search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add wgPasswordSalt option, set to false for compatibility with old passwords in user...
[mediawiki.git] / includes / User.php
blob8306392a71996bbeed8542060854fbb122809c8e
1 <?
2 # See user.doc
3
4 class User {
5 /* private */ var $mId, $mName, $mPassword, $mEmail, $mNewtalk;
6 /* private */ var $mRights, $mOptions;
7 /* private */ var $mDataLoaded, $mNewpassword;
8 /* private */ var $mSkin;
9 /* private */ var $mBlockedby, $mBlockreason;
10 /* private */ var $mTouched;
11 /* private */ var $mCookiePassword;
12
13 function User()
14 {
15 $this->loadDefaults();
16 }
17
18 # Static factory method
19 #
20 function newFromName( $name )
21 {
22 $u = new User();
23
24 # Clean up name according to title rules
25
26 $t = Title::newFromText( $name );
27 $u->setName( $t->getText() );
28 return $u;
29 }
30
31 /* static */ function whoIs( $id )
32 {
33 return wfGetSQL( "user", "user_name", "user_id=$id" );
34 }
35
36 /* static */ function idFromName( $name )
37 {
38 $nt = Title::newFromText( $name );
39 $sql = "SELECT user_id FROM user WHERE user_name='" .
40 wfStrencode( $nt->getText() ) . "'";
41 $res = wfQuery( $sql, "User::idFromName" );
42
43 if ( 0 == wfNumRows( $res ) ) { return 0; }
44 else {
45 $s = wfFetchObject( $res );
46 return $s->user_id;
47 }
48 }
49
50 # does the string match an anonymous user IP address?
51 /* static */ function isIP( $name ) {
52 return preg_match("/^\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3}$/",$name);
53
54 }
55
56 /* static */ function randomPassword()
57 {
58 $pwchars = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz";
59 $l = strlen( $pwchars ) - 1;
60
61 wfSeedRandom();
62 $np = $pwchars{mt_rand( 0, $l )} . $pwchars{mt_rand( 0, $l )} .
63 $pwchars{mt_rand( 0, $l )} . chr( mt_rand(48, 57) ) .
64 $pwchars{mt_rand( 0, $l )} . $pwchars{mt_rand( 0, $l )} .
65 $pwchars{mt_rand( 0, $l )};
66 return $np;
67 }
68
69 function loadDefaults()
70 {
71 global $wgLang ;
72 global $wgNamespacesToBeSearchedDefault;
73
74 $this->mId = $this->mNewtalk = 0;
75 $this->mName = getenv( "REMOTE_ADDR" );
76 $this->mEmail = "";
77 $this->mPassword = $this->mNewpassword = "";
78 $this->mRights = array();
79 $defOpt = $wgLang->getDefaultUserOptions() ;
80 foreach ( $defOpt as $oname => $val ) {
81 $this->mOptions[$oname] = $val;
82 }
83 foreach ($wgNamespacesToBeSearchedDefault as $nsnum => $val) {
84 $this->mOptions["searchNs".$nsnum] = $val;
85 }
86 unset( $this->mSkin );
87 $this->mDataLoaded = false;
88 $this->mBlockedby = -1; # Unset
89 $this->mTouched = '0'; # Allow any pages to be cached
90 $this->cookiePassword = "";
91 }
92
93 /* private */ function getBlockedStatus()
94 {
95 if ( -1 != $this->mBlockedby ) { return; }
96
97 $remaddr = getenv( "REMOTE_ADDR" );
98 if ( 0 == $this->mId ) {
99 $sql = "SELECT ipb_by,ipb_reason FROM ipblocks WHERE " .
100 "ipb_address='$remaddr'";
101 } else {
102 $sql = "SELECT ipb_by,ipb_reason FROM ipblocks WHERE " .
103 "(ipb_address='$remaddr' OR ipb_user={$this->mId})";
104 }
105 $res = wfQuery( $sql, "User::getBlockedStatus" );
106 if ( 0 == wfNumRows( $res ) ) {
107 $this->mBlockedby = 0;
108 return;
109 }
110 $s = wfFetchObject( $res );
111 $this->mBlockedby = $s->ipb_by;
112 $this->mBlockreason = $s->ipb_reason;
113 }
114
115 function isBlocked()
116 {
117 $this->getBlockedStatus();
118 if ( 0 == $this->mBlockedby ) { return false; }
119 return true;
120 }
121
122 function blockedBy() {
123 $this->getBlockedStatus();
124 return $this->mBlockedby;
125 }
126
127 function blockedFor() {
128 $this->getBlockedStatus();
129 return $this->mBlockreason;
130 }
131
132 function loadFromSession()
133 {
134 global $HTTP_COOKIE_VARS, $wsUserID, $wsUserName, $wsUserPassword;
135
136 if ( isset( $wsUserID ) ) {
137 if ( 0 != $wsUserID ) {
138 $sId = $wsUserID;
139 } else {
140 $this->mId = 0;
141 return;
142 }
143 } else if ( isset( $HTTP_COOKIE_VARS["wcUserID"] ) ) {
144 $sId = $HTTP_COOKIE_VARS["wcUserID"];
145 $wsUserID = $sId;
146 } else {
147 $this->mId = 0;
148 return;
149 }
150 if ( isset( $wsUserName ) ) {
151 $sName = $wsUserName;
152 } else if ( isset( $HTTP_COOKIE_VARS["wcUserName"] ) ) {
153 $sName = $HTTP_COOKIE_VARS["wcUserName"];
154 $wsUserName = $sName;
155 } else {
156 $this->mId = 0;
157 return;
158 }
159
160 $passwordCorrect = FALSE;
161 $this->mId = $sId;
162 $this->loadFromDatabase();
163
164 if ( isset( $wsUserPassword ) ) {
165 $passwordCorrect = $wsUserPassword == $this->mPassword;
166 } else if ( isset( $HTTP_COOKIE_VARS["wcUserPassword"] ) ) {
167 $this->mCookiePassword = $HTTP_COOKIE_VARS["wcUserPassword"];
168 $wsUserPassword = $this->addSalt( $this->mCookiePassword );
169 $passwordCorrect = $wsUserPassword == $this->mPassword;
170 } else {
171 $this->mId = 0;
172 $this->loadDefaults(); # Can't log in from session
173 return;
174 }
175
176 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
177 return;
178 }
179 $this->loadDefaults(); # Can't log in from session
180 }
181
182 function loadFromDatabase()
183 {
184 if ( $this->mDataLoaded ) { return; }
185 # check in separate table if there are changes to the talk page
186 $this->mNewtalk=0; # reset talk page status
187 if($this->mId) {
188 $sql = "SELECT 1 FROM user_newtalk WHERE user_id={$this->mId}";
189 $res = wfQuery ($sql, "User::loadFromDatabase" );
190
191 if (wfNumRows($res)>0) {
192 $this->mNewtalk= 1;
193 }
194 wfFreeResult( $res );
195 } else {
196 $sql = "SELECT 1 FROM user_newtalk WHERE user_ip='{$this->mName}'";
197 $res = wfQuery ($sql, "User::loadFromDatabase" );
198
199 if (wfNumRows($res)>0) {
200 $this->mNewtalk= 1;
201 }
202 wfFreeResult( $res );
203 }
204 if(!$this->mId) {
205 $this->mDataLoaded = true;
206 return;
207 } # the following stuff is for non-anonymous users only
208
209 $sql = "SELECT user_name,user_password,user_newpassword,user_email," .
210 "user_options,user_rights,user_touched FROM user WHERE user_id=" .
211 "{$this->mId}";
212 $res = wfQuery( $sql, "User::loadFromDatabase" );
213
214 if ( wfNumRows( $res ) > 0 ) {
215 $s = wfFetchObject( $res );
216 $this->mName = $s->user_name;
217 $this->mEmail = $s->user_email;
218 $this->mPassword = $s->user_password;
219 $this->mNewpassword = $s->user_newpassword;
220 $this->decodeOptions( $s->user_options );
221 $this->mRights = explode( ",", strtolower( $s->user_rights ) );
222 $this->mTouched = $s->user_touched;
223 }
224
225 wfFreeResult( $res );
226 $this->mDataLoaded = true;
227 }
228
229 function getID() { return $this->mId; }
230 function setID( $v ) {
231 $this->mId = $v;
232 $this->mDataLoaded = false;
233 }
234
235 function getName() {
236 $this->loadFromDatabase();
237 return $this->mName;
238 }
239
240 function setName( $str )
241 {
242 $this->loadFromDatabase();
243 $this->mName = $str;
244 }
245
246 function getNewtalk()
247 {
248 $this->loadFromDatabase();
249 return ( 0 != $this->mNewtalk );
250 }
251
252 function setNewtalk( $val )
253 {
254 $this->loadFromDatabase();
255 $this->mNewtalk = $val;
256 $this->invalidateCache();
257 }
258
259 function invalidateCache() {
260 $this->loadFromDatabase();
261 $this->mTouched = wfTimestampNow();
262 # Don't forget to save the options after this or
263 # it won't take effect!
264 }
265
266 function validateCache( $timestamp ) {
267 $this->loadFromDatabase();
268 return ($timestamp >= $this->mTouched);
269 }
270
271 function getPassword()
272 {
273 $this->loadFromDatabase();
274 return $this->mPassword;
275 }
276
277 function getNewpassword()
278 {
279 $this->loadFromDatabase();
280 return $this->mNewpassword;
281 }
282
283 function addSalt( $p )
284 {
285 global $wgPasswordSalt;
286 if($wgPasswordSalt)
287 return md5( "{$this->mId}-{$p}" );
288 else
289 return $p;
290 }
291
292 function encryptPassword( $p )
293 {
294 return $this->addSalt( md5( $p ) );
295 }
296
297 function setPassword( $str )
298 {
299 $this->loadFromDatabase();
300 $this->setCookiePassword( $str );
301 $this->mPassword = $this->encryptPassword( $str );
302 $this->mNewpassword = "";
303 }
304
305 function setCookiePassword( $str )
306 {
307 $this->loadFromDatabase();
308 $this->mCookiePassword = md5( $str );
309 }
310
311 function setNewpassword( $str )
312 {
313 $this->loadFromDatabase();
314 $this->mNewpassword = $this->encryptPassword( $str );
315 }
316
317 function getEmail()
318 {
319 $this->loadFromDatabase();
320 return $this->mEmail;
321 }
322
323 function setEmail( $str )
324 {
325 $this->loadFromDatabase();
326 $this->mEmail = $str;
327 }
328
329 function getOption( $oname )
330 {
331 $this->loadFromDatabase();
332 if ( array_key_exists( $oname, $this->mOptions ) ) {
333 return $this->mOptions[$oname];
334 } else {
335 return "";
336 }
337 }
338
339 function setOption( $oname, $val )
340 {
341 $this->loadFromDatabase();
342 $this->mOptions[$oname] = $val;
343 $this->invalidateCache();
344 }
345
346 function getRights()
347 {
348 $this->loadFromDatabase();
349 return $this->mRights;
350 }
351
352 function addRight( $rname )
353 {
354 $this->loadFromDatabase();
355 array_push( $this->mRights, $rname );
356 $this->invalidateCache();
357 }
358
359 function isSysop()
360 {
361 $this->loadFromDatabase();
362 if ( 0 == $this->mId ) { return false; }
363
364 return in_array( "sysop", $this->mRights );
365 }
366
367 function isDeveloper()
368 {
369 $this->loadFromDatabase();
370 if ( 0 == $this->mId ) { return false; }
371
372 return in_array( "developer", $this->mRights );
373 }
374
375 function isBot()
376 {
377 $this->loadFromDatabase();
378 if ( 0 == $this->mId ) { return false; }
379
380 return in_array( "bot", $this->mRights );
381 }
382
383 function &getSkin()
384 {
385 if ( ! isset( $this->mSkin ) ) {
386 $skinNames = Skin::getSkinNames();
387 $s = $this->getOption( "skin" );
388 if ( "" == $s ) { $s = 0; }
389
390 if ( $s >= count( $skinNames ) ) { $sn = "SkinStandard"; }
391 else $sn = "Skin" . $skinNames[$s];
392 $this->mSkin = new $sn;
393 }
394 return $this->mSkin;
395 }
396
397 function isWatched( $title )
398 {
399 # Note - $title should be a Title _object_
400 # Pages and their talk pages are considered equivalent for watching;
401 # remember that talk namespaces are numbered as page namespace+1.
402 if( $this->mId ) {
403 $sql = "SELECT 1 FROM watchlist
404 WHERE wl_user={$this->mId} AND
405 wl_namespace = " . ($title->getNamespace() & ~1) . " AND
406 wl_title='" . wfStrencode( $title->getDBkey() ) . "'";
407 $res = wfQuery( $sql );
408 return (wfNumRows( $res ) > 0);
409 } else {
410 return false;
411 }
412 }
413
414 function addWatch( $title )
415 {
416 if( $this->mId ) {
417 # REPLACE instead of INSERT because occasionally someone
418 # accidentally reloads a watch-add operation.
419 $sql = "REPLACE INTO watchlist (wl_user, wl_namespace,wl_title)
420 VALUES ({$this->mId}," . (($title->getNamespace() | 1) - 1) .
421 ",'" . wfStrencode( $title->getDBkey() ) . "')";
422 wfQuery( $sql );
423 $this->invalidateCache();
424 }
425 }
426
427 function removeWatch( $title )
428 {
429 if( $this->mId ) {
430 $sql = "DELETE FROM watchlist WHERE wl_user={$this->mId} AND
431 wl_namespace=" . (($title->getNamespace() | 1) - 1) .
432 " AND wl_title='" . wfStrencode( $title->getDBkey() ) . "'";
433 wfQuery( $sql );
434 $this->invalidateCache();
435 }
436 }
437
438
439 /* private */ function encodeOptions()
440 {
441 $a = array();
442 foreach ( $this->mOptions as $oname => $oval ) {
443 array_push( $a, "{$oname}={$oval}" );
444 }
445 $s = implode( "\n", $a );
446 return wfStrencode( $s );
447 }
448
449 /* private */ function decodeOptions( $str )
450 {
451 $a = explode( "\n", $str );
452 foreach ( $a as $s ) {
453 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
454 $this->mOptions[$m[1]] = $m[2];
455 }
456 }
457 }
458
459 function setCookies()
460 {
461 global $wsUserID, $wsUserName, $wsUserPassword;
462 global $wgCookieExpiration;
463 if ( 0 == $this->mId ) return;
464 $this->loadFromDatabase();
465 $exp = time() + $wgCookieExpiration;
466
467 $wsUserID = $this->mId;
468 setcookie( "wcUserID", $this->mId, $exp, "/" );
469
470 $wsUserName = $this->mName;
471 setcookie( "wcUserName", $this->mName, $exp, "/" );
472
473 $wsUserPassword = $this->mPassword;
474 if ( 1 == $this->getOption( "rememberpassword" ) ) {
475 setcookie( "wcUserPassword", $this->mCookiePassword, $exp, "/" );
476 } else {
477 setcookie( "wcUserPassword", "", time() - 3600 );
478 }
479 }
480
481 function logout()
482 {
483 global $wsUserID;
484 $this->mId = 0;
485
486 $wsUserID = 0;
487
488 setcookie( "wcUserID", "", time() - 3600 );
489 setcookie( "wcUserPassword", "", time() - 3600 );
490 }
491
492 function saveSettings()
493 {
494 global $wgUser;
495
496 if ( ! $this->mNewtalk ) {
497 if( $this->mId ) {
498 $sql="DELETE FROM user_newtalk WHERE user_id={$this->mId}";
499 wfQuery ($sql,"User::saveSettings");
500 } else {
501 $sql="DELETE FROM user_newtalk WHERE user_ip='{$this->mName}'";
502 wfQuery ($sql,"User::saveSettings");
503 }
504 }
505 if ( 0 == $this->mId ) { return; }
506
507 $sql = "UPDATE user SET " .
508 "user_name= '" . wfStrencode( $this->mName ) . "', " .
509 "user_password= '" . wfStrencode( $this->mPassword ) . "', " .
510 "user_newpassword= '" . wfStrencode( $this->mNewpassword ) . "', " .
511 "user_email= '" . wfStrencode( $this->mEmail ) . "', " .
512 "user_options= '" . $this->encodeOptions() . "', " .
513 "user_rights= '" . wfStrencode( implode( ",", $this->mRights ) ) . "', "
514 .
515 "user_touched= '" . wfStrencode( $this->mTouched ) .
516 "' WHERE user_id={$this->mId}";
517 wfQuery( $sql, "User::saveSettings" );
518 }
519
520 # Checks if a user with the given name exists
521 #
522 function idForName()
523 {
524 $gotid = 0;
525 $s = trim( $this->mName );
526 if ( 0 == strcmp( "", $s ) ) return 0;
527
528 $sql = "SELECT user_id FROM user WHERE user_name='" .
529 wfStrencode( $s ) . "'";
530 $res = wfQuery( $sql, "User::idForName" );
531 if ( 0 == wfNumRows( $res ) ) { return 0; }
532
533 $s = wfFetchObject( $res );
534 if ( "" == $s ) return 0;
535
536 $gotid = $s->user_id;
537 wfFreeResult( $res );
538 return $gotid;
539 }
540
541 function addToDatabase()
542 {
543 $sql = "INSERT INTO user (user_name,user_password,user_newpassword," .
544 "user_email, user_rights, user_options) " .
545 " VALUES ('" . wfStrencode( $this->mName ) . "', '" .
546 wfStrencode( $this->mPassword ) . "', '" .
547 wfStrencode( $this->mNewpassword ) . "', '" .
548 wfStrencode( $this->mEmail ) . "', '" .
549 wfStrencode( implode( ",", $this->mRights ) ) . "', '" .
550 $this->encodeOptions() . "')";
551 wfQuery( $sql, "User::addToDatabase" );
552 $this->mId = $this->idForName();
553 }
554 }
555
556 ?>
MediaWiki Core