $this->getGroups();
2116 $this->mEffectiveGroups[] = '*';
2117 if( $this->getId() ) {
2118 $this->mEffectiveGroups[] = 'user';
2119
2120 $this->mEffectiveGroups = array_unique( array_merge(
2121 $this->mEffectiveGroups,
2122 Autopromote::getAutopromoteGroups( $this )
2123 ) );
2124
2125 # Hook for additional groups
2126 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2127 }
2128 wfProfileOut( __METHOD__ );
2129 }
2130 return $this->mEffectiveGroups;
2131 }
2132
2133 /**
2134 * Get the user's edit count.
2135 * @return \int User'e edit count
2136 */
2137 function getEditCount() {
2138 if( $this->getId() ) {
2139 if ( !isset( $this->mEditCount ) ) {
2140 /* Populate the count, if it has not been populated yet */
2141 $this->mEditCount = User::edits( $this->mId );
2142 }
2143 return $this->mEditCount;
2144 } else {
2145 /* nil */
2146 return null;
2147 }
2148 }
2149
2150 /**
2151 * Add the user to the given group.
2152 * This takes immediate effect.
2153 * @param $group \string Name of the group to add
2154 */
2155 function addGroup( $group ) {
2156 $dbw = wfGetDB( DB_MASTER );
2157 if( $this->getId() ) {
2158 $dbw->insert( 'user_groups',
2159 array(
2160 'ug_user' => $this->getID(),
2161 'ug_group' => $group,
2162 ),
2163 'User::addGroup',
2164 array( 'IGNORE' ) );
2165 }
2166
2167 $this->loadGroups();
2168 $this->mGroups[] = $group;
2169 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2170
2171 $this->invalidateCache();
2172 }
2173
2174 /**
2175 * Remove the user from the given group.
2176 * This takes immediate effect.
2177 * @param $group \string Name of the group to remove
2178 */
2179 function removeGroup( $group ) {
2180 $this->load();
2181 $dbw = wfGetDB( DB_MASTER );
2182 $dbw->delete( 'user_groups',
2183 array(
2184 'ug_user' => $this->getID(),
2185 'ug_group' => $group,
2186 ),
2187 'User::removeGroup' );
2188
2189 $this->loadGroups();
2190 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2191 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
2192
2193 $this->invalidateCache();
2194 }
2195
2196 /**
2197 * Get whether the user is logged in
2198 * @return \bool True or false
2199 */
2200 function isLoggedIn() {
2201 return $this->getID() != 0;
2202 }
2203
2204 /**
2205 * Get whether the user is anonymous
2206 * @return \bool True or false
2207 */
2208 function isAnon() {
2209 return !$this->isLoggedIn();
2210 }
2211
2212 /**
2213 * Get whether the user is a bot
2214 * @return \bool True or false
2215 * @deprecated
2216 */
2217 function isBot() {
2218 wfDeprecated( __METHOD__ );
2219 return $this->isAllowed( 'bot' );
2220 }
2221
2222 /**
2223 * Check if user is allowed to access a feature / make an action
2224 * @param $action \string action to be checked
2225 * @return \bool True if action is allowed, else false
2226 */
2227 function isAllowed( $action = '' ) {
2228 if ( $action === '' )
2229 return true; // In the spirit of DWIM
2230 # Patrolling may not be enabled
2231 if( $action === 'patrol' || $action === 'autopatrol' ) {
2232 global $wgUseRCPatrol, $wgUseNPPatrol;
2233 if( !$wgUseRCPatrol && !$wgUseNPPatrol )
2234 return false;
2235 }
2236 # Use strict parameter to avoid matching numeric 0 accidentally inserted
2237 # by misconfiguration: 0 == 'foo'
2238 return in_array( $action, $this->getRights(), true );
2239 }
2240
2241 /**
2242 * Check whether to enable recent changes patrol features for this user
2243 * @return \bool True or false
2244 */
2245 public function useRCPatrol() {
2246 global $wgUseRCPatrol;
2247 return( $wgUseRCPatrol && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2248 }
2249
2250 /**
2251 * Check whether to enable new pages patrol features for this user
2252 * @return \bool True or false
2253 */
2254 public function useNPPatrol() {
2255 global $wgUseRCPatrol, $wgUseNPPatrol;
2256 return( ( $wgUseRCPatrol || $wgUseNPPatrol ) && ( $this->isAllowed( 'patrol' ) || $this->isAllowed( 'patrolmarks' ) ) );
2257 }
2258
2259 /**
2260 * Get the current skin, loading it if required, and setting a title
2261 * @param $t Title: the title to use in the skin
2262 * @return Skin The current skin
2263 * @todo FIXME : need to check the old failback system [AV]
2264 */
2265 function &getSkin( $t = null ) {
2266 if ( !isset( $this->mSkin ) ) {
2267 wfProfileIn( __METHOD__ );
2268
2269 global $wgHiddenPrefs;
2270 if( !in_array( 'skin', $wgHiddenPrefs ) ) {
2271 # get the user skin
2272 global $wgRequest;
2273 $userSkin = $this->getOption( 'skin' );
2274 $userSkin = $wgRequest->getVal( 'useskin', $userSkin );
2275 } else {
2276 # if we're not allowing users to override, then use the default
2277 global $wgDefaultSkin;
2278 $userSkin = $wgDefaultSkin;
2279 }
2280
2281 $this->mSkin =& Skin::newFromKey( $userSkin );
2282 wfProfileOut( __METHOD__ );
2283 }
2284 if( $t || !$this->mSkin->getTitle() ) {
2285 if ( !$t ) {
2286 global $wgOut;
2287 $t = $wgOut->getTitle();
2288 }
2289 $this->mSkin->setTitle( $t );
2290 }
2291 return $this->mSkin;
2292 }
2293
2294 /**
2295 * Check the watched status of an article.
2296 * @param $title \type{Title} Title of the article to look at
2297 * @return \bool True if article is watched
2298 */
2299 function isWatched( $title ) {
2300 $wl = WatchedItem::fromUserTitle( $this, $title );
2301 return $wl->isWatched();
2302 }
2303
2304 /**
2305 * Watch an article.
2306 * @param $title \type{Title} Title of the article to look at
2307 */
2308 function addWatch( $title ) {
2309 $wl = WatchedItem::fromUserTitle( $this, $title );
2310 $wl->addWatch();
2311 $this->invalidateCache();
2312 }
2313
2314 /**
2315 * Stop watching an article.
2316 * @param $title \type{Title} Title of the article to look at
2317 */
2318 function removeWatch( $title ) {
2319 $wl = WatchedItem::fromUserTitle( $this, $title );
2320 $wl->removeWatch();
2321 $this->invalidateCache();
2322 }
2323
2324 /**
2325 * Clear the user's notification timestamp for the given title.
2326 * If e-notif e-mails are on, they will receive notification mails on
2327 * the next change of the page if it's watched etc.
2328 * @param $title \type{Title} Title of the article to look at
2329 */
2330 function clearNotification( &$title ) {
2331 global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
2332
2333 # Do nothing if the database is locked to writes
2334 if( wfReadOnly() ) {
2335 return;
2336 }
2337
2338 if( $title->getNamespace() == NS_USER_TALK &&
2339 $title->getText() == $this->getName() ) {
2340 if( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) )
2341 return;
2342 $this->setNewtalk( false );
2343 }
2344
2345 if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2346 return;
2347 }
2348
2349 if( $this->isAnon() ) {
2350 // Nothing else to do...
2351 return;
2352 }
2353
2354 // Only update the timestamp if the page is being watched.
2355 // The query to find out if it is watched is cached both in memcached and per-invocation,
2356 // and when it does have to be executed, it can be on a slave
2357 // If this is the user's newtalk page, we always update the timestamp
2358 if( $title->getNamespace() == NS_USER_TALK &&
2359 $title->getText() == $wgUser->getName() )
2360 {
2361 $watched = true;
2362 } elseif ( $this->getId() == $wgUser->getId() ) {
2363 $watched = $title->userIsWatching();
2364 } else {
2365 $watched = true;
2366 }
2367
2368 // If the page is watched by the user (or may be watched), update the timestamp on any
2369 // any matching rows
2370 if ( $watched ) {
2371 $dbw = wfGetDB( DB_MASTER );
2372 $dbw->update( 'watchlist',
2373 array( /* SET */
2374 'wl_notificationtimestamp' => null
2375 ), array( /* WHERE */
2376 'wl_title' => $title->getDBkey(),
2377 'wl_namespace' => $title->getNamespace(),
2378 'wl_user' => $this->getID()
2379 ), __METHOD__
2380 );
2381 }
2382 }
2383
2384 /**
2385 * Resets all of the given user's page-change notification timestamps.
2386 * If e-notif e-mails are on, they will receive notification mails on
2387 * the next change of any watched page.
2388 *
2389 * @param $currentUser \int User ID
2390 */
2391 function clearAllNotifications( $currentUser ) {
2392 global $wgUseEnotif, $wgShowUpdatedMarker;
2393 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
2394 $this->setNewtalk( false );
2395 return;
2396 }
2397 if( $currentUser != 0 ) {
2398 $dbw = wfGetDB( DB_MASTER );
2399 $dbw->update( 'watchlist',
2400 array( /* SET */
2401 'wl_notificationtimestamp' => null
2402 ), array( /* WHERE */
2403 'wl_user' => $currentUser
2404 ), __METHOD__
2405 );
2406 # We also need to clear here the "you have new message" notification for the own user_talk page
2407 # This is cleared one page view later in Article::viewUpdates();
2408 }
2409 }
2410
2411 /**
2412 * Set this user's options from an encoded string
2413 * @param $str \string Encoded options to import
2414 * @private
2415 */
2416 function decodeOptions( $str ) {
2417 if( !$str )
2418 return;
2419
2420 $this->mOptionsLoaded = true;
2421 $this->mOptionOverrides = array();
2422
2423 $this->mOptions = array();
2424 $a = explode( "\n", $str );
2425 foreach ( $a as $s ) {
2426 $m = array();
2427 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
2428 $this->mOptions[$m[1]] = $m[2];
2429 $this->mOptionOverrides[$m[1]] = $m[2];
2430 }
2431 }
2432 }
2433
2434 /**
2435 * Set a cookie on the user's client. Wrapper for
2436 * WebResponse::setCookie
2437 * @param $name \string Name of the cookie to set
2438 * @param $value \string Value to set
2439 * @param $exp \int Expiration time, as a UNIX time value;
2440 * if 0 or not specified, use the default $wgCookieExpiration
2441 */
2442 protected function setCookie( $name, $value, $exp = 0 ) {
2443 global $wgRequest;
2444 $wgRequest->response()->setcookie( $name, $value, $exp );
2445 }
2446
2447 /**
2448 * Clear a cookie on the user's client
2449 * @param $name \string Name of the cookie to clear
2450 */
2451 protected function clearCookie( $name ) {
2452 $this->setCookie( $name, '', time() - 86400 );
2453 }
2454
2455 /**
2456 * Set the default cookies for this session on the user's client.
2457 */
2458 function setCookies() {
2459 $this->load();
2460 if ( 0 == $this->mId ) return;
2461 $session = array(
2462 'wsUserID' => $this->mId,
2463 'wsToken' => $this->mToken,
2464 'wsUserName' => $this->getName()
2465 );
2466 $cookies = array(
2467 'UserID' => $this->mId,
2468 'UserName' => $this->getName(),
2469 );
2470 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
2471 $cookies['Token'] = $this->mToken;
2472 } else {
2473 $cookies['Token'] = false;
2474 }
2475
2476 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
2477 #check for null, since the hook could cause a null value
2478 if ( !is_null( $session ) && isset( $_SESSION ) ){
2479 $_SESSION = $session + $_SESSION;
2480 }
2481 foreach ( $cookies as $name => $value ) {
2482 if ( $value === false ) {
2483 $this->clearCookie( $name );
2484 } else {
2485 $this->setCookie( $name, $value );
2486 }
2487 }
2488 }
2489
2490 /**
2491 * Log this user out.
2492 */
2493 function logout() {
2494 if( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
2495 $this->doLogout();
2496 }
2497 }
2498
2499 /**
2500 * Clear the user's cookies and session, and reset the instance cache.
2501 * @private
2502 * @see logout()
2503 */
2504 function doLogout() {
2505 $this->clearInstanceCache( 'defaults' );
2506
2507 $_SESSION['wsUserID'] = 0;
2508
2509 $this->clearCookie( 'UserID' );
2510 $this->clearCookie( 'Token' );
2511
2512 # Remember when user logged out, to prevent seeing cached pages
2513 $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
2514 }
2515
2516 /**
2517 * Save this user's settings into the database.
2518 * @todo Only rarely do all these fields need to be set!
2519 */
2520 function saveSettings() {
2521 $this->load();
2522 if ( wfReadOnly() ) { return; }
2523 if ( 0 == $this->mId ) { return; }
2524
2525 $this->mTouched = self::newTouchedTimestamp();
2526
2527 $dbw = wfGetDB( DB_MASTER );
2528 $dbw->update( 'user',
2529 array( /* SET */
2530 'user_name' => $this->mName,
2531 'user_password' => $this->mPassword,
2532 'user_newpassword' => $this->mNewpassword,
2533 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
2534 'user_real_name' => $this->mRealName,
2535 'user_email' => $this->mEmail,
2536 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2537 'user_options' => '',
2538 'user_touched' => $dbw->timestamp( $this->mTouched ),
2539 'user_token' => $this->mToken,
2540 'user_email_token' => $this->mEmailToken,
2541 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
2542 ), array( /* WHERE */
2543 'user_id' => $this->mId
2544 ), __METHOD__
2545 );
2546
2547 $this->saveOptions();
2548
2549 wfRunHooks( 'UserSaveSettings', array( $this ) );
2550 $this->clearSharedCache();
2551 $this->getUserPage()->invalidateCache();
2552 }
2553
2554 /**
2555 * If only this user's username is known, and it exists, return the user ID.
2556 */
2557 function idForName() {
2558 $s = trim( $this->getName() );
2559 if ( $s === '' ) return 0;
2560
2561 $dbr = wfGetDB( DB_SLAVE );
2562 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
2563 if ( $id === false ) {
2564 $id = 0;
2565 }
2566 return $id;
2567 }
2568
2569 /**
2570 * Add a user to the database, return the user object
2571 *
2572 * @param $name \string Username to add
2573 * @param $params \type{\arrayof{\string}} Non-default parameters to save to the database:
2574 * - password The user's password. Password logins will be disabled if this is omitted.
2575 * - newpassword A temporary password mailed to the user
2576 * - email The user's email address
2577 * - email_authenticated The email authentication timestamp
2578 * - real_name The user's real name
2579 * - options An associative array of non-default options
2580 * - token Random authentication token. Do not set.
2581 * - registration Registration timestamp. Do not set.
2582 *
2583 * @return \type{User} A new User object, or null if the username already exists
2584 */
2585 static function createNew( $name, $params = array() ) {
2586 $user = new User;
2587 $user->load();
2588 if ( isset( $params['options'] ) ) {
2589 $user->mOptions = $params['options'] + (array)$user->mOptions;
2590 unset( $params['options'] );
2591 }
2592 $dbw = wfGetDB( DB_MASTER );
2593 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2594 $fields = array(
2595 'user_id' => $seqVal,
2596 'user_name' => $name,
2597 'user_password' => $user->mPassword,
2598 'user_newpassword' => $user->mNewpassword,
2599 'user_newpass_time' => $dbw->timestamp( $user->mNewpassTime ),
2600 'user_email' => $user->mEmail,
2601 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2602 'user_real_name' => $user->mRealName,
2603 'user_options' => '',
2604 'user_token' => $user->mToken,
2605 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2606 'user_editcount' => 0,
2607 );
2608 foreach ( $params as $name => $value ) {
2609 $fields["user_$name"] = $value;
2610 }
2611 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2612 if ( $dbw->affectedRows() ) {
2613 $newUser = User::newFromId( $dbw->insertId() );
2614 } else {
2615 $newUser = null;
2616 }
2617 return $newUser;
2618 }
2619
2620 /**
2621 * Add this existing user object to the database
2622 */
2623 function addToDatabase() {
2624 $this->load();
2625 $dbw = wfGetDB( DB_MASTER );
2626 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2627 $dbw->insert( 'user',
2628 array(
2629 'user_id' => $seqVal,
2630 'user_name' => $this->mName,
2631 'user_password' => $this->mPassword,
2632 'user_newpassword' => $this->mNewpassword,
2633 'user_newpass_time' => $dbw->timestamp( $this->mNewpassTime ),
2634 'user_email' => $this->mEmail,
2635 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2636 'user_real_name' => $this->mRealName,
2637 'user_options' => '',
2638 'user_token' => $this->mToken,
2639 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2640 'user_editcount' => 0,
2641 ), __METHOD__
2642 );
2643 $this->mId = $dbw->insertId();
2644
2645 // Clear instance cache other than user table data, which is already accurate
2646 $this->clearInstanceCache();
2647
2648 $this->saveOptions();
2649 }
2650
2651 /**
2652 * If this (non-anonymous) user is blocked, block any IP address
2653 * they've successfully logged in from.
2654 */
2655 function spreadBlock() {
2656 wfDebug( __METHOD__ . "()\n" );
2657 $this->load();
2658 if ( $this->mId == 0 ) {
2659 return;
2660 }
2661
2662 $userblock = Block::newFromDB( '', $this->mId );
2663 if ( !$userblock ) {
2664 return;
2665 }
2666
2667 $userblock->doAutoblock( wfGetIP() );
2668 }
2669
2670 /**
2671 * Generate a string which will be different for any combination of
2672 * user options which would produce different parser output.
2673 * This will be used as part of the hash key for the parser cache,
2674 * so users with the same options can share the same cached data
2675 * safely.
2676 *
2677 * Extensions which require it should install 'PageRenderingHash' hook,
2678 * which will give them a chance to modify this key based on their own
2679 * settings.
2680 *
2681 * @return \string Page rendering hash
2682 */
2683 function getPageRenderingHash() {
2684 global $wgUseDynamicDates, $wgRenderHashAppend, $wgLang, $wgContLang;
2685 if( $this->mHash ){
2686 return $this->mHash;
2687 }
2688
2689 // stubthreshold is only included below for completeness,
2690 // it will always be 0 when this function is called by parsercache.
2691
2692 $confstr = $this->getOption( 'math' );
2693 $confstr .= '!' . $this->getOption( 'stubthreshold' );
2694 if ( $wgUseDynamicDates ) {
2695 $confstr .= '!' . $this->getDatePreference();
2696 }
2697 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
2698 $confstr .= '!' . $wgLang->getCode();
2699 $confstr .= '!' . $this->getOption( 'thumbsize' );
2700 // add in language specific options, if any
2701 $extra = $wgContLang->getExtraHashOptions();
2702 $confstr .= $extra;
2703
2704 $confstr .= $wgRenderHashAppend;
2705
2706 // Give a chance for extensions to modify the hash, if they have
2707 // extra options or other effects on the parser cache.
2708 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
2709
2710 // Make it a valid memcached key fragment
2711 $confstr = str_replace( ' ', '_', $confstr );
2712 $this->mHash = $confstr;
2713 return $confstr;
2714 }
2715
2716 /**
2717 * Get whether the user is explicitly blocked from account creation.
2718 * @return \bool True if blocked
2719 */
2720 function isBlockedFromCreateAccount() {
2721 $this->getBlockedStatus();
2722 return $this->mBlock && $this->mBlock->mCreateAccount;
2723 }
2724
2725 /**
2726 * Get whether the user is blocked from using Special:Emailuser.
2727 * @return \bool True if blocked
2728 */
2729 function isBlockedFromEmailuser() {
2730 $this->getBlockedStatus();
2731 return $this->mBlock && $this->mBlock->mBlockEmail;
2732 }
2733
2734 /**
2735 * Get whether the user is allowed to create an account.
2736 * @return \bool True if allowed
2737 */
2738 function isAllowedToCreateAccount() {
2739 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
2740 }
2741
2742 /**
2743 * @deprecated
2744 */
2745 function setLoaded( $loaded ) {
2746 wfDeprecated( __METHOD__ );
2747 }
2748
2749 /**
2750 * Get this user's personal page title.
2751 *
2752 * @return \type{Title} User's personal page title
2753 */
2754 function getUserPage() {
2755 return Title::makeTitle( NS_USER, $this->getName() );
2756 }
2757
2758 /**
2759 * Get this user's talk page title.
2760 *
2761 * @return \type{Title} User's talk page title
2762 */
2763 function getTalkPage() {
2764 $title = $this->getUserPage();
2765 return $title->getTalkPage();
2766 }
2767
2768 /**
2769 * Get the maximum valid user ID.
2770 * @return \int User ID
2771 * @static
2772 */
2773 function getMaxID() {
2774 static $res; // cache
2775
2776 if ( isset( $res ) )
2777 return $res;
2778 else {
2779 $dbr = wfGetDB( DB_SLAVE );
2780 return $res = $dbr->selectField( 'user', 'max(user_id)', false, 'User::getMaxID' );
2781 }
2782 }
2783
2784 /**
2785 * Determine whether the user is a newbie. Newbies are either
2786 * anonymous IPs, or the most recently created accounts.
2787 * @return \bool True if the user is a newbie
2788 */
2789 function isNewbie() {
2790 return !$this->isAllowed( 'autoconfirmed' );
2791 }
2792
2793 /**
2794 * Check to see if the given clear-text password is one of the accepted passwords
2795 * @param $password \string user password.
2796 * @return \bool True if the given password is correct, otherwise False.
2797 */
2798 function checkPassword( $password ) {
2799 global $wgAuth;
2800 $this->load();
2801
2802 // Even though we stop people from creating passwords that
2803 // are shorter than this, doesn't mean people wont be able
2804 // to. Certain authentication plugins do NOT want to save
2805 // domain passwords in a mysql database, so we should
2806 // check this (incase $wgAuth->strict() is false).
2807 if( !$this->isValidPassword( $password ) ) {
2808 return false;
2809 }
2810
2811 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2812 return true;
2813 } elseif( $wgAuth->strict() ) {
2814 /* Auth plugin doesn't allow local authentication */
2815 return false;
2816 } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
2817 /* Auth plugin doesn't allow local authentication for this user name */
2818 return false;
2819 }
2820 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
2821 return true;
2822 } elseif ( function_exists( 'iconv' ) ) {
2823 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2824 # Check for this with iconv
2825 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
2826 if ( self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) ) {
2827 return true;
2828 }
2829 }
2830 return false;
2831 }
2832
2833 /**
2834 * Check if the given clear-text password matches the temporary password
2835 * sent by e-mail for password reset operations.
2836 * @return \bool True if matches, false otherwise
2837 */
2838 function checkTemporaryPassword( $plaintext ) {
2839 global $wgNewPasswordExpiry;
2840 if( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
2841 $this->load();
2842 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
2843 return ( time() < $expiry );
2844 } else {
2845 return false;
2846 }
2847 }
2848
2849 /**
2850 * Initialize (if necessary) and return a session token value
2851 * which can be used in edit forms to show that the user's
2852 * login credentials aren't being hijacked with a foreign form
2853 * submission.
2854 *
2855 * @param $salt \types{\string,\arrayof{\string}} Optional function-specific data for hashing
2856 * @return \string The new edit token
2857 */
2858 function editToken( $salt = '' ) {
2859 if ( $this->isAnon() ) {
2860 return EDIT_TOKEN_SUFFIX;
2861 } else {
2862 if( !isset( $_SESSION['wsEditToken'] ) ) {
2863 $token = self::generateToken();
2864 $_SESSION['wsEditToken'] = $token;
2865 } else {
2866 $token = $_SESSION['wsEditToken'];
2867 }
2868 if( is_array( $salt ) ) {
2869 $salt = implode( '|', $salt );
2870 }
2871 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
2872 }
2873 }
2874
2875 /**
2876 * Generate a looking random token for various uses.
2877 *
2878 * @param $salt \string Optional salt value
2879 * @return \string The new random token
2880 */
2881 public static function generateToken( $salt = '' ) {
2882 $token = dechex( mt_rand() ) . dechex( mt_rand() );
2883 return md5( $token . $salt );
2884 }
2885
2886 /**
2887 * Check given value against the token value stored in the session.
2888 * A match should confirm that the form was submitted from the
2889 * user's own login session, not a form submission from a third-party
2890 * site.
2891 *
2892 * @param $val \string Input value to compare
2893 * @param $salt \string Optional function-specific data for hashing
2894 * @return \bool Whether the token matches
2895 */
2896 function matchEditToken( $val, $salt = '' ) {
2897 $sessionToken = $this->editToken( $salt );
2898 if ( $val != $sessionToken ) {
2899 wfDebug( "User::matchEditToken: broken session data\n" );
2900 }
2901 return $val == $sessionToken;
2902 }
2903
2904 /**
2905 * Check given value against the token value stored in the session,
2906 * ignoring the suffix.
2907 *
2908 * @param $val \string Input value to compare
2909 * @param $salt \string Optional function-specific data for hashing
2910 * @return \bool Whether the token matches
2911 */
2912 function matchEditTokenNoSuffix( $val, $salt = '' ) {
2913 $sessionToken = $this->editToken( $salt );
2914 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
2915 }
2916
2917 /**
2918 * Generate a new e-mail confirmation token and send a confirmation/invalidation
2919 * mail to the user's given address.
2920 *
2921 * @param $changed Boolean: whether the adress changed
2922 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure.
2923 */
2924 function sendConfirmationMail( $changed = false ) {
2925 global $wgLang;
2926 $expiration = null; // gets passed-by-ref and defined in next line.
2927 $token = $this->confirmationToken( $expiration );
2928 $url = $this->confirmationTokenUrl( $token );
2929 $invalidateURL = $this->invalidationTokenUrl( $token );
2930 $this->saveSettings();
2931
2932 $message = $changed ? 'confirmemail_body_changed' : 'confirmemail_body';
2933 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
2934 wfMsg( $message,
2935 wfGetIP(),
2936 $this->getName(),
2937 $url,
2938 $wgLang->timeanddate( $expiration, false ),
2939 $invalidateURL,
2940 $wgLang->date( $expiration, false ),
2941 $wgLang->time( $expiration, false ) ) );
2942 }
2943
2944 /**
2945 * Send an e-mail to this user's account. Does not check for
2946 * confirmed status or validity.
2947 *
2948 * @param $subject \string Message subject
2949 * @param $body \string Message body
2950 * @param $from \string Optional From address; if unspecified, default $wgPasswordSender will be used
2951 * @param $replyto \string Reply-To address
2952 * @return \types{\bool,\type{WikiError}} True on success, a WikiError object on failure
2953 */
2954 function sendMail( $subject, $body, $from = null, $replyto = null ) {
2955 if( is_null( $from ) ) {
2956 global $wgPasswordSender;
2957 $from = $wgPasswordSender;
2958 }
2959
2960 $to = new MailAddress( $this );
2961 $sender = new MailAddress( $from );
2962 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
2963 }
2964
2965 /**
2966 * Generate, store, and return a new e-mail confirmation code.
2967 * A hash (unsalted, since it's used as a key) is stored.
2968 *
2969 * @note Call saveSettings() after calling this function to commit
2970 * this change to the database.
2971 *
2972 * @param[out] &$expiration \mixed Accepts the expiration time
2973 * @return \string New token
2974 * @private
2975 */
2976 function confirmationToken( &$expiration ) {
2977 $now = time();
2978 $expires = $now + 7 * 24 * 60 * 60;
2979 $expiration = wfTimestamp( TS_MW, $expires );
2980 $token = self::generateToken( $this->mId . $this->mEmail . $expires );
2981 $hash = md5( $token );
2982 $this->load();
2983 $this->mEmailToken = $hash;
2984 $this->mEmailTokenExpires = $expiration;
2985 return $token;
2986 }
2987
2988 /**
2989 * Return a URL the user can use to confirm their email address.
2990 * @param $token \string Accepts the email confirmation token
2991 * @return \string New token URL
2992 * @private
2993 */
2994 function confirmationTokenUrl( $token ) {
2995 return $this->getTokenUrl( 'ConfirmEmail', $token );
2996 }
2997
2998 /**
2999 * Return a URL the user can use to invalidate their email address.
3000 * @param $token \string Accepts the email confirmation token
3001 * @return \string New token URL
3002 * @private
3003 */
3004 function invalidationTokenUrl( $token ) {
3005 return $this->getTokenUrl( 'Invalidateemail', $token );
3006 }
3007
3008 /**
3009 * Internal function to format the e-mail validation/invalidation URLs.
3010 * This uses $wgArticlePath directly as a quickie hack to use the
3011 * hardcoded English names of the Special: pages, for ASCII safety.
3012 *
3013 * @note Since these URLs get dropped directly into emails, using the
3014 * short English names avoids insanely long URL-encoded links, which
3015 * also sometimes can get corrupted in some browsers/mailers
3016 * (bug 6957 with Gmail and Internet Explorer).
3017 *
3018 * @param $page \string Special page
3019 * @param $token \string Token
3020 * @return \string Formatted URL
3021 */
3022 protected function getTokenUrl( $page, $token ) {
3023 global $wgArticlePath;
3024 return wfExpandUrl(
3025 str_replace(
3026 '$1',
3027 "Special:$page/$token",
3028 $wgArticlePath ) );
3029 }
3030
3031 /**
3032 * Mark the e-mail address confirmed.
3033 *
3034 * @note Call saveSettings() after calling this function to commit the change.
3035 */
3036 function confirmEmail() {
3037 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3038 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3039 return true;
3040 }
3041
3042 /**
3043 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3044 * address if it was already confirmed.
3045 *
3046 * @note Call saveSettings() after calling this function to commit the change.
3047 */
3048 function invalidateEmail() {
3049 $this->load();
3050 $this->mEmailToken = null;
3051 $this->mEmailTokenExpires = null;
3052 $this->setEmailAuthenticationTimestamp( null );
3053 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3054 return true;
3055 }
3056
3057 /**
3058 * Set the e-mail authentication timestamp.
3059 * @param $timestamp \string TS_MW timestamp
3060 */
3061 function setEmailAuthenticationTimestamp( $timestamp ) {
3062 $this->load();
3063 $this->mEmailAuthenticated = $timestamp;
3064 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3065 }
3066
3067 /**
3068 * Is this user allowed to send e-mails within limits of current
3069 * site configuration?
3070 * @return \bool True if allowed
3071 */
3072 function canSendEmail() {
3073 global $wgEnableEmail, $wgEnableUserEmail;
3074 if( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3075 return false;
3076 }
3077 $canSend = $this->isEmailConfirmed();
3078 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3079 return $canSend;
3080 }
3081
3082 /**
3083 * Is this user allowed to receive e-mails within limits of current
3084 * site configuration?
3085 * @return \bool True if allowed
3086 */
3087 function canReceiveEmail() {
3088 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3089 }
3090
3091 /**
3092 * Is this user's e-mail address valid-looking and confirmed within
3093 * limits of the current site configuration?
3094 *
3095 * @note If $wgEmailAuthentication is on, this may require the user to have
3096 * confirmed their address by returning a code or using a password
3097 * sent to the address from the wiki.
3098 *
3099 * @return \bool True if confirmed
3100 */
3101 function isEmailConfirmed() {
3102 global $wgEmailAuthentication;
3103 $this->load();
3104 $confirmed = true;
3105 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3106 if( $this->isAnon() )
3107 return false;
3108 if( !self::isValidEmailAddr( $this->mEmail ) )
3109 return false;
3110 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
3111 return false;
3112 return true;
3113 } else {
3114 return $confirmed;
3115 }
3116 }
3117
3118 /**
3119 * Check whether there is an outstanding request for e-mail confirmation.
3120 * @return \bool True if pending
3121 */
3122 function isEmailConfirmationPending() {
3123 global $wgEmailAuthentication;
3124 return $wgEmailAuthentication &&
3125 !$this->isEmailConfirmed() &&
3126 $this->mEmailToken &&
3127 $this->mEmailTokenExpires > wfTimestamp();
3128 }
3129
3130 /**
3131 * Get the timestamp of account creation.
3132 *
3133 * @return \types{\string,\bool} string Timestamp of account creation, or false for
3134 * non-existent/anonymous user accounts.
3135 */
3136 public function getRegistration() {
3137 return $this->getId() > 0
3138 ? $this->mRegistration
3139 : false;
3140 }
3141
3142 /**
3143 * Get the timestamp of the first edit
3144 *
3145 * @return \types{\string,\bool} string Timestamp of first edit, or false for
3146 * non-existent/anonymous user accounts.
3147 */
3148 public function getFirstEditTimestamp() {
3149 if( $this->getId() == 0 ) return false; // anons
3150 $dbr = wfGetDB( DB_SLAVE );
3151 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3152 array( 'rev_user' => $this->getId() ),
3153 __METHOD__,
3154 array( 'ORDER BY' => 'rev_timestamp ASC' )
3155 );
3156 if( !$time ) return false; // no edits
3157 return wfTimestamp( TS_MW, $time );
3158 }
3159
3160 /**
3161 * Get the permissions associated with a given list of groups
3162 *
3163 * @param $groups \type{\arrayof{\string}} List of internal group names
3164 * @return \type{\arrayof{\string}} List of permission key names for given groups combined
3165 */
3166 static function getGroupPermissions( $groups ) {
3167 global $wgGroupPermissions, $wgRevokePermissions;
3168 $rights = array();
3169 // grant every granted permission first
3170 foreach( $groups as $group ) {
3171 if( isset( $wgGroupPermissions[$group] ) ) {
3172 $rights = array_merge( $rights,
3173 // array_filter removes empty items
3174 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3175 }
3176 }
3177 // now revoke the revoked permissions
3178 foreach( $groups as $group ) {
3179 if( isset( $wgRevokePermissions[$group] ) ) {
3180 $rights = array_diff( $rights,
3181 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
3182 }
3183 }
3184 return array_unique( $rights );
3185 }
3186
3187 /**
3188 * Get all the groups who have a given permission
3189 *
3190 * @param $role \string Role to check
3191 * @return \type{\arrayof{\string}} List of internal group names with the given permission
3192 */
3193 static function getGroupsWithPermission( $role ) {
3194 global $wgGroupPermissions;
3195 $allowedGroups = array();
3196 foreach ( $wgGroupPermissions as $group => $rights ) {
3197 if ( isset( $rights[$role] ) && $rights[$role] ) {
3198 $allowedGroups[] = $group;
3199 }
3200 }
3201 return $allowedGroups;
3202 }
3203
3204 /**
3205 * Get the localized descriptive name for a group, if it exists
3206 *
3207 * @param $group \string Internal group name
3208 * @return \string Localized descriptive group name
3209 */
3210 static function getGroupName( $group ) {
3211 global $wgMessageCache;
3212 $wgMessageCache->loadAllMessages();
3213 $key = "group-$group";
3214 $name = wfMsg( $key );
3215 return $name == '' || wfEmptyMsg( $key, $name )
3216 ? $group
3217 : $name;
3218 }
3219
3220 /**
3221 * Get the localized descriptive name for a member of a group, if it exists
3222 *
3223 * @param $group \string Internal group name
3224 * @return \string Localized name for group member
3225 */
3226 static function getGroupMember( $group ) {
3227 global $wgMessageCache;
3228 $wgMessageCache->loadAllMessages();
3229 $key = "group-$group-member";
3230 $name = wfMsg( $key );
3231 return $name == '' || wfEmptyMsg( $key, $name )
3232 ? $group
3233 : $name;
3234 }
3235
3236 /**
3237 * Return the set of defined explicit groups.
3238 * The implicit groups (by default *, 'user' and 'autoconfirmed')
3239 * are not included, as they are defined automatically, not in the database.
3240 * @return \type{\arrayof{\string}} Array of internal group names
3241 */
3242 static function getAllGroups() {
3243 global $wgGroupPermissions, $wgRevokePermissions;
3244 return array_diff(
3245 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
3246 self::getImplicitGroups()
3247 );
3248 }
3249
3250 /**
3251 * Get a list of all available permissions.
3252 * @return \type{\arrayof{\string}} Array of permission names
3253 */
3254 static function getAllRights() {
3255 if ( self::$mAllRights === false ) {
3256 global $wgAvailableRights;
3257 if ( count( $wgAvailableRights ) ) {
3258 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
3259 } else {
3260 self::$mAllRights = self::$mCoreRights;
3261 }
3262 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
3263 }
3264 return self::$mAllRights;
3265 }
3266
3267 /**
3268 * Get a list of implicit groups
3269 * @return \type{\arrayof{\string}} Array of internal group names
3270 */
3271 public static function getImplicitGroups() {
3272 global $wgImplicitGroups;
3273 $groups = $wgImplicitGroups;
3274 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
3275 return $groups;
3276 }
3277
3278 /**
3279 * Get the title of a page describing a particular group
3280 *
3281 * @param $group \string Internal group name
3282 * @return \types{\type{Title},\bool} Title of the page if it exists, false otherwise
3283 */
3284 static function getGroupPage( $group ) {
3285 global $wgMessageCache;
3286 $wgMessageCache->loadAllMessages();
3287 $page = wfMsgForContent( 'grouppage-' . $group );
3288 if( !wfEmptyMsg( 'grouppage-' . $group, $page ) ) {
3289 $title = Title::newFromText( $page );
3290 if( is_object( $title ) )
3291 return $title;
3292 }
3293 return false;
3294 }
3295
3296 /**
3297 * Create a link to the group in HTML, if available;
3298 * else return the group name.
3299 *
3300 * @param $group \string Internal name of the group
3301 * @param $text \string The text of the link
3302 * @return \string HTML link to the group
3303 */
3304 static function makeGroupLinkHTML( $group, $text = '' ) {
3305 if( $text == '' ) {
3306 $text = self::getGroupName( $group );
3307 }
3308 $title = self::getGroupPage( $group );
3309 if( $title ) {
3310 global $wgUser;
3311 $sk = $wgUser->getSkin();
3312 return $sk->link( $title, htmlspecialchars( $text ) );
3313 } else {
3314 return $text;
3315 }
3316 }
3317
3318 /**
3319 * Create a link to the group in Wikitext, if available;
3320 * else return the group name.
3321 *
3322 * @param $group \string Internal name of the group
3323 * @param $text \string The text of the link
3324 * @return \string Wikilink to the group
3325 */
3326 static function makeGroupLinkWiki( $group, $text = '' ) {
3327 if( $text == '' ) {
3328 $text = self::getGroupName( $group );
3329 }
3330 $title = self::getGroupPage( $group );
3331 if( $title ) {
3332 $page = $title->getPrefixedText();
3333 return "[[$page|$text]]";
3334 } else {
3335 return $text;
3336 }
3337 }
3338
3339 /**
3340 * Returns an array of the groups that a particular group can add/remove.
3341 *
3342 * @param $group String: the group to check for whether it can add/remove
3343 * @return Array array( 'add' => array( addablegroups ),
3344 * 'remove' => array( removablegroups ),
3345 * 'add-self' => array( addablegroups to self),
3346 * 'remove-self' => array( removable groups from self) )
3347 */
3348 static function changeableByGroup( $group ) {
3349 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
3350
3351 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
3352 if( empty( $wgAddGroups[$group] ) ) {
3353 // Don't add anything to $groups
3354 } elseif( $wgAddGroups[$group] === true ) {
3355 // You get everything
3356 $groups['add'] = self::getAllGroups();
3357 } elseif( is_array( $wgAddGroups[$group] ) ) {
3358 $groups['add'] = $wgAddGroups[$group];
3359 }
3360
3361 // Same thing for remove
3362 if( empty( $wgRemoveGroups[$group] ) ) {
3363 } elseif( $wgRemoveGroups[$group] === true ) {
3364 $groups['remove'] = self::getAllGroups();
3365 } elseif( is_array( $wgRemoveGroups[$group] ) ) {
3366 $groups['remove'] = $wgRemoveGroups[$group];
3367 }
3368
3369 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
3370 if( empty( $wgGroupsAddToSelf['user']) || $wgGroupsAddToSelf['user'] !== true ) {
3371 foreach( $wgGroupsAddToSelf as $key => $value ) {
3372 if( is_int( $key ) ) {
3373 $wgGroupsAddToSelf['user'][] = $value;
3374 }
3375 }
3376 }
3377
3378 if( empty( $wgGroupsRemoveFromSelf['user']) || $wgGroupsRemoveFromSelf['user'] !== true ) {
3379 foreach( $wgGroupsRemoveFromSelf as $key => $value ) {
3380 if( is_int( $key ) ) {
3381 $wgGroupsRemoveFromSelf['user'][] = $value;
3382 }
3383 }
3384 }
3385
3386 // Now figure out what groups the user can add to him/herself
3387 if( empty( $wgGroupsAddToSelf[$group] ) ) {
3388 } elseif( $wgGroupsAddToSelf[$group] === true ) {
3389 // No idea WHY this would be used, but it's there
3390 $groups['add-self'] = User::getAllGroups();
3391 } elseif( is_array( $wgGroupsAddToSelf[$group] ) ) {
3392 $groups['add-self'] = $wgGroupsAddToSelf[$group];
3393 }
3394
3395 if( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
3396 } elseif( $wgGroupsRemoveFromSelf[$group] === true ) {
3397 $groups['remove-self'] = User::getAllGroups();
3398 } elseif( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
3399 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
3400 }
3401
3402 return $groups;
3403 }
3404
3405 /**
3406 * Returns an array of groups that this user can add and remove
3407 * @return Array array( 'add' => array( addablegroups ),
3408 * 'remove' => array( removablegroups ),
3409 * 'add-self' => array( addablegroups to self),
3410 * 'remove-self' => array( removable groups from self) )
3411 */
3412 function changeableGroups() {
3413 if( $this->isAllowed( 'userrights' ) ) {
3414 // This group gives the right to modify everything (reverse-
3415 // compatibility with old "userrights lets you change
3416 // everything")
3417 // Using array_merge to make the groups reindexed
3418 $all = array_merge( User::getAllGroups() );
3419 return array(
3420 'add' => $all,
3421 'remove' => $all,
3422 'add-self' => array(),
3423 'remove-self' => array()
3424 );
3425 }
3426
3427 // Okay, it's not so simple, we will have to go through the arrays
3428 $groups = array(
3429 'add' => array(),
3430 'remove' => array(),
3431 'add-self' => array(),
3432 'remove-self' => array()
3433 );
3434 $addergroups = $this->getEffectiveGroups();
3435
3436 foreach( $addergroups as $addergroup ) {
3437 $groups = array_merge_recursive(
3438 $groups, $this->changeableByGroup( $addergroup )
3439 );
3440 $groups['add'] = array_unique( $groups['add'] );
3441 $groups['remove'] = array_unique( $groups['remove'] );
3442 $groups['add-self'] = array_unique( $groups['add-self'] );
3443 $groups['remove-self'] = array_unique( $groups['remove-self'] );
3444 }
3445 return $groups;
3446 }
3447
3448 /**
3449 * Increment the user's edit-count field.
3450 * Will have no effect for anonymous users.
3451 */
3452 function incEditCount() {
3453 if( !$this->isAnon() ) {
3454 $dbw = wfGetDB( DB_MASTER );
3455 $dbw->update( 'user',
3456 array( 'user_editcount=user_editcount+1' ),
3457 array( 'user_id' => $this->getId() ),
3458 __METHOD__ );
3459
3460 // Lazy initialization check...
3461 if( $dbw->affectedRows() == 0 ) {
3462 // Pull from a slave to be less cruel to servers
3463 // Accuracy isn't the point anyway here
3464 $dbr = wfGetDB( DB_SLAVE );
3465 $count = $dbr->selectField( 'revision',
3466 'COUNT(rev_user)',
3467 array( 'rev_user' => $this->getId() ),
3468 __METHOD__ );
3469
3470 // Now here's a goddamn hack...
3471 if( $dbr !== $dbw ) {
3472 // If we actually have a slave server, the count is
3473 // at least one behind because the current transaction
3474 // has not been committed and replicated.
3475 $count++;
3476 } else {
3477 // But if DB_SLAVE is selecting the master, then the
3478 // count we just read includes the revision that was
3479 // just added in the working transaction.
3480 }
3481
3482 $dbw->update( 'user',
3483 array( 'user_editcount' => $count ),
3484 array( 'user_id' => $this->getId() ),
3485 __METHOD__ );
3486 }
3487 }
3488 // edit count in user cache too
3489 $this->invalidateCache();
3490 }
3491
3492 /**
3493 * Get the description of a given right
3494 *
3495 * @param $right \string Right to query
3496 * @return \string Localized description of the right
3497 */
3498 static function getRightDescription( $right ) {
3499 global $wgMessageCache;
3500 $wgMessageCache->loadAllMessages();
3501 $key = "right-$right";
3502 $name = wfMsg( $key );
3503 return $name == '' || wfEmptyMsg( $key, $name )
3504 ? $right
3505 : $name;
3506 }
3507
3508 /**
3509 * Make an old-style password hash
3510 *
3511 * @param $password \string Plain-text password
3512 * @param $userId \string User ID
3513 * @return \string Password hash
3514 */
3515 static function oldCrypt( $password, $userId ) {
3516 global $wgPasswordSalt;
3517 if ( $wgPasswordSalt ) {
3518 return md5( $userId . '-' . md5( $password ) );
3519 } else {
3520 return md5( $password );
3521 }
3522 }
3523
3524 /**
3525 * Make a new-style password hash
3526 *
3527 * @param $password \string Plain-text password
3528 * @param $salt \string Optional salt, may be random or the user ID.
3529 * If unspecified or false, will generate one automatically
3530 * @return \string Password hash
3531 */
3532 static function crypt( $password, $salt = false ) {
3533 global $wgPasswordSalt;
3534
3535 $hash = '';
3536 if( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
3537 return $hash;
3538 }
3539
3540 if( $wgPasswordSalt ) {
3541 if ( $salt === false ) {
3542 $salt = substr( wfGenerateToken(), 0, 8 );
3543 }
3544 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
3545 } else {
3546 return ':A:' . md5( $password );
3547 }
3548 }
3549
3550 /**
3551 * Compare a password hash with a plain-text password. Requires the user
3552 * ID if there's a chance that the hash is an old-style hash.
3553 *
3554 * @param $hash \string Password hash
3555 * @param $password \string Plain-text password to compare
3556 * @param $userId \string User ID for old-style password salt
3557 * @return \bool
3558 */
3559 static function comparePasswords( $hash, $password, $userId = false ) {
3560 $m = false;
3561 $type = substr( $hash, 0, 3 );
3562
3563 $result = false;
3564 if( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
3565 return $result;
3566 }
3567
3568 if ( $type == ':A:' ) {
3569 # Unsalted
3570 return md5( $password ) === substr( $hash, 3 );
3571 } elseif ( $type == ':B:' ) {
3572 # Salted
3573 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
3574 return md5( $salt.'-'.md5( $password ) ) == $realHash;
3575 } else {
3576 # Old-style
3577 return self::oldCrypt( $password, $userId ) === $hash;
3578 }
3579 }
3580
3581 /**
3582 * Add a newuser log entry for this user
3583 * @param $byEmail Boolean: account made by email?
3584 */
3585 public function addNewUserLogEntry( $byEmail = false ) {
3586 global $wgUser, $wgNewUserLog;
3587 if( empty( $wgNewUserLog ) ) {
3588 return true; // disabled
3589 }
3590
3591 if( $this->getName() == $wgUser->getName() ) {
3592 $action = 'create';
3593 $message = '';
3594 } else {
3595 $action = 'create2';
3596 $message = $byEmail
3597 ? wfMsgForContent( 'newuserlog-byemail' )
3598 : '';
3599 }
3600 $log = new LogPage( 'newusers' );
3601 $log->addEntry(
3602 $action,
3603 $this->getUserPage(),
3604 $message,
3605 array( $this->getId() )
3606 );
3607 return true;
3608 }
3609
3610 /**
3611 * Add an autocreate newuser log entry for this user
3612 * Used by things like CentralAuth and perhaps other authplugins.
3613 */
3614 public function addNewUserLogEntryAutoCreate() {
3615 global $wgNewUserLog, $wgLogAutocreatedAccounts;
3616 if( !$wgNewUserLog || !$wgLogAutocreatedAccounts ) {
3617 return true; // disabled
3618 }
3619 $log = new LogPage( 'newusers', false );
3620 $log->addEntry( 'autocreate', $this->getUserPage(), '', array( $this->getId() ) );
3621 return true;
3622 }
3623
3624 protected function loadOptions() {
3625 $this->load();
3626 if ( $this->mOptionsLoaded || !$this->getId() )
3627 return;
3628
3629 $this->mOptions = self::getDefaultOptions();
3630
3631 // Maybe load from the object
3632 if ( !is_null( $this->mOptionOverrides ) ) {
3633 wfDebug( "Loading options for user " . $this->getId() . " from override cache.\n" );
3634 foreach( $this->mOptionOverrides as $key => $value ) {
3635 $this->mOptions[$key] = $value;
3636 }
3637 } else {
3638 wfDebug( "Loading options for user " . $this->getId() . " from database.\n" );
3639 // Load from database
3640 $dbr = wfGetDB( DB_SLAVE );
3641
3642 $res = $dbr->select(
3643 'user_properties',
3644 '*',
3645 array( 'up_user' => $this->getId() ),
3646 __METHOD__
3647 );
3648
3649 while( $row = $dbr->fetchObject( $res ) ) {
3650 $this->mOptionOverrides[$row->up_property] = $row->up_value;
3651 $this->mOptions[$row->up_property] = $row->up_value;
3652 }
3653 }
3654
3655 $this->mOptionsLoaded = true;
3656
3657 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
3658 }
3659
3660 protected function saveOptions() {
3661 global $wgAllowPrefChange;
3662
3663 $extuser = ExternalUser::newFromUser( $this );
3664
3665 $this->loadOptions();
3666 $dbw = wfGetDB( DB_MASTER );
3667
3668 $insert_rows = array();
3669
3670 $saveOptions = $this->mOptions;
3671
3672 // Allow hooks to abort, for instance to save to a global profile.
3673 // Reset options to default state before saving.
3674 if( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) )
3675 return;
3676
3677 foreach( $saveOptions as $key => $value ) {
3678 # Don't bother storing default values
3679 if ( ( is_null( self::getDefaultOption( $key ) ) &&
3680 !( $value === false || is_null($value) ) ) ||
3681 $value != self::getDefaultOption( $key ) ) {
3682 $insert_rows[] = array(
3683 'up_user' => $this->getId(),
3684 'up_property' => $key,
3685 'up_value' => $value,
3686 );
3687 }
3688 if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
3689 switch ( $wgAllowPrefChange[$key] ) {
3690 case 'local':
3691 case 'message':
3692 break;
3693 case 'semiglobal':
3694 case 'global':
3695 $extuser->setPref( $key, $value );
3696 }
3697 }
3698 }
3699
3700 $dbw->begin();
3701 $dbw->delete( 'user_properties', array( 'up_user' => $this->getId() ), __METHOD__ );
3702 $dbw->insert( 'user_properties', $insert_rows, __METHOD__ );
3703 $dbw->commit();
3704 }
3705
3706 /**
3707 * Provide an array of HTML5 attributes to put on an input element
3708 * intended for the user to enter a new password. This may include
3709 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
3710 *
3711 * Do *not* use this when asking the user to enter his current password!
3712 * Regardless of configuration, users may have invalid passwords for whatever
3713 * reason (e.g., they were set before requirements were tightened up).
3714 * Only use it when asking for a new password, like on account creation or
3715 * ResetPass.
3716 *
3717 * Obviously, you still need to do server-side checking.
3718 *
3719 * @return array Array of HTML attributes suitable for feeding to
3720 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
3721 * That will potentially output invalid XHTML 1.0 Transitional, and will
3722 * get confused by the boolean attribute syntax used.)
3723 */
3724 public static function passwordChangeInputAttribs() {
3725 global $wgMinimalPasswordLength;
3726
3727 if ( $wgMinimalPasswordLength == 0 ) {
3728 return array();
3729 }
3730
3731 # Note that the pattern requirement will always be satisfied if the
3732 # input is empty, so we need required in all cases.
3733 $ret = array( 'required' );
3734
3735 # We can't actually do this right now, because Opera 9.6 will print out
3736 # the entered password visibly in its error message! When other
3737 # browsers add support for this attribute, or Opera fixes its support,
3738 # we can add support with a version check to avoid doing this on Opera
3739 # versions where it will be a problem. Reported to Opera as
3740 # DSK-262266, but they don't have a public bug tracker for us to follow.
3741 /*
3742 if ( $wgMinimalPasswordLength > 1 ) {
3743 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
3744 $ret['title'] = wfMsgExt( 'passwordtooshort', 'parsemag',
3745 $wgMinimalPasswordLength );
3746 }
3747 */
3748
3749 return $ret;
3750 }
3751 }
MediaWiki Core