Non-word characters don't terminate tag names.
[mediawiki.git] / includes / User.php
blobcca0458c4517791f206239a7a0b1ef14489c7426
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
20 * @file
23 /**
24 * Int Number of characters in user_token field.
25 * @ingroup Constants
27 define( 'USER_TOKEN_LENGTH', 32 );
29 /**
30 * Int Serialized record version.
31 * @ingroup Constants
33 define( 'MW_USER_VERSION', 8 );
35 /**
36 * String Some punctuation to prevent editing from broken text-mangling proxies.
37 * @ingroup Constants
39 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
41 /**
42 * Thrown by User::setPassword() on error.
43 * @ingroup Exception
45 class PasswordError extends MWException {
46 // NOP
49 /**
50 * The User object encapsulates all of the user-specific settings (user_id,
51 * name, rights, password, email address, options, last login time). Client
52 * classes use the getXXX() functions to access these fields. These functions
53 * do all the work of determining whether the user is logged in,
54 * whether the requested option can be satisfied from cookies or
55 * whether a database query is needed. Most of the settings needed
56 * for rendering normal pages are set in the cookie to minimize use
57 * of the database.
59 class User {
60 /**
61 * Global constants made accessible as class constants so that autoloader
62 * magic can be used.
64 const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
65 const MW_USER_VERSION = MW_USER_VERSION;
66 const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
68 /**
69 * Maximum items in $mWatchedItems
71 const MAX_WATCHED_ITEMS_CACHE = 100;
73 /**
74 * Array of Strings List of member variables which are saved to the
75 * shared cache (memcached). Any operation which changes the
76 * corresponding database fields must call a cache-clearing function.
77 * @showinitializer
79 static $mCacheVars = array(
80 // user table
81 'mId',
82 'mName',
83 'mRealName',
84 'mPassword',
85 'mNewpassword',
86 'mNewpassTime',
87 'mEmail',
88 'mTouched',
89 'mToken',
90 'mEmailAuthenticated',
91 'mEmailToken',
92 'mEmailTokenExpires',
93 'mRegistration',
94 'mEditCount',
95 // user_groups table
96 'mGroups',
97 // user_properties table
98 'mOptionOverrides',
102 * Array of Strings Core rights.
103 * Each of these should have a corresponding message of the form
104 * "right-$right".
105 * @showinitializer
107 static $mCoreRights = array(
108 'apihighlimits',
109 'autoconfirmed',
110 'autopatrol',
111 'bigdelete',
112 'block',
113 'blockemail',
114 'bot',
115 'browsearchive',
116 'createaccount',
117 'createpage',
118 'createtalk',
119 'delete',
120 'deletedhistory',
121 'deletedtext',
122 'deletelogentry',
123 'deleterevision',
124 'edit',
125 'editinterface',
126 'editprotected',
127 'editmyoptions',
128 'editmyprivateinfo',
129 'editmyusercss',
130 'editmyuserjs',
131 'editmywatchlist',
132 'editsemiprotected',
133 'editusercssjs', #deprecated
134 'editusercss',
135 'edituserjs',
136 'hideuser',
137 'import',
138 'importupload',
139 'ipblock-exempt',
140 'markbotedits',
141 'mergehistory',
142 'minoredit',
143 'move',
144 'movefile',
145 'move-rootuserpages',
146 'move-subpages',
147 'nominornewtalk',
148 'noratelimit',
149 'override-export-depth',
150 'passwordreset',
151 'patrol',
152 'patrolmarks',
153 'protect',
154 'proxyunbannable',
155 'purge',
156 'read',
157 'reupload',
158 'reupload-own',
159 'reupload-shared',
160 'rollback',
161 'sendemail',
162 'siteadmin',
163 'suppressionlog',
164 'suppressredirect',
165 'suppressrevision',
166 'unblockself',
167 'undelete',
168 'unwatchedpages',
169 'upload',
170 'upload_by_url',
171 'userrights',
172 'userrights-interwiki',
173 'viewmyprivateinfo',
174 'viewmywatchlist',
175 'writeapi',
178 * String Cached results of getAllRights()
180 static $mAllRights = false;
182 /** @name Cache variables */
183 //@{
184 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
185 $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
186 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mEditCount,
187 $mGroups, $mOptionOverrides;
188 //@}
191 * Bool Whether the cache variables have been loaded.
193 //@{
194 var $mOptionsLoaded;
197 * Array with already loaded items or true if all items have been loaded.
199 private $mLoadedItems = array();
200 //@}
203 * String Initialization data source if mLoadedItems!==true. May be one of:
204 * - 'defaults' anonymous user initialised from class defaults
205 * - 'name' initialise from mName
206 * - 'id' initialise from mId
207 * - 'session' log in from cookies or session if possible
209 * Use the User::newFrom*() family of functions to set this.
211 var $mFrom;
214 * Lazy-initialized variables, invalidated with clearInstanceCache
216 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mRights,
217 $mBlockreason, $mEffectiveGroups, $mImplicitGroups, $mFormerGroups, $mBlockedGlobally,
218 $mLocked, $mHideName, $mOptions;
221 * @var WebRequest
223 private $mRequest;
226 * @var Block
228 var $mBlock;
231 * @var bool
233 var $mAllowUsertalk;
236 * @var Block
238 private $mBlockedFromCreateAccount = false;
241 * @var Array
243 private $mWatchedItems = array();
245 static $idCacheByName = array();
248 * Lightweight constructor for an anonymous user.
249 * Use the User::newFrom* factory functions for other kinds of users.
251 * @see newFromName()
252 * @see newFromId()
253 * @see newFromConfirmationCode()
254 * @see newFromSession()
255 * @see newFromRow()
257 function __construct() {
258 $this->clearInstanceCache( 'defaults' );
262 * @return string
264 function __toString() {
265 return $this->getName();
269 * Load the user table data for this object from the source given by mFrom.
271 public function load() {
272 if ( $this->mLoadedItems === true ) {
273 return;
275 wfProfileIn( __METHOD__ );
277 // Set it now to avoid infinite recursion in accessors
278 $this->mLoadedItems = true;
280 switch ( $this->mFrom ) {
281 case 'defaults':
282 $this->loadDefaults();
283 break;
284 case 'name':
285 $this->mId = self::idFromName( $this->mName );
286 if ( !$this->mId ) {
287 // Nonexistent user placeholder object
288 $this->loadDefaults( $this->mName );
289 } else {
290 $this->loadFromId();
292 break;
293 case 'id':
294 $this->loadFromId();
295 break;
296 case 'session':
297 if ( !$this->loadFromSession() ) {
298 // Loading from session failed. Load defaults.
299 $this->loadDefaults();
301 wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
302 break;
303 default:
304 wfProfileOut( __METHOD__ );
305 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
307 wfProfileOut( __METHOD__ );
311 * Load user table data, given mId has already been set.
312 * @return bool false if the ID does not exist, true otherwise
314 public function loadFromId() {
315 global $wgMemc;
316 if ( $this->mId == 0 ) {
317 $this->loadDefaults();
318 return false;
321 // Try cache
322 $key = wfMemcKey( 'user', 'id', $this->mId );
323 $data = $wgMemc->get( $key );
324 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
325 // Object is expired, load from DB
326 $data = false;
329 if ( !$data ) {
330 wfDebug( "User: cache miss for user {$this->mId}\n" );
331 // Load from DB
332 if ( !$this->loadFromDatabase() ) {
333 // Can't load from ID, user is anonymous
334 return false;
336 $this->saveToCache();
337 } else {
338 wfDebug( "User: got user {$this->mId} from cache\n" );
339 // Restore from cache
340 foreach ( self::$mCacheVars as $name ) {
341 $this->$name = $data[$name];
345 $this->mLoadedItems = true;
347 return true;
351 * Save user data to the shared cache
353 public function saveToCache() {
354 $this->load();
355 $this->loadGroups();
356 $this->loadOptions();
357 if ( $this->isAnon() ) {
358 // Anonymous users are uncached
359 return;
361 $data = array();
362 foreach ( self::$mCacheVars as $name ) {
363 $data[$name] = $this->$name;
365 $data['mVersion'] = MW_USER_VERSION;
366 $key = wfMemcKey( 'user', 'id', $this->mId );
367 global $wgMemc;
368 $wgMemc->set( $key, $data );
371 /** @name newFrom*() static factory methods */
372 //@{
375 * Static factory method for creation from username.
377 * This is slightly less efficient than newFromId(), so use newFromId() if
378 * you have both an ID and a name handy.
380 * @param string $name Username, validated by Title::newFromText()
381 * @param string|bool $validate Validate username. Takes the same parameters as
382 * User::getCanonicalName(), except that true is accepted as an alias
383 * for 'valid', for BC.
385 * @return User|bool User object, or false if the username is invalid
386 * (e.g. if it contains illegal characters or is an IP address). If the
387 * username is not present in the database, the result will be a user object
388 * with a name, zero user ID and default settings.
390 public static function newFromName( $name, $validate = 'valid' ) {
391 if ( $validate === true ) {
392 $validate = 'valid';
394 $name = self::getCanonicalName( $name, $validate );
395 if ( $name === false ) {
396 return false;
397 } else {
398 // Create unloaded user object
399 $u = new User;
400 $u->mName = $name;
401 $u->mFrom = 'name';
402 $u->setItemLoaded( 'name' );
403 return $u;
408 * Static factory method for creation from a given user ID.
410 * @param int $id Valid user ID
411 * @return User The corresponding User object
413 public static function newFromId( $id ) {
414 $u = new User;
415 $u->mId = $id;
416 $u->mFrom = 'id';
417 $u->setItemLoaded( 'id' );
418 return $u;
422 * Factory method to fetch whichever user has a given email confirmation code.
423 * This code is generated when an account is created or its e-mail address
424 * has changed.
426 * If the code is invalid or has expired, returns NULL.
428 * @param string $code Confirmation code
429 * @return User|null
431 public static function newFromConfirmationCode( $code ) {
432 $dbr = wfGetDB( DB_SLAVE );
433 $id = $dbr->selectField( 'user', 'user_id', array(
434 'user_email_token' => md5( $code ),
435 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
436 ) );
437 if ( $id !== false ) {
438 return User::newFromId( $id );
439 } else {
440 return null;
445 * Create a new user object using data from session or cookies. If the
446 * login credentials are invalid, the result is an anonymous user.
448 * @param WebRequest $request Object to use; $wgRequest will be used if omitted.
449 * @return User object
451 public static function newFromSession( WebRequest $request = null ) {
452 $user = new User;
453 $user->mFrom = 'session';
454 $user->mRequest = $request;
455 return $user;
459 * Create a new user object from a user row.
460 * The row should have the following fields from the user table in it:
461 * - either user_name or user_id to load further data if needed (or both)
462 * - user_real_name
463 * - all other fields (email, password, etc.)
464 * It is useless to provide the remaining fields if either user_id,
465 * user_name and user_real_name are not provided because the whole row
466 * will be loaded once more from the database when accessing them.
468 * @param array $row A row from the user table
469 * @param array $data Further data to load into the object (see User::loadFromRow for valid keys)
470 * @return User
472 public static function newFromRow( $row, $data = null ) {
473 $user = new User;
474 $user->loadFromRow( $row, $data );
475 return $user;
478 //@}
481 * Get the username corresponding to a given user ID
482 * @param int $id User ID
483 * @return string|bool The corresponding username
485 public static function whoIs( $id ) {
486 return UserCache::singleton()->getProp( $id, 'name' );
490 * Get the real name of a user given their user ID
492 * @param int $id User ID
493 * @return string|bool The corresponding user's real name
495 public static function whoIsReal( $id ) {
496 return UserCache::singleton()->getProp( $id, 'real_name' );
500 * Get database id given a user name
501 * @param string $name Username
502 * @return int|null The corresponding user's ID, or null if user is nonexistent
504 public static function idFromName( $name ) {
505 $nt = Title::makeTitleSafe( NS_USER, $name );
506 if ( is_null( $nt ) ) {
507 // Illegal name
508 return null;
511 if ( isset( self::$idCacheByName[$name] ) ) {
512 return self::$idCacheByName[$name];
515 $dbr = wfGetDB( DB_SLAVE );
516 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
518 if ( $s === false ) {
519 $result = null;
520 } else {
521 $result = $s->user_id;
524 self::$idCacheByName[$name] = $result;
526 if ( count( self::$idCacheByName ) > 1000 ) {
527 self::$idCacheByName = array();
530 return $result;
534 * Reset the cache used in idFromName(). For use in tests.
536 public static function resetIdByNameCache() {
537 self::$idCacheByName = array();
541 * Does the string match an anonymous IPv4 address?
543 * This function exists for username validation, in order to reject
544 * usernames which are similar in form to IP addresses. Strings such
545 * as 300.300.300.300 will return true because it looks like an IP
546 * address, despite not being strictly valid.
548 * We match "\d{1,3}\.\d{1,3}\.\d{1,3}\.xxx" as an anonymous IP
549 * address because the usemod software would "cloak" anonymous IP
550 * addresses like this, if we allowed accounts like this to be created
551 * new users could get the old edits of these anonymous users.
553 * @param string $name Name to match
554 * @return bool
556 public static function isIP( $name ) {
557 return preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/', $name ) || IP::isIPv6( $name );
561 * Is the input a valid username?
563 * Checks if the input is a valid username, we don't want an empty string,
564 * an IP address, anything that contains slashes (would mess up subpages),
565 * is longer than the maximum allowed username size or doesn't begin with
566 * a capital letter.
568 * @param string $name Name to match
569 * @return bool
571 public static function isValidUserName( $name ) {
572 global $wgContLang, $wgMaxNameChars;
574 if ( $name == ''
575 || User::isIP( $name )
576 || strpos( $name, '/' ) !== false
577 || strlen( $name ) > $wgMaxNameChars
578 || $name != $wgContLang->ucfirst( $name ) ) {
579 wfDebugLog( 'username', __METHOD__ .
580 ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
581 return false;
584 // Ensure that the name can't be misresolved as a different title,
585 // such as with extra namespace keys at the start.
586 $parsed = Title::newFromText( $name );
587 if ( is_null( $parsed )
588 || $parsed->getNamespace()
589 || strcmp( $name, $parsed->getPrefixedText() ) ) {
590 wfDebugLog( 'username', __METHOD__ .
591 ": '$name' invalid due to ambiguous prefixes" );
592 return false;
595 // Check an additional blacklist of troublemaker characters.
596 // Should these be merged into the title char list?
597 $unicodeBlacklist = '/[' .
598 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
599 '\x{00a0}' . # non-breaking space
600 '\x{2000}-\x{200f}' . # various whitespace
601 '\x{2028}-\x{202f}' . # breaks and control chars
602 '\x{3000}' . # ideographic space
603 '\x{e000}-\x{f8ff}' . # private use
604 ']/u';
605 if ( preg_match( $unicodeBlacklist, $name ) ) {
606 wfDebugLog( 'username', __METHOD__ .
607 ": '$name' invalid due to blacklisted characters" );
608 return false;
611 return true;
615 * Usernames which fail to pass this function will be blocked
616 * from user login and new account registrations, but may be used
617 * internally by batch processes.
619 * If an account already exists in this form, login will be blocked
620 * by a failure to pass this function.
622 * @param string $name Name to match
623 * @return bool
625 public static function isUsableName( $name ) {
626 global $wgReservedUsernames;
627 // Must be a valid username, obviously ;)
628 if ( !self::isValidUserName( $name ) ) {
629 return false;
632 static $reservedUsernames = false;
633 if ( !$reservedUsernames ) {
634 $reservedUsernames = $wgReservedUsernames;
635 wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
638 // Certain names may be reserved for batch processes.
639 foreach ( $reservedUsernames as $reserved ) {
640 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
641 $reserved = wfMessage( substr( $reserved, 4 ) )->inContentLanguage()->text();
643 if ( $reserved == $name ) {
644 return false;
647 return true;
651 * Usernames which fail to pass this function will be blocked
652 * from new account registrations, but may be used internally
653 * either by batch processes or by user accounts which have
654 * already been created.
656 * Additional blacklisting may be added here rather than in
657 * isValidUserName() to avoid disrupting existing accounts.
659 * @param string $name to match
660 * @return bool
662 public static function isCreatableName( $name ) {
663 global $wgInvalidUsernameCharacters;
665 // Ensure that the username isn't longer than 235 bytes, so that
666 // (at least for the builtin skins) user javascript and css files
667 // will work. (bug 23080)
668 if ( strlen( $name ) > 235 ) {
669 wfDebugLog( 'username', __METHOD__ .
670 ": '$name' invalid due to length" );
671 return false;
674 // Preg yells if you try to give it an empty string
675 if ( $wgInvalidUsernameCharacters !== '' ) {
676 if ( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
677 wfDebugLog( 'username', __METHOD__ .
678 ": '$name' invalid due to wgInvalidUsernameCharacters" );
679 return false;
683 return self::isUsableName( $name );
687 * Is the input a valid password for this user?
689 * @param string $password Desired password
690 * @return bool
692 public function isValidPassword( $password ) {
693 //simple boolean wrapper for getPasswordValidity
694 return $this->getPasswordValidity( $password ) === true;
698 * Given unvalidated password input, return error message on failure.
700 * @param string $password Desired password
701 * @return mixed: true on success, string or array of error message on failure
703 public function getPasswordValidity( $password ) {
704 global $wgMinimalPasswordLength, $wgContLang;
706 static $blockedLogins = array(
707 'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589
708 'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605
711 $result = false; //init $result to false for the internal checks
713 if ( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) ) {
714 return $result;
717 if ( $result === false ) {
718 if ( strlen( $password ) < $wgMinimalPasswordLength ) {
719 return 'passwordtooshort';
720 } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
721 return 'password-name-match';
722 } elseif ( isset( $blockedLogins[$this->getName()] ) && $password == $blockedLogins[$this->getName()] ) {
723 return 'password-login-forbidden';
724 } else {
725 //it seems weird returning true here, but this is because of the
726 //initialization of $result to false above. If the hook is never run or it
727 //doesn't modify $result, then we will likely get down into this if with
728 //a valid password.
729 return true;
731 } elseif ( $result === true ) {
732 return true;
733 } else {
734 return $result; //the isValidPassword hook set a string $result and returned true
739 * Does a string look like an e-mail address?
741 * This validates an email address using an HTML5 specification found at:
742 * http://www.whatwg.org/html/states-of-the-type-attribute.html#valid-e-mail-address
743 * Which as of 2011-01-24 says:
745 * A valid e-mail address is a string that matches the ABNF production
746 * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined
747 * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section
748 * 3.5.
750 * This function is an implementation of the specification as requested in
751 * bug 22449.
753 * Client-side forms will use the same standard validation rules via JS or
754 * HTML 5 validation; additional restrictions can be enforced server-side
755 * by extensions via the 'isValidEmailAddr' hook.
757 * Note that this validation doesn't 100% match RFC 2822, but is believed
758 * to be liberal enough for wide use. Some invalid addresses will still
759 * pass validation here.
761 * @param string $addr E-mail address
762 * @return bool
763 * @deprecated since 1.18 call Sanitizer::isValidEmail() directly
765 public static function isValidEmailAddr( $addr ) {
766 wfDeprecated( __METHOD__, '1.18' );
767 return Sanitizer::validateEmail( $addr );
771 * Given unvalidated user input, return a canonical username, or false if
772 * the username is invalid.
773 * @param string $name User input
774 * @param string|bool $validate type of validation to use:
775 * - false No validation
776 * - 'valid' Valid for batch processes
777 * - 'usable' Valid for batch processes and login
778 * - 'creatable' Valid for batch processes, login and account creation
780 * @throws MWException
781 * @return bool|string
783 public static function getCanonicalName( $name, $validate = 'valid' ) {
784 // Force usernames to capital
785 global $wgContLang;
786 $name = $wgContLang->ucfirst( $name );
788 # Reject names containing '#'; these will be cleaned up
789 # with title normalisation, but then it's too late to
790 # check elsewhere
791 if ( strpos( $name, '#' ) !== false ) {
792 return false;
795 // Clean up name according to title rules
796 $t = ( $validate === 'valid' ) ?
797 Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
798 // Check for invalid titles
799 if ( is_null( $t ) ) {
800 return false;
803 // Reject various classes of invalid names
804 global $wgAuth;
805 $name = $wgAuth->getCanonicalName( $t->getText() );
807 switch ( $validate ) {
808 case false:
809 break;
810 case 'valid':
811 if ( !User::isValidUserName( $name ) ) {
812 $name = false;
814 break;
815 case 'usable':
816 if ( !User::isUsableName( $name ) ) {
817 $name = false;
819 break;
820 case 'creatable':
821 if ( !User::isCreatableName( $name ) ) {
822 $name = false;
824 break;
825 default:
826 throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
828 return $name;
832 * Count the number of edits of a user
834 * @param int $uid User ID to check
835 * @return int The user's edit count
837 * @deprecated since 1.21 in favour of User::getEditCount
839 public static function edits( $uid ) {
840 wfDeprecated( __METHOD__, '1.21' );
841 $user = self::newFromId( $uid );
842 return $user->getEditCount();
846 * Return a random password.
848 * @return string New random password
850 public static function randomPassword() {
851 global $wgMinimalPasswordLength;
852 // Decide the final password length based on our min password length, stopping at a minimum of 10 chars
853 $length = max( 10, $wgMinimalPasswordLength );
854 // Multiply by 1.25 to get the number of hex characters we need
855 $length = $length * 1.25;
856 // Generate random hex chars
857 $hex = MWCryptRand::generateHex( $length );
858 // Convert from base 16 to base 32 to get a proper password like string
859 return wfBaseConvert( $hex, 16, 32 );
863 * Set cached properties to default.
865 * @note This no longer clears uncached lazy-initialised properties;
866 * the constructor does that instead.
868 * @param $name string|bool
870 public function loadDefaults( $name = false ) {
871 wfProfileIn( __METHOD__ );
873 $this->mId = 0;
874 $this->mName = $name;
875 $this->mRealName = '';
876 $this->mPassword = $this->mNewpassword = '';
877 $this->mNewpassTime = null;
878 $this->mEmail = '';
879 $this->mOptionOverrides = null;
880 $this->mOptionsLoaded = false;
882 $loggedOut = $this->getRequest()->getCookie( 'LoggedOut' );
883 if ( $loggedOut !== null ) {
884 $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
885 } else {
886 $this->mTouched = '1'; # Allow any pages to be cached
889 $this->mToken = null; // Don't run cryptographic functions till we need a token
890 $this->mEmailAuthenticated = null;
891 $this->mEmailToken = '';
892 $this->mEmailTokenExpires = null;
893 $this->mRegistration = wfTimestamp( TS_MW );
894 $this->mGroups = array();
896 wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
898 wfProfileOut( __METHOD__ );
902 * Return whether an item has been loaded.
904 * @param string $item item to check. Current possibilities:
905 * - id
906 * - name
907 * - realname
908 * @param string $all 'all' to check if the whole object has been loaded
909 * or any other string to check if only the item is available (e.g.
910 * for optimisation)
911 * @return boolean
913 public function isItemLoaded( $item, $all = 'all' ) {
914 return ( $this->mLoadedItems === true && $all === 'all' ) ||
915 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
919 * Set that an item has been loaded
921 * @param string $item
923 protected function setItemLoaded( $item ) {
924 if ( is_array( $this->mLoadedItems ) ) {
925 $this->mLoadedItems[$item] = true;
930 * Load user data from the session or login cookie.
931 * @return bool True if the user is logged in, false otherwise.
933 private function loadFromSession() {
934 $result = null;
935 wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
936 if ( $result !== null ) {
937 return $result;
940 $request = $this->getRequest();
942 $cookieId = $request->getCookie( 'UserID' );
943 $sessId = $request->getSessionData( 'wsUserID' );
945 if ( $cookieId !== null ) {
946 $sId = intval( $cookieId );
947 if ( $sessId !== null && $cookieId != $sessId ) {
948 wfDebugLog( 'loginSessions', "Session user ID ($sessId) and
949 cookie user ID ($sId) don't match!" );
950 return false;
952 $request->setSessionData( 'wsUserID', $sId );
953 } elseif ( $sessId !== null && $sessId != 0 ) {
954 $sId = $sessId;
955 } else {
956 return false;
959 if ( $request->getSessionData( 'wsUserName' ) !== null ) {
960 $sName = $request->getSessionData( 'wsUserName' );
961 } elseif ( $request->getCookie( 'UserName' ) !== null ) {
962 $sName = $request->getCookie( 'UserName' );
963 $request->setSessionData( 'wsUserName', $sName );
964 } else {
965 return false;
968 $proposedUser = User::newFromId( $sId );
969 if ( !$proposedUser->isLoggedIn() ) {
970 // Not a valid ID
971 return false;
974 global $wgBlockDisablesLogin;
975 if ( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
976 // User blocked and we've disabled blocked user logins
977 return false;
980 if ( $request->getSessionData( 'wsToken' ) ) {
981 $passwordCorrect = ( $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' ) );
982 $from = 'session';
983 } elseif ( $request->getCookie( 'Token' ) ) {
984 # Get the token from DB/cache and clean it up to remove garbage padding.
985 # This deals with historical problems with bugs and the default column value.
986 $token = rtrim( $proposedUser->getToken( false ) ); // correct token
987 $passwordCorrect = ( strlen( $token ) && $token === $request->getCookie( 'Token' ) );
988 $from = 'cookie';
989 } else {
990 // No session or persistent login cookie
991 return false;
994 if ( ( $sName === $proposedUser->getName() ) && $passwordCorrect ) {
995 $this->loadFromUserObject( $proposedUser );
996 $request->setSessionData( 'wsToken', $this->mToken );
997 wfDebug( "User: logged in from $from\n" );
998 return true;
999 } else {
1000 // Invalid credentials
1001 wfDebug( "User: can't log in from $from, invalid credentials\n" );
1002 return false;
1007 * Load user and user_group data from the database.
1008 * $this->mId must be set, this is how the user is identified.
1010 * @return bool True if the user exists, false if the user is anonymous
1012 public function loadFromDatabase() {
1013 // Paranoia
1014 $this->mId = intval( $this->mId );
1016 // Anonymous user
1017 if ( !$this->mId ) {
1018 $this->loadDefaults();
1019 return false;
1022 $dbr = wfGetDB( DB_MASTER );
1023 $s = $dbr->selectRow( 'user', self::selectFields(), array( 'user_id' => $this->mId ), __METHOD__ );
1025 wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );
1027 if ( $s !== false ) {
1028 // Initialise user table data
1029 $this->loadFromRow( $s );
1030 $this->mGroups = null; // deferred
1031 $this->getEditCount(); // revalidation for nulls
1032 return true;
1033 } else {
1034 // Invalid user_id
1035 $this->mId = 0;
1036 $this->loadDefaults();
1037 return false;
1042 * Initialize this object from a row from the user table.
1044 * @param array $row Row from the user table to load.
1045 * @param array $data Further user data to load into the object
1047 * user_groups Array with groups out of the user_groups table
1048 * user_properties Array with properties out of the user_properties table
1050 public function loadFromRow( $row, $data = null ) {
1051 $all = true;
1053 $this->mGroups = null; // deferred
1055 if ( isset( $row->user_name ) ) {
1056 $this->mName = $row->user_name;
1057 $this->mFrom = 'name';
1058 $this->setItemLoaded( 'name' );
1059 } else {
1060 $all = false;
1063 if ( isset( $row->user_real_name ) ) {
1064 $this->mRealName = $row->user_real_name;
1065 $this->setItemLoaded( 'realname' );
1066 } else {
1067 $all = false;
1070 if ( isset( $row->user_id ) ) {
1071 $this->mId = intval( $row->user_id );
1072 $this->mFrom = 'id';
1073 $this->setItemLoaded( 'id' );
1074 } else {
1075 $all = false;
1078 if ( isset( $row->user_editcount ) ) {
1079 $this->mEditCount = $row->user_editcount;
1080 } else {
1081 $all = false;
1084 if ( isset( $row->user_password ) ) {
1085 $this->mPassword = $row->user_password;
1086 $this->mNewpassword = $row->user_newpassword;
1087 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
1088 $this->mEmail = $row->user_email;
1089 if ( isset( $row->user_options ) ) {
1090 $this->decodeOptions( $row->user_options );
1092 $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
1093 $this->mToken = $row->user_token;
1094 if ( $this->mToken == '' ) {
1095 $this->mToken = null;
1097 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1098 $this->mEmailToken = $row->user_email_token;
1099 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1100 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1101 } else {
1102 $all = false;
1105 if ( $all ) {
1106 $this->mLoadedItems = true;
1109 if ( is_array( $data ) ) {
1110 if ( isset( $data['user_groups'] ) && is_array( $data['user_groups'] ) ) {
1111 $this->mGroups = $data['user_groups'];
1113 if ( isset( $data['user_properties'] ) && is_array( $data['user_properties'] ) ) {
1114 $this->loadOptions( $data['user_properties'] );
1120 * Load the data for this user object from another user object.
1122 * @param $user User
1124 protected function loadFromUserObject( $user ) {
1125 $user->load();
1126 $user->loadGroups();
1127 $user->loadOptions();
1128 foreach ( self::$mCacheVars as $var ) {
1129 $this->$var = $user->$var;
1134 * Load the groups from the database if they aren't already loaded.
1136 private function loadGroups() {
1137 if ( is_null( $this->mGroups ) ) {
1138 $dbr = wfGetDB( DB_MASTER );
1139 $res = $dbr->select( 'user_groups',
1140 array( 'ug_group' ),
1141 array( 'ug_user' => $this->mId ),
1142 __METHOD__ );
1143 $this->mGroups = array();
1144 foreach ( $res as $row ) {
1145 $this->mGroups[] = $row->ug_group;
1151 * Add the user to the group if he/she meets given criteria.
1153 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1154 * possible to remove manually via Special:UserRights. In such case it
1155 * will not be re-added automatically. The user will also not lose the
1156 * group if they no longer meet the criteria.
1158 * @param string $event key in $wgAutopromoteOnce (each one has groups/criteria)
1160 * @return array Array of groups the user has been promoted to.
1162 * @see $wgAutopromoteOnce
1164 public function addAutopromoteOnceGroups( $event ) {
1165 global $wgAutopromoteOnceLogInRC, $wgAuth;
1167 $toPromote = array();
1168 if ( $this->getId() ) {
1169 $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1170 if ( count( $toPromote ) ) {
1171 $oldGroups = $this->getGroups(); // previous groups
1173 foreach ( $toPromote as $group ) {
1174 $this->addGroup( $group );
1176 // update groups in external authentication database
1177 $wgAuth->updateExternalDBGroups( $this, $toPromote );
1179 $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1181 $logEntry = new ManualLogEntry( 'rights', 'autopromote' );
1182 $logEntry->setPerformer( $this );
1183 $logEntry->setTarget( $this->getUserPage() );
1184 $logEntry->setParameters( array(
1185 '4::oldgroups' => $oldGroups,
1186 '5::newgroups' => $newGroups,
1187 ) );
1188 $logid = $logEntry->insert();
1189 if ( $wgAutopromoteOnceLogInRC ) {
1190 $logEntry->publish( $logid );
1194 return $toPromote;
1198 * Clear various cached data stored in this object. The cache of the user table
1199 * data (i.e. self::$mCacheVars) is not cleared unless $reloadFrom is given.
1201 * @param bool|string $reloadFrom Reload user and user_groups table data from a
1202 * given source. May be "name", "id", "defaults", "session", or false for
1203 * no reload.
1205 public function clearInstanceCache( $reloadFrom = false ) {
1206 $this->mNewtalk = -1;
1207 $this->mDatePreference = null;
1208 $this->mBlockedby = -1; # Unset
1209 $this->mHash = false;
1210 $this->mRights = null;
1211 $this->mEffectiveGroups = null;
1212 $this->mImplicitGroups = null;
1213 $this->mGroups = null;
1214 $this->mOptions = null;
1215 $this->mOptionsLoaded = false;
1216 $this->mEditCount = null;
1218 if ( $reloadFrom ) {
1219 $this->mLoadedItems = array();
1220 $this->mFrom = $reloadFrom;
1225 * Combine the language default options with any site-specific options
1226 * and add the default language variants.
1228 * @return Array of String options
1230 public static function getDefaultOptions() {
1231 global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1233 static $defOpt = null;
1234 if ( !defined( 'MW_PHPUNIT_TEST' ) && $defOpt !== null ) {
1235 // Disabling this for the unit tests, as they rely on being able to change $wgContLang
1236 // mid-request and see that change reflected in the return value of this function.
1237 // Which is insane and would never happen during normal MW operation
1238 return $defOpt;
1241 $defOpt = $wgDefaultUserOptions;
1242 // Default language setting
1243 $defOpt['language'] = $defOpt['variant'] = $wgContLang->getCode();
1244 foreach ( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
1245 $defOpt['searchNs' . $nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
1247 $defOpt['skin'] = $wgDefaultSkin;
1249 wfRunHooks( 'UserGetDefaultOptions', array( &$defOpt ) );
1251 return $defOpt;
1255 * Get a given default option value.
1257 * @param string $opt Name of option to retrieve
1258 * @return string Default option value
1260 public static function getDefaultOption( $opt ) {
1261 $defOpts = self::getDefaultOptions();
1262 if ( isset( $defOpts[$opt] ) ) {
1263 return $defOpts[$opt];
1264 } else {
1265 return null;
1270 * Get blocking information
1271 * @param bool $bFromSlave Whether to check the slave database first. To
1272 * improve performance, non-critical checks are done
1273 * against slaves. Check when actually saving should be
1274 * done against master.
1276 private function getBlockedStatus( $bFromSlave = true ) {
1277 global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff;
1279 if ( -1 != $this->mBlockedby ) {
1280 return;
1283 wfProfileIn( __METHOD__ );
1284 wfDebug( __METHOD__ . ": checking...\n" );
1286 // Initialize data...
1287 // Otherwise something ends up stomping on $this->mBlockedby when
1288 // things get lazy-loaded later, causing false positive block hits
1289 // due to -1 !== 0. Probably session-related... Nothing should be
1290 // overwriting mBlockedby, surely?
1291 $this->load();
1293 # We only need to worry about passing the IP address to the Block generator if the
1294 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1295 # know which IP address they're actually coming from
1296 if ( !$this->isAllowed( 'ipblock-exempt' ) && $this->getID() == $wgUser->getID() ) {
1297 $ip = $this->getRequest()->getIP();
1298 } else {
1299 $ip = null;
1302 // User/IP blocking
1303 $block = Block::newFromTarget( $this, $ip, !$bFromSlave );
1305 // Proxy blocking
1306 if ( !$block instanceof Block && $ip !== null && !$this->isAllowed( 'proxyunbannable' )
1307 && !in_array( $ip, $wgProxyWhitelist ) )
1309 // Local list
1310 if ( self::isLocallyBlockedProxy( $ip ) ) {
1311 $block = new Block;
1312 $block->setBlocker( wfMessage( 'proxyblocker' )->text() );
1313 $block->mReason = wfMessage( 'proxyblockreason' )->text();
1314 $block->setTarget( $ip );
1315 } elseif ( $this->isAnon() && $this->isDnsBlacklisted( $ip ) ) {
1316 $block = new Block;
1317 $block->setBlocker( wfMessage( 'sorbs' )->text() );
1318 $block->mReason = wfMessage( 'sorbsreason' )->text();
1319 $block->setTarget( $ip );
1323 // (bug 23343) Apply IP blocks to the contents of XFF headers, if enabled
1324 if ( !$block instanceof Block
1325 && $wgApplyIpBlocksToXff
1326 && $ip !== null
1327 && !$this->isAllowed( 'proxyunbannable' )
1328 && !in_array( $ip, $wgProxyWhitelist )
1330 $xff = $this->getRequest()->getHeader( 'X-Forwarded-For' );
1331 $xff = array_map( 'trim', explode( ',', $xff ) );
1332 $xff = array_diff( $xff, array( $ip ) );
1333 $xffblocks = Block::getBlocksForIPList( $xff, $this->isAnon(), !$bFromSlave );
1334 $block = Block::chooseBlock( $xffblocks, $xff );
1335 if ( $block instanceof Block ) {
1336 # Mangle the reason to alert the user that the block
1337 # originated from matching the X-Forwarded-For header.
1338 $block->mReason = wfMessage( 'xffblockreason', $block->mReason )->text();
1342 if ( $block instanceof Block ) {
1343 wfDebug( __METHOD__ . ": Found block.\n" );
1344 $this->mBlock = $block;
1345 $this->mBlockedby = $block->getByName();
1346 $this->mBlockreason = $block->mReason;
1347 $this->mHideName = $block->mHideName;
1348 $this->mAllowUsertalk = !$block->prevents( 'editownusertalk' );
1349 } else {
1350 $this->mBlockedby = '';
1351 $this->mHideName = 0;
1352 $this->mAllowUsertalk = false;
1355 // Extensions
1356 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
1358 wfProfileOut( __METHOD__ );
1362 * Whether the given IP is in a DNS blacklist.
1364 * @param string $ip IP to check
1365 * @param bool $checkWhitelist whether to check the whitelist first
1366 * @return bool True if blacklisted.
1368 public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1369 global $wgEnableSorbs, $wgEnableDnsBlacklist,
1370 $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1372 if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs ) {
1373 return false;
1376 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) ) {
1377 return false;
1380 $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
1381 return $this->inDnsBlacklist( $ip, $urls );
1385 * Whether the given IP is in a given DNS blacklist.
1387 * @param string $ip IP to check
1388 * @param string|array $bases of Strings: URL of the DNS blacklist
1389 * @return bool True if blacklisted.
1391 public function inDnsBlacklist( $ip, $bases ) {
1392 wfProfileIn( __METHOD__ );
1394 $found = false;
1395 // @todo FIXME: IPv6 ??? (http://bugs.php.net/bug.php?id=33170)
1396 if ( IP::isIPv4( $ip ) ) {
1397 // Reverse IP, bug 21255
1398 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1400 foreach ( (array)$bases as $base ) {
1401 // Make hostname
1402 // If we have an access key, use that too (ProjectHoneypot, etc.)
1403 if ( is_array( $base ) ) {
1404 if ( count( $base ) >= 2 ) {
1405 // Access key is 1, base URL is 0
1406 $host = "{$base[1]}.$ipReversed.{$base[0]}";
1407 } else {
1408 $host = "$ipReversed.{$base[0]}";
1410 } else {
1411 $host = "$ipReversed.$base";
1414 // Send query
1415 $ipList = gethostbynamel( $host );
1417 if ( $ipList ) {
1418 wfDebugLog( 'dnsblacklist', "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
1419 $found = true;
1420 break;
1421 } else {
1422 wfDebugLog( 'dnsblacklist', "Requested $host, not found in $base.\n" );
1427 wfProfileOut( __METHOD__ );
1428 return $found;
1432 * Check if an IP address is in the local proxy list
1434 * @param $ip string
1436 * @return bool
1438 public static function isLocallyBlockedProxy( $ip ) {
1439 global $wgProxyList;
1441 if ( !$wgProxyList ) {
1442 return false;
1444 wfProfileIn( __METHOD__ );
1446 if ( !is_array( $wgProxyList ) ) {
1447 // Load from the specified file
1448 $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
1451 if ( !is_array( $wgProxyList ) ) {
1452 $ret = false;
1453 } elseif ( array_search( $ip, $wgProxyList ) !== false ) {
1454 $ret = true;
1455 } elseif ( array_key_exists( $ip, $wgProxyList ) ) {
1456 // Old-style flipped proxy list
1457 $ret = true;
1458 } else {
1459 $ret = false;
1461 wfProfileOut( __METHOD__ );
1462 return $ret;
1466 * Is this user subject to rate limiting?
1468 * @return bool True if rate limited
1470 public function isPingLimitable() {
1471 global $wgRateLimitsExcludedIPs;
1472 if ( in_array( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
1473 // No other good way currently to disable rate limits
1474 // for specific IPs. :P
1475 // But this is a crappy hack and should die.
1476 return false;
1478 return !$this->isAllowed( 'noratelimit' );
1482 * Primitive rate limits: enforce maximum actions per time period
1483 * to put a brake on flooding.
1485 * @note When using a shared cache like memcached, IP-address
1486 * last-hit counters will be shared across wikis.
1488 * @param string $action Action to enforce; 'edit' if unspecified
1489 * @return bool True if a rate limiter was tripped
1491 public function pingLimiter( $action = 'edit' ) {
1492 // Call the 'PingLimiter' hook
1493 $result = false;
1494 if ( !wfRunHooks( 'PingLimiter', array( &$this, $action, &$result ) ) ) {
1495 return $result;
1498 global $wgRateLimits;
1499 if ( !isset( $wgRateLimits[$action] ) ) {
1500 return false;
1503 // Some groups shouldn't trigger the ping limiter, ever
1504 if ( !$this->isPingLimitable() ) {
1505 return false;
1508 global $wgMemc, $wgRateLimitLog;
1509 wfProfileIn( __METHOD__ );
1511 $limits = $wgRateLimits[$action];
1512 $keys = array();
1513 $id = $this->getId();
1514 $userLimit = false;
1516 if ( isset( $limits['anon'] ) && $id == 0 ) {
1517 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1520 if ( isset( $limits['user'] ) && $id != 0 ) {
1521 $userLimit = $limits['user'];
1523 if ( $this->isNewbie() ) {
1524 if ( isset( $limits['newbie'] ) && $id != 0 ) {
1525 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1527 if ( isset( $limits['ip'] ) ) {
1528 $ip = $this->getRequest()->getIP();
1529 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1531 if ( isset( $limits['subnet'] ) ) {
1532 $ip = $this->getRequest()->getIP();
1533 $matches = array();
1534 $subnet = false;
1535 if ( IP::isIPv6( $ip ) ) {
1536 $parts = IP::parseRange( "$ip/64" );
1537 $subnet = $parts[0];
1538 } elseif ( preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1539 // IPv4
1540 $subnet = $matches[1];
1542 if ( $subnet !== false ) {
1543 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1547 // Check for group-specific permissions
1548 // If more than one group applies, use the group with the highest limit
1549 foreach ( $this->getGroups() as $group ) {
1550 if ( isset( $limits[$group] ) ) {
1551 if ( $userLimit === false || $limits[$group] > $userLimit ) {
1552 $userLimit = $limits[$group];
1556 // Set the user limit key
1557 if ( $userLimit !== false ) {
1558 list( $max, $period ) = $userLimit;
1559 wfDebug( __METHOD__ . ": effective user limit: $max in {$period}s\n" );
1560 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $userLimit;
1563 $triggered = false;
1564 foreach ( $keys as $key => $limit ) {
1565 list( $max, $period ) = $limit;
1566 $summary = "(limit $max in {$period}s)";
1567 $count = $wgMemc->get( $key );
1568 // Already pinged?
1569 if ( $count ) {
1570 if ( $count >= $max ) {
1571 wfDebug( __METHOD__ . ": tripped! $key at $count $summary\n" );
1572 if ( $wgRateLimitLog ) {
1573 wfSuppressWarnings();
1574 file_put_contents( $wgRateLimitLog, wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", FILE_APPEND );
1575 wfRestoreWarnings();
1577 $triggered = true;
1578 } else {
1579 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
1581 } else {
1582 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
1583 $wgMemc->add( $key, 0, intval( $period ) ); // first ping
1585 $wgMemc->incr( $key );
1588 wfProfileOut( __METHOD__ );
1589 return $triggered;
1593 * Check if user is blocked
1595 * @param bool $bFromSlave Whether to check the slave database instead of the master
1596 * @return bool True if blocked, false otherwise
1598 public function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1599 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
1603 * Get the block affecting the user, or null if the user is not blocked
1605 * @param bool $bFromSlave Whether to check the slave database instead of the master
1606 * @return Block|null
1608 public function getBlock( $bFromSlave = true ) {
1609 $this->getBlockedStatus( $bFromSlave );
1610 return $this->mBlock instanceof Block ? $this->mBlock : null;
1614 * Check if user is blocked from editing a particular article
1616 * @param Title $title Title to check
1617 * @param bool $bFromSlave whether to check the slave database instead of the master
1618 * @return bool
1620 function isBlockedFrom( $title, $bFromSlave = false ) {
1621 global $wgBlockAllowsUTEdit;
1622 wfProfileIn( __METHOD__ );
1624 $blocked = $this->isBlocked( $bFromSlave );
1625 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
1626 // If a user's name is suppressed, they cannot make edits anywhere
1627 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName() &&
1628 $title->getNamespace() == NS_USER_TALK ) {
1629 $blocked = false;
1630 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
1633 wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );
1635 wfProfileOut( __METHOD__ );
1636 return $blocked;
1640 * If user is blocked, return the name of the user who placed the block
1641 * @return string Name of blocker
1643 public function blockedBy() {
1644 $this->getBlockedStatus();
1645 return $this->mBlockedby;
1649 * If user is blocked, return the specified reason for the block
1650 * @return string Blocking reason
1652 public function blockedFor() {
1653 $this->getBlockedStatus();
1654 return $this->mBlockreason;
1658 * If user is blocked, return the ID for the block
1659 * @return int Block ID
1661 public function getBlockId() {
1662 $this->getBlockedStatus();
1663 return ( $this->mBlock ? $this->mBlock->getId() : false );
1667 * Check if user is blocked on all wikis.
1668 * Do not use for actual edit permission checks!
1669 * This is intended for quick UI checks.
1671 * @param string $ip IP address, uses current client if none given
1672 * @return bool True if blocked, false otherwise
1674 public function isBlockedGlobally( $ip = '' ) {
1675 if ( $this->mBlockedGlobally !== null ) {
1676 return $this->mBlockedGlobally;
1678 // User is already an IP?
1679 if ( IP::isIPAddress( $this->getName() ) ) {
1680 $ip = $this->getName();
1681 } elseif ( !$ip ) {
1682 $ip = $this->getRequest()->getIP();
1684 $blocked = false;
1685 wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
1686 $this->mBlockedGlobally = (bool)$blocked;
1687 return $this->mBlockedGlobally;
1691 * Check if user account is locked
1693 * @return bool True if locked, false otherwise
1695 public function isLocked() {
1696 if ( $this->mLocked !== null ) {
1697 return $this->mLocked;
1699 global $wgAuth;
1700 $authUser = $wgAuth->getUserInstance( $this );
1701 $this->mLocked = (bool)$authUser->isLocked();
1702 return $this->mLocked;
1706 * Check if user account is hidden
1708 * @return bool True if hidden, false otherwise
1710 public function isHidden() {
1711 if ( $this->mHideName !== null ) {
1712 return $this->mHideName;
1714 $this->getBlockedStatus();
1715 if ( !$this->mHideName ) {
1716 global $wgAuth;
1717 $authUser = $wgAuth->getUserInstance( $this );
1718 $this->mHideName = (bool)$authUser->isHidden();
1720 return $this->mHideName;
1724 * Get the user's ID.
1725 * @return int The user's ID; 0 if the user is anonymous or nonexistent
1727 public function getId() {
1728 if ( $this->mId === null && $this->mName !== null && User::isIP( $this->mName ) ) {
1729 // Special case, we know the user is anonymous
1730 return 0;
1731 } elseif ( !$this->isItemLoaded( 'id' ) ) {
1732 // Don't load if this was initialized from an ID
1733 $this->load();
1735 return $this->mId;
1739 * Set the user and reload all fields according to a given ID
1740 * @param int $v User ID to reload
1742 public function setId( $v ) {
1743 $this->mId = $v;
1744 $this->clearInstanceCache( 'id' );
1748 * Get the user name, or the IP of an anonymous user
1749 * @return string User's name or IP address
1751 public function getName() {
1752 if ( $this->isItemLoaded( 'name', 'only' ) ) {
1753 // Special case optimisation
1754 return $this->mName;
1755 } else {
1756 $this->load();
1757 if ( $this->mName === false ) {
1758 // Clean up IPs
1759 $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
1761 return $this->mName;
1766 * Set the user name.
1768 * This does not reload fields from the database according to the given
1769 * name. Rather, it is used to create a temporary "nonexistent user" for
1770 * later addition to the database. It can also be used to set the IP
1771 * address for an anonymous user to something other than the current
1772 * remote IP.
1774 * @note User::newFromName() has roughly the same function, when the named user
1775 * does not exist.
1776 * @param string $str New user name to set
1778 public function setName( $str ) {
1779 $this->load();
1780 $this->mName = $str;
1784 * Get the user's name escaped by underscores.
1785 * @return string Username escaped by underscores.
1787 public function getTitleKey() {
1788 return str_replace( ' ', '_', $this->getName() );
1792 * Check if the user has new messages.
1793 * @return bool True if the user has new messages
1795 public function getNewtalk() {
1796 $this->load();
1798 // Load the newtalk status if it is unloaded (mNewtalk=-1)
1799 if ( $this->mNewtalk === -1 ) {
1800 $this->mNewtalk = false; # reset talk page status
1802 // Check memcached separately for anons, who have no
1803 // entire User object stored in there.
1804 if ( !$this->mId ) {
1805 global $wgDisableAnonTalk;
1806 if ( $wgDisableAnonTalk ) {
1807 // Anon newtalk disabled by configuration.
1808 $this->mNewtalk = false;
1809 } else {
1810 global $wgMemc;
1811 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1812 $newtalk = $wgMemc->get( $key );
1813 if ( strval( $newtalk ) !== '' ) {
1814 $this->mNewtalk = (bool)$newtalk;
1815 } else {
1816 // Since we are caching this, make sure it is up to date by getting it
1817 // from the master
1818 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
1819 $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
1822 } else {
1823 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1827 return (bool)$this->mNewtalk;
1831 * Return the data needed to construct links for new talk page message
1832 * alerts. If there are new messages, this will return an associative array
1833 * with the following data:
1834 * wiki: The database name of the wiki
1835 * link: Root-relative link to the user's talk page
1836 * rev: The last talk page revision that the user has seen or null. This
1837 * is useful for building diff links.
1838 * If there are no new messages, it returns an empty array.
1839 * @note This function was designed to accomodate multiple talk pages, but
1840 * currently only returns a single link and revision.
1841 * @return Array
1843 public function getNewMessageLinks() {
1844 $talks = array();
1845 if ( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) ) {
1846 return $talks;
1847 } elseif ( !$this->getNewtalk() ) {
1848 return array();
1850 $utp = $this->getTalkPage();
1851 $dbr = wfGetDB( DB_SLAVE );
1852 // Get the "last viewed rev" timestamp from the oldest message notification
1853 $timestamp = $dbr->selectField( 'user_newtalk',
1854 'MIN(user_last_timestamp)',
1855 $this->isAnon() ? array( 'user_ip' => $this->getName() ) : array( 'user_id' => $this->getID() ),
1856 __METHOD__ );
1857 $rev = $timestamp ? Revision::loadFromTimestamp( $dbr, $utp, $timestamp ) : null;
1858 return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL(), 'rev' => $rev ) );
1862 * Get the revision ID for the last talk page revision viewed by the talk
1863 * page owner.
1864 * @return int|null Revision ID or null
1866 public function getNewMessageRevisionId() {
1867 $newMessageRevisionId = null;
1868 $newMessageLinks = $this->getNewMessageLinks();
1869 if ( $newMessageLinks ) {
1870 // Note: getNewMessageLinks() never returns more than a single link
1871 // and it is always for the same wiki, but we double-check here in
1872 // case that changes some time in the future.
1873 if ( count( $newMessageLinks ) === 1
1874 && $newMessageLinks[0]['wiki'] === wfWikiID()
1875 && $newMessageLinks[0]['rev']
1877 $newMessageRevision = $newMessageLinks[0]['rev'];
1878 $newMessageRevisionId = $newMessageRevision->getId();
1881 return $newMessageRevisionId;
1885 * Internal uncached check for new messages
1887 * @see getNewtalk()
1888 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
1889 * @param string|int $id User's IP address for anonymous users, User ID otherwise
1890 * @param bool $fromMaster true to fetch from the master, false for a slave
1891 * @return bool True if the user has new messages
1893 protected function checkNewtalk( $field, $id, $fromMaster = false ) {
1894 if ( $fromMaster ) {
1895 $db = wfGetDB( DB_MASTER );
1896 } else {
1897 $db = wfGetDB( DB_SLAVE );
1899 $ok = $db->selectField( 'user_newtalk', $field,
1900 array( $field => $id ), __METHOD__ );
1901 return $ok !== false;
1905 * Add or update the new messages flag
1906 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
1907 * @param string|int $id User's IP address for anonymous users, User ID otherwise
1908 * @param $curRev Revision new, as yet unseen revision of the user talk page. Ignored if null.
1909 * @return bool True if successful, false otherwise
1911 protected function updateNewtalk( $field, $id, $curRev = null ) {
1912 // Get timestamp of the talk page revision prior to the current one
1913 $prevRev = $curRev ? $curRev->getPrevious() : false;
1914 $ts = $prevRev ? $prevRev->getTimestamp() : null;
1915 // Mark the user as having new messages since this revision
1916 $dbw = wfGetDB( DB_MASTER );
1917 $dbw->insert( 'user_newtalk',
1918 array( $field => $id, 'user_last_timestamp' => $dbw->timestampOrNull( $ts ) ),
1919 __METHOD__,
1920 'IGNORE' );
1921 if ( $dbw->affectedRows() ) {
1922 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
1923 return true;
1924 } else {
1925 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
1926 return false;
1931 * Clear the new messages flag for the given user
1932 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
1933 * @param string|int $id User's IP address for anonymous users, User ID otherwise
1934 * @return bool True if successful, false otherwise
1936 protected function deleteNewtalk( $field, $id ) {
1937 $dbw = wfGetDB( DB_MASTER );
1938 $dbw->delete( 'user_newtalk',
1939 array( $field => $id ),
1940 __METHOD__ );
1941 if ( $dbw->affectedRows() ) {
1942 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
1943 return true;
1944 } else {
1945 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
1946 return false;
1951 * Update the 'You have new messages!' status.
1952 * @param bool $val Whether the user has new messages
1953 * @param $curRev Revision new, as yet unseen revision of the user talk page. Ignored if null or !$val.
1955 public function setNewtalk( $val, $curRev = null ) {
1956 if ( wfReadOnly() ) {
1957 return;
1960 $this->load();
1961 $this->mNewtalk = $val;
1963 if ( $this->isAnon() ) {
1964 $field = 'user_ip';
1965 $id = $this->getName();
1966 } else {
1967 $field = 'user_id';
1968 $id = $this->getId();
1970 global $wgMemc;
1972 if ( $val ) {
1973 $changed = $this->updateNewtalk( $field, $id, $curRev );
1974 } else {
1975 $changed = $this->deleteNewtalk( $field, $id );
1978 if ( $this->isAnon() ) {
1979 // Anons have a separate memcached space, since
1980 // user records aren't kept for them.
1981 $key = wfMemcKey( 'newtalk', 'ip', $id );
1982 $wgMemc->set( $key, $val ? 1 : 0, 1800 );
1984 if ( $changed ) {
1985 $this->invalidateCache();
1990 * Generate a current or new-future timestamp to be stored in the
1991 * user_touched field when we update things.
1992 * @return string Timestamp in TS_MW format
1994 private static function newTouchedTimestamp() {
1995 global $wgClockSkewFudge;
1996 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
2000 * Clear user data from memcached.
2001 * Use after applying fun updates to the database; caller's
2002 * responsibility to update user_touched if appropriate.
2004 * Called implicitly from invalidateCache() and saveSettings().
2006 private function clearSharedCache() {
2007 $this->load();
2008 if ( $this->mId ) {
2009 global $wgMemc;
2010 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
2015 * Immediately touch the user data cache for this account.
2016 * Updates user_touched field, and removes account data from memcached
2017 * for reload on the next hit.
2019 public function invalidateCache() {
2020 if ( wfReadOnly() ) {
2021 return;
2023 $this->load();
2024 if ( $this->mId ) {
2025 $this->mTouched = self::newTouchedTimestamp();
2027 $dbw = wfGetDB( DB_MASTER );
2028 $userid = $this->mId;
2029 $touched = $this->mTouched;
2030 $method = __METHOD__;
2031 $dbw->onTransactionIdle( function() use ( $dbw, $userid, $touched, $method ) {
2032 // Prevent contention slams by checking user_touched first
2033 $encTouched = $dbw->addQuotes( $dbw->timestamp( $touched ) );
2034 $needsPurge = $dbw->selectField( 'user', '1',
2035 array( 'user_id' => $userid, 'user_touched < ' . $encTouched ) );
2036 if ( $needsPurge ) {
2037 $dbw->update( 'user',
2038 array( 'user_touched' => $dbw->timestamp( $touched ) ),
2039 array( 'user_id' => $userid, 'user_touched < ' . $encTouched ),
2040 $method
2043 } );
2044 $this->clearSharedCache();
2049 * Validate the cache for this account.
2050 * @param string $timestamp A timestamp in TS_MW format
2051 * @return bool
2053 public function validateCache( $timestamp ) {
2054 $this->load();
2055 return ( $timestamp >= $this->mTouched );
2059 * Get the user touched timestamp
2060 * @return string timestamp
2062 public function getTouched() {
2063 $this->load();
2064 return $this->mTouched;
2068 * Set the password and reset the random token.
2069 * Calls through to authentication plugin if necessary;
2070 * will have no effect if the auth plugin refuses to
2071 * pass the change through or if the legal password
2072 * checks fail.
2074 * As a special case, setting the password to null
2075 * wipes it, so the account cannot be logged in until
2076 * a new password is set, for instance via e-mail.
2078 * @param string $str New password to set
2079 * @throws PasswordError on failure
2081 * @return bool
2083 public function setPassword( $str ) {
2084 global $wgAuth;
2086 if ( $str !== null ) {
2087 if ( !$wgAuth->allowPasswordChange() ) {
2088 throw new PasswordError( wfMessage( 'password-change-forbidden' )->text() );
2091 if ( !$this->isValidPassword( $str ) ) {
2092 global $wgMinimalPasswordLength;
2093 $valid = $this->getPasswordValidity( $str );
2094 if ( is_array( $valid ) ) {
2095 $message = array_shift( $valid );
2096 $params = $valid;
2097 } else {
2098 $message = $valid;
2099 $params = array( $wgMinimalPasswordLength );
2101 throw new PasswordError( wfMessage( $message, $params )->text() );
2105 if ( !$wgAuth->setPassword( $this, $str ) ) {
2106 throw new PasswordError( wfMessage( 'externaldberror' )->text() );
2109 $this->setInternalPassword( $str );
2111 return true;
2115 * Set the password and reset the random token unconditionally.
2117 * @param string|null $str New password to set or null to set an invalid
2118 * password hash meaning that the user will not be able to log in
2119 * through the web interface.
2121 public function setInternalPassword( $str ) {
2122 $this->load();
2123 $this->setToken();
2125 if ( $str === null ) {
2126 // Save an invalid hash...
2127 $this->mPassword = '';
2128 } else {
2129 $this->mPassword = self::crypt( $str );
2131 $this->mNewpassword = '';
2132 $this->mNewpassTime = null;
2136 * Get the user's current token.
2137 * @param bool $forceCreation Force the generation of a new token if the user doesn't have one (default=true for backwards compatibility)
2138 * @return string Token
2140 public function getToken( $forceCreation = true ) {
2141 $this->load();
2142 if ( !$this->mToken && $forceCreation ) {
2143 $this->setToken();
2145 return $this->mToken;
2149 * Set the random token (used for persistent authentication)
2150 * Called from loadDefaults() among other places.
2152 * @param string|bool $token If specified, set the token to this value
2154 public function setToken( $token = false ) {
2155 $this->load();
2156 if ( !$token ) {
2157 $this->mToken = MWCryptRand::generateHex( USER_TOKEN_LENGTH );
2158 } else {
2159 $this->mToken = $token;
2164 * Set the password for a password reminder or new account email
2166 * @param string $str New password to set
2167 * @param bool $throttle If true, reset the throttle timestamp to the present
2169 public function setNewpassword( $str, $throttle = true ) {
2170 $this->load();
2171 $this->mNewpassword = self::crypt( $str );
2172 if ( $throttle ) {
2173 $this->mNewpassTime = wfTimestampNow();
2178 * Has password reminder email been sent within the last
2179 * $wgPasswordReminderResendTime hours?
2180 * @return bool
2182 public function isPasswordReminderThrottled() {
2183 global $wgPasswordReminderResendTime;
2184 $this->load();
2185 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
2186 return false;
2188 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
2189 return time() < $expiry;
2193 * Get the user's e-mail address
2194 * @return string User's email address
2196 public function getEmail() {
2197 $this->load();
2198 wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
2199 return $this->mEmail;
2203 * Get the timestamp of the user's e-mail authentication
2204 * @return string TS_MW timestamp
2206 public function getEmailAuthenticationTimestamp() {
2207 $this->load();
2208 wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
2209 return $this->mEmailAuthenticated;
2213 * Set the user's e-mail address
2214 * @param string $str New e-mail address
2216 public function setEmail( $str ) {
2217 $this->load();
2218 if ( $str == $this->mEmail ) {
2219 return;
2221 $this->mEmail = $str;
2222 $this->invalidateEmail();
2223 wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
2227 * Set the user's e-mail address and a confirmation mail if needed.
2229 * @since 1.20
2230 * @param string $str New e-mail address
2231 * @return Status
2233 public function setEmailWithConfirmation( $str ) {
2234 global $wgEnableEmail, $wgEmailAuthentication;
2236 if ( !$wgEnableEmail ) {
2237 return Status::newFatal( 'emaildisabled' );
2240 $oldaddr = $this->getEmail();
2241 if ( $str === $oldaddr ) {
2242 return Status::newGood( true );
2245 $this->setEmail( $str );
2247 if ( $str !== '' && $wgEmailAuthentication ) {
2248 // Send a confirmation request to the new address if needed
2249 $type = $oldaddr != '' ? 'changed' : 'set';
2250 $result = $this->sendConfirmationMail( $type );
2251 if ( $result->isGood() ) {
2252 // Say the the caller that a confirmation mail has been sent
2253 $result->value = 'eauth';
2255 } else {
2256 $result = Status::newGood( true );
2259 return $result;
2263 * Get the user's real name
2264 * @return string User's real name
2266 public function getRealName() {
2267 if ( !$this->isItemLoaded( 'realname' ) ) {
2268 $this->load();
2271 return $this->mRealName;
2275 * Set the user's real name
2276 * @param string $str New real name
2278 public function setRealName( $str ) {
2279 $this->load();
2280 $this->mRealName = $str;
2284 * Get the user's current setting for a given option.
2286 * @param string $oname The option to check
2287 * @param string $defaultOverride A default value returned if the option does not exist
2288 * @param bool $ignoreHidden Whether to ignore the effects of $wgHiddenPrefs
2289 * @return string User's current value for the option
2290 * @see getBoolOption()
2291 * @see getIntOption()
2293 public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
2294 global $wgHiddenPrefs;
2295 $this->loadOptions();
2297 # We want 'disabled' preferences to always behave as the default value for
2298 # users, even if they have set the option explicitly in their settings (ie they
2299 # set it, and then it was disabled removing their ability to change it). But
2300 # we don't want to erase the preferences in the database in case the preference
2301 # is re-enabled again. So don't touch $mOptions, just override the returned value
2302 if ( !$ignoreHidden && in_array( $oname, $wgHiddenPrefs ) ) {
2303 return self::getDefaultOption( $oname );
2306 if ( array_key_exists( $oname, $this->mOptions ) ) {
2307 return $this->mOptions[$oname];
2308 } else {
2309 return $defaultOverride;
2314 * Get all user's options
2316 * @return array
2318 public function getOptions() {
2319 global $wgHiddenPrefs;
2320 $this->loadOptions();
2321 $options = $this->mOptions;
2323 # We want 'disabled' preferences to always behave as the default value for
2324 # users, even if they have set the option explicitly in their settings (ie they
2325 # set it, and then it was disabled removing their ability to change it). But
2326 # we don't want to erase the preferences in the database in case the preference
2327 # is re-enabled again. So don't touch $mOptions, just override the returned value
2328 foreach ( $wgHiddenPrefs as $pref ) {
2329 $default = self::getDefaultOption( $pref );
2330 if ( $default !== null ) {
2331 $options[$pref] = $default;
2335 return $options;
2339 * Get the user's current setting for a given option, as a boolean value.
2341 * @param string $oname The option to check
2342 * @return bool User's current value for the option
2343 * @see getOption()
2345 public function getBoolOption( $oname ) {
2346 return (bool)$this->getOption( $oname );
2350 * Get the user's current setting for a given option, as a boolean value.
2352 * @param string $oname The option to check
2353 * @param int $defaultOverride A default value returned if the option does not exist
2354 * @return int User's current value for the option
2355 * @see getOption()
2357 public function getIntOption( $oname, $defaultOverride = 0 ) {
2358 $val = $this->getOption( $oname );
2359 if ( $val == '' ) {
2360 $val = $defaultOverride;
2362 return intval( $val );
2366 * Set the given option for a user.
2368 * @param string $oname The option to set
2369 * @param mixed $val New value to set
2371 public function setOption( $oname, $val ) {
2372 $this->loadOptions();
2374 // Explicitly NULL values should refer to defaults
2375 if ( is_null( $val ) ) {
2376 $val = self::getDefaultOption( $oname );
2379 $this->mOptions[$oname] = $val;
2383 * Get a token stored in the preferences (like the watchlist one),
2384 * resetting it if it's empty (and saving changes).
2386 * @param string $oname The option name to retrieve the token from
2387 * @return string|bool User's current value for the option, or false if this option is disabled.
2388 * @see resetTokenFromOption()
2389 * @see getOption()
2391 public function getTokenFromOption( $oname ) {
2392 global $wgHiddenPrefs;
2393 if ( in_array( $oname, $wgHiddenPrefs ) ) {
2394 return false;
2397 $token = $this->getOption( $oname );
2398 if ( !$token ) {
2399 $token = $this->resetTokenFromOption( $oname );
2400 $this->saveSettings();
2402 return $token;
2406 * Reset a token stored in the preferences (like the watchlist one).
2407 * *Does not* save user's preferences (similarly to setOption()).
2409 * @param string $oname The option name to reset the token in
2410 * @return string|bool New token value, or false if this option is disabled.
2411 * @see getTokenFromOption()
2412 * @see setOption()
2414 public function resetTokenFromOption( $oname ) {
2415 global $wgHiddenPrefs;
2416 if ( in_array( $oname, $wgHiddenPrefs ) ) {
2417 return false;
2420 $token = MWCryptRand::generateHex( 40 );
2421 $this->setOption( $oname, $token );
2422 return $token;
2426 * Return a list of the types of user options currently returned by
2427 * User::getOptionKinds().
2429 * Currently, the option kinds are:
2430 * - 'registered' - preferences which are registered in core MediaWiki or
2431 * by extensions using the UserGetDefaultOptions hook.
2432 * - 'registered-multiselect' - as above, using the 'multiselect' type.
2433 * - 'registered-checkmatrix' - as above, using the 'checkmatrix' type.
2434 * - 'userjs' - preferences with names starting with 'userjs-', intended to
2435 * be used by user scripts.
2436 * - 'unused' - preferences about which MediaWiki doesn't know anything.
2437 * These are usually legacy options, removed in newer versions.
2439 * The API (and possibly others) use this function to determine the possible
2440 * option types for validation purposes, so make sure to update this when a
2441 * new option kind is added.
2443 * @see User::getOptionKinds
2444 * @return array Option kinds
2446 public static function listOptionKinds() {
2447 return array(
2448 'registered',
2449 'registered-multiselect',
2450 'registered-checkmatrix',
2451 'userjs',
2452 'unused'
2457 * Return an associative array mapping preferences keys to the kind of a preference they're
2458 * used for. Different kinds are handled differently when setting or reading preferences.
2460 * See User::listOptionKinds for the list of valid option types that can be provided.
2462 * @see User::listOptionKinds
2463 * @param $context IContextSource
2464 * @param array $options assoc. array with options keys to check as keys. Defaults to $this->mOptions.
2465 * @return array the key => kind mapping data
2467 public function getOptionKinds( IContextSource $context, $options = null ) {
2468 $this->loadOptions();
2469 if ( $options === null ) {
2470 $options = $this->mOptions;
2473 $prefs = Preferences::getPreferences( $this, $context );
2474 $mapping = array();
2476 // Multiselect and checkmatrix options are stored in the database with
2477 // one key per option, each having a boolean value. Extract those keys.
2478 $multiselectOptions = array();
2479 foreach ( $prefs as $name => $info ) {
2480 if ( ( isset( $info['type'] ) && $info['type'] == 'multiselect' ) ||
2481 ( isset( $info['class'] ) && $info['class'] == 'HTMLMultiSelectField' ) ) {
2482 $opts = HTMLFormField::flattenOptions( $info['options'] );
2483 $prefix = isset( $info['prefix'] ) ? $info['prefix'] : $name;
2485 foreach ( $opts as $value ) {
2486 $multiselectOptions["$prefix$value"] = true;
2489 unset( $prefs[$name] );
2492 $checkmatrixOptions = array();
2493 foreach ( $prefs as $name => $info ) {
2494 if ( ( isset( $info['type'] ) && $info['type'] == 'checkmatrix' ) ||
2495 ( isset( $info['class'] ) && $info['class'] == 'HTMLCheckMatrix' ) ) {
2496 $columns = HTMLFormField::flattenOptions( $info['columns'] );
2497 $rows = HTMLFormField::flattenOptions( $info['rows'] );
2498 $prefix = isset( $info['prefix'] ) ? $info['prefix'] : $name;
2500 foreach ( $columns as $column ) {
2501 foreach ( $rows as $row ) {
2502 $checkmatrixOptions["$prefix-$column-$row"] = true;
2506 unset( $prefs[$name] );
2510 // $value is ignored
2511 foreach ( $options as $key => $value ) {
2512 if ( isset( $prefs[$key] ) ) {
2513 $mapping[$key] = 'registered';
2514 } elseif ( isset( $multiselectOptions[$key] ) ) {
2515 $mapping[$key] = 'registered-multiselect';
2516 } elseif ( isset( $checkmatrixOptions[$key] ) ) {
2517 $mapping[$key] = 'registered-checkmatrix';
2518 } elseif ( substr( $key, 0, 7 ) === 'userjs-' ) {
2519 $mapping[$key] = 'userjs';
2520 } else {
2521 $mapping[$key] = 'unused';
2525 return $mapping;
2529 * Reset certain (or all) options to the site defaults
2531 * The optional parameter determines which kinds of preferences will be reset.
2532 * Supported values are everything that can be reported by getOptionKinds()
2533 * and 'all', which forces a reset of *all* preferences and overrides everything else.
2535 * @param array|string $resetKinds which kinds of preferences to reset. Defaults to
2536 * array( 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' )
2537 * for backwards-compatibility.
2538 * @param $context IContextSource|null context source used when $resetKinds
2539 * does not contain 'all', passed to getOptionKinds().
2540 * Defaults to RequestContext::getMain() when null.
2542 public function resetOptions(
2543 $resetKinds = array( 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' ),
2544 IContextSource $context = null
2546 $this->load();
2547 $defaultOptions = self::getDefaultOptions();
2549 if ( !is_array( $resetKinds ) ) {
2550 $resetKinds = array( $resetKinds );
2553 if ( in_array( 'all', $resetKinds ) ) {
2554 $newOptions = $defaultOptions;
2555 } else {
2556 if ( $context === null ) {
2557 $context = RequestContext::getMain();
2560 $optionKinds = $this->getOptionKinds( $context );
2561 $resetKinds = array_intersect( $resetKinds, self::listOptionKinds() );
2562 $newOptions = array();
2564 // Use default values for the options that should be deleted, and
2565 // copy old values for the ones that shouldn't.
2566 foreach ( $this->mOptions as $key => $value ) {
2567 if ( in_array( $optionKinds[$key], $resetKinds ) ) {
2568 if ( array_key_exists( $key, $defaultOptions ) ) {
2569 $newOptions[$key] = $defaultOptions[$key];
2571 } else {
2572 $newOptions[$key] = $value;
2577 $this->mOptions = $newOptions;
2578 $this->mOptionsLoaded = true;
2582 * Get the user's preferred date format.
2583 * @return string User's preferred date format
2585 public function getDatePreference() {
2586 // Important migration for old data rows
2587 if ( is_null( $this->mDatePreference ) ) {
2588 global $wgLang;
2589 $value = $this->getOption( 'date' );
2590 $map = $wgLang->getDatePreferenceMigrationMap();
2591 if ( isset( $map[$value] ) ) {
2592 $value = $map[$value];
2594 $this->mDatePreference = $value;
2596 return $this->mDatePreference;
2600 * Get the user preferred stub threshold
2602 * @return int
2604 public function getStubThreshold() {
2605 global $wgMaxArticleSize; # Maximum article size, in Kb
2606 $threshold = $this->getIntOption( 'stubthreshold' );
2607 if ( $threshold > $wgMaxArticleSize * 1024 ) {
2608 // If they have set an impossible value, disable the preference
2609 // so we can use the parser cache again.
2610 $threshold = 0;
2612 return $threshold;
2616 * Get the permissions this user has.
2617 * @return Array of String permission names
2619 public function getRights() {
2620 if ( is_null( $this->mRights ) ) {
2621 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
2622 wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
2623 // Force reindexation of rights when a hook has unset one of them
2624 $this->mRights = array_values( array_unique( $this->mRights ) );
2626 return $this->mRights;
2630 * Get the list of explicit group memberships this user has.
2631 * The implicit * and user groups are not included.
2632 * @return Array of String internal group names
2634 public function getGroups() {
2635 $this->load();
2636 $this->loadGroups();
2637 return $this->mGroups;
2641 * Get the list of implicit group memberships this user has.
2642 * This includes all explicit groups, plus 'user' if logged in,
2643 * '*' for all accounts, and autopromoted groups
2644 * @param bool $recache Whether to avoid the cache
2645 * @return Array of String internal group names
2647 public function getEffectiveGroups( $recache = false ) {
2648 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
2649 wfProfileIn( __METHOD__ );
2650 $this->mEffectiveGroups = array_unique( array_merge(
2651 $this->getGroups(), // explicit groups
2652 $this->getAutomaticGroups( $recache ) // implicit groups
2653 ) );
2654 // Hook for additional groups
2655 wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
2656 // Force reindexation of groups when a hook has unset one of them
2657 $this->mEffectiveGroups = array_values( array_unique( $this->mEffectiveGroups ) );
2658 wfProfileOut( __METHOD__ );
2660 return $this->mEffectiveGroups;
2664 * Get the list of implicit group memberships this user has.
2665 * This includes 'user' if logged in, '*' for all accounts,
2666 * and autopromoted groups
2667 * @param bool $recache Whether to avoid the cache
2668 * @return Array of String internal group names
2670 public function getAutomaticGroups( $recache = false ) {
2671 if ( $recache || is_null( $this->mImplicitGroups ) ) {
2672 wfProfileIn( __METHOD__ );
2673 $this->mImplicitGroups = array( '*' );
2674 if ( $this->getId() ) {
2675 $this->mImplicitGroups[] = 'user';
2677 $this->mImplicitGroups = array_unique( array_merge(
2678 $this->mImplicitGroups,
2679 Autopromote::getAutopromoteGroups( $this )
2680 ) );
2682 if ( $recache ) {
2683 // Assure data consistency with rights/groups,
2684 // as getEffectiveGroups() depends on this function
2685 $this->mEffectiveGroups = null;
2687 wfProfileOut( __METHOD__ );
2689 return $this->mImplicitGroups;
2693 * Returns the groups the user has belonged to.
2695 * The user may still belong to the returned groups. Compare with getGroups().
2697 * The function will not return groups the user had belonged to before MW 1.17
2699 * @return array Names of the groups the user has belonged to.
2701 public function getFormerGroups() {
2702 if ( is_null( $this->mFormerGroups ) ) {
2703 $dbr = wfGetDB( DB_MASTER );
2704 $res = $dbr->select( 'user_former_groups',
2705 array( 'ufg_group' ),
2706 array( 'ufg_user' => $this->mId ),
2707 __METHOD__ );
2708 $this->mFormerGroups = array();
2709 foreach ( $res as $row ) {
2710 $this->mFormerGroups[] = $row->ufg_group;
2713 return $this->mFormerGroups;
2717 * Get the user's edit count.
2718 * @return int, null for anonymous users
2720 public function getEditCount() {
2721 if ( !$this->getId() ) {
2722 return null;
2725 if ( !isset( $this->mEditCount ) ) {
2726 /* Populate the count, if it has not been populated yet */
2727 wfProfileIn( __METHOD__ );
2728 $dbr = wfGetDB( DB_SLAVE );
2729 // check if the user_editcount field has been initialized
2730 $count = $dbr->selectField(
2731 'user', 'user_editcount',
2732 array( 'user_id' => $this->mId ),
2733 __METHOD__
2736 if ( $count === null ) {
2737 // it has not been initialized. do so.
2738 $count = $this->initEditCount();
2740 $this->mEditCount = $count;
2741 wfProfileOut( __METHOD__ );
2743 return (int) $this->mEditCount;
2747 * Add the user to the given group.
2748 * This takes immediate effect.
2749 * @param string $group Name of the group to add
2751 public function addGroup( $group ) {
2752 if ( wfRunHooks( 'UserAddGroup', array( $this, &$group ) ) ) {
2753 $dbw = wfGetDB( DB_MASTER );
2754 if ( $this->getId() ) {
2755 $dbw->insert( 'user_groups',
2756 array(
2757 'ug_user' => $this->getID(),
2758 'ug_group' => $group,
2760 __METHOD__,
2761 array( 'IGNORE' ) );
2764 $this->loadGroups();
2765 $this->mGroups[] = $group;
2766 // In case loadGroups was not called before, we now have the right twice.
2767 // Get rid of the duplicate.
2768 $this->mGroups = array_unique( $this->mGroups );
2770 // Refresh the groups caches, and clear the rights cache so it will be
2771 // refreshed on the next call to $this->getRights().
2772 $this->getEffectiveGroups( true );
2773 $this->mRights = null;
2775 $this->invalidateCache();
2779 * Remove the user from the given group.
2780 * This takes immediate effect.
2781 * @param string $group Name of the group to remove
2783 public function removeGroup( $group ) {
2784 $this->load();
2785 if ( wfRunHooks( 'UserRemoveGroup', array( $this, &$group ) ) ) {
2786 $dbw = wfGetDB( DB_MASTER );
2787 $dbw->delete( 'user_groups',
2788 array(
2789 'ug_user' => $this->getID(),
2790 'ug_group' => $group,
2791 ), __METHOD__ );
2792 // Remember that the user was in this group
2793 $dbw->insert( 'user_former_groups',
2794 array(
2795 'ufg_user' => $this->getID(),
2796 'ufg_group' => $group,
2798 __METHOD__,
2799 array( 'IGNORE' ) );
2801 $this->loadGroups();
2802 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
2804 // Refresh the groups caches, and clear the rights cache so it will be
2805 // refreshed on the next call to $this->getRights().
2806 $this->getEffectiveGroups( true );
2807 $this->mRights = null;
2809 $this->invalidateCache();
2813 * Get whether the user is logged in
2814 * @return bool
2816 public function isLoggedIn() {
2817 return $this->getID() != 0;
2821 * Get whether the user is anonymous
2822 * @return bool
2824 public function isAnon() {
2825 return !$this->isLoggedIn();
2829 * Check if user is allowed to access a feature / make an action
2831 * @internal param \String $varargs permissions to test
2832 * @return boolean: True if user is allowed to perform *any* of the given actions
2834 * @return bool
2836 public function isAllowedAny( /*...*/ ) {
2837 $permissions = func_get_args();
2838 foreach ( $permissions as $permission ) {
2839 if ( $this->isAllowed( $permission ) ) {
2840 return true;
2843 return false;
2848 * @internal param $varargs string
2849 * @return bool True if the user is allowed to perform *all* of the given actions
2851 public function isAllowedAll( /*...*/ ) {
2852 $permissions = func_get_args();
2853 foreach ( $permissions as $permission ) {
2854 if ( !$this->isAllowed( $permission ) ) {
2855 return false;
2858 return true;
2862 * Internal mechanics of testing a permission
2863 * @param string $action
2864 * @return bool
2866 public function isAllowed( $action = '' ) {
2867 if ( $action === '' ) {
2868 return true; // In the spirit of DWIM
2870 // Patrolling may not be enabled
2871 if ( $action === 'patrol' || $action === 'autopatrol' ) {
2872 global $wgUseRCPatrol, $wgUseNPPatrol;
2873 if ( !$wgUseRCPatrol && !$wgUseNPPatrol ) {
2874 return false;
2877 // Use strict parameter to avoid matching numeric 0 accidentally inserted
2878 // by misconfiguration: 0 == 'foo'
2879 return in_array( $action, $this->getRights(), true );
2883 * Check whether to enable recent changes patrol features for this user
2884 * @return boolean: True or false
2886 public function useRCPatrol() {
2887 global $wgUseRCPatrol;
2888 return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
2892 * Check whether to enable new pages patrol features for this user
2893 * @return bool True or false
2895 public function useNPPatrol() {
2896 global $wgUseRCPatrol, $wgUseNPPatrol;
2897 return (
2898 ( $wgUseRCPatrol || $wgUseNPPatrol )
2899 && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) )
2904 * Get the WebRequest object to use with this object
2906 * @return WebRequest
2908 public function getRequest() {
2909 if ( $this->mRequest ) {
2910 return $this->mRequest;
2911 } else {
2912 global $wgRequest;
2913 return $wgRequest;
2918 * Get the current skin, loading it if required
2919 * @return Skin The current skin
2920 * @todo FIXME: Need to check the old failback system [AV]
2921 * @deprecated since 1.18 Use ->getSkin() in the most relevant outputting context you have
2923 public function getSkin() {
2924 wfDeprecated( __METHOD__, '1.18' );
2925 return RequestContext::getMain()->getSkin();
2929 * Get a WatchedItem for this user and $title.
2931 * @since 1.22 $checkRights parameter added
2932 * @param $title Title
2933 * @param $checkRights int Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
2934 * Pass WatchedItem::CHECK_USER_RIGHTS or WatchedItem::IGNORE_USER_RIGHTS.
2935 * @return WatchedItem
2937 public function getWatchedItem( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
2938 $key = $checkRights . ':' . $title->getNamespace() . ':' . $title->getDBkey();
2940 if ( isset( $this->mWatchedItems[$key] ) ) {
2941 return $this->mWatchedItems[$key];
2944 if ( count( $this->mWatchedItems ) >= self::MAX_WATCHED_ITEMS_CACHE ) {
2945 $this->mWatchedItems = array();
2948 $this->mWatchedItems[$key] = WatchedItem::fromUserTitle( $this, $title, $checkRights );
2949 return $this->mWatchedItems[$key];
2953 * Check the watched status of an article.
2954 * @since 1.22 $checkRights parameter added
2955 * @param $title Title of the article to look at
2956 * @param $checkRights int Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
2957 * Pass WatchedItem::CHECK_USER_RIGHTS or WatchedItem::IGNORE_USER_RIGHTS.
2958 * @return bool
2960 public function isWatched( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
2961 return $this->getWatchedItem( $title, $checkRights )->isWatched();
2965 * Watch an article.
2966 * @since 1.22 $checkRights parameter added
2967 * @param $title Title of the article to look at
2968 * @param $checkRights int Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
2969 * Pass WatchedItem::CHECK_USER_RIGHTS or WatchedItem::IGNORE_USER_RIGHTS.
2971 public function addWatch( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
2972 $this->getWatchedItem( $title, $checkRights )->addWatch();
2973 $this->invalidateCache();
2977 * Stop watching an article.
2978 * @since 1.22 $checkRights parameter added
2979 * @param $title Title of the article to look at
2980 * @param $checkRights int Whether to check 'viewmywatchlist'/'editmywatchlist' rights.
2981 * Pass WatchedItem::CHECK_USER_RIGHTS or WatchedItem::IGNORE_USER_RIGHTS.
2983 public function removeWatch( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
2984 $this->getWatchedItem( $title, $checkRights )->removeWatch();
2985 $this->invalidateCache();
2989 * Clear the user's notification timestamp for the given title.
2990 * If e-notif e-mails are on, they will receive notification mails on
2991 * the next change of the page if it's watched etc.
2992 * @note If the user doesn't have 'editmywatchlist', this will do nothing.
2993 * @param $title Title of the article to look at
2995 public function clearNotification( &$title ) {
2996 global $wgUseEnotif, $wgShowUpdatedMarker;
2998 // Do nothing if the database is locked to writes
2999 if ( wfReadOnly() ) {
3000 return;
3003 // Do nothing if not allowed to edit the watchlist
3004 if ( !$this->isAllowed( 'editmywatchlist' ) ) {
3005 return;
3008 if ( $title->getNamespace() == NS_USER_TALK &&
3009 $title->getText() == $this->getName() ) {
3010 if ( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this ) ) ) {
3011 return;
3013 $this->setNewtalk( false );
3016 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
3017 return;
3020 if ( $this->isAnon() ) {
3021 // Nothing else to do...
3022 return;
3025 // Only update the timestamp if the page is being watched.
3026 // The query to find out if it is watched is cached both in memcached and per-invocation,
3027 // and when it does have to be executed, it can be on a slave
3028 // If this is the user's newtalk page, we always update the timestamp
3029 $force = '';
3030 if ( $title->getNamespace() == NS_USER_TALK &&
3031 $title->getText() == $this->getName() )
3033 $force = 'force';
3036 $this->getWatchedItem( $title )->resetNotificationTimestamp( $force );
3040 * Resets all of the given user's page-change notification timestamps.
3041 * If e-notif e-mails are on, they will receive notification mails on
3042 * the next change of any watched page.
3043 * @note If the user doesn't have 'editmywatchlist', this will do nothing.
3045 public function clearAllNotifications() {
3046 if ( wfReadOnly() ) {
3047 return;
3050 // Do nothing if not allowed to edit the watchlist
3051 if ( !$this->isAllowed( 'editmywatchlist' ) ) {
3052 return;
3055 global $wgUseEnotif, $wgShowUpdatedMarker;
3056 if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
3057 $this->setNewtalk( false );
3058 return;
3060 $id = $this->getId();
3061 if ( $id != 0 ) {
3062 $dbw = wfGetDB( DB_MASTER );
3063 $dbw->update( 'watchlist',
3064 array( /* SET */
3065 'wl_notificationtimestamp' => null
3066 ), array( /* WHERE */
3067 'wl_user' => $id
3068 ), __METHOD__
3070 # We also need to clear here the "you have new message" notification for the own user_talk page
3071 # This is cleared one page view later in Article::viewUpdates();
3076 * Set this user's options from an encoded string
3077 * @param string $str Encoded options to import
3079 * @deprecated in 1.19 due to removal of user_options from the user table
3081 private function decodeOptions( $str ) {
3082 wfDeprecated( __METHOD__, '1.19' );
3083 if ( !$str ) {
3084 return;
3087 $this->mOptionsLoaded = true;
3088 $this->mOptionOverrides = array();
3090 // If an option is not set in $str, use the default value
3091 $this->mOptions = self::getDefaultOptions();
3093 $a = explode( "\n", $str );
3094 foreach ( $a as $s ) {
3095 $m = array();
3096 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
3097 $this->mOptions[$m[1]] = $m[2];
3098 $this->mOptionOverrides[$m[1]] = $m[2];
3104 * Set a cookie on the user's client. Wrapper for
3105 * WebResponse::setCookie
3106 * @param string $name Name of the cookie to set
3107 * @param string $value Value to set
3108 * @param int $exp Expiration time, as a UNIX time value;
3109 * if 0 or not specified, use the default $wgCookieExpiration
3110 * @param bool $secure
3111 * true: Force setting the secure attribute when setting the cookie
3112 * false: Force NOT setting the secure attribute when setting the cookie
3113 * null (default): Use the default ($wgCookieSecure) to set the secure attribute
3115 protected function setCookie( $name, $value, $exp = 0, $secure = null ) {
3116 $this->getRequest()->response()->setcookie( $name, $value, $exp, null, null, $secure );
3120 * Clear a cookie on the user's client
3121 * @param string $name Name of the cookie to clear
3123 protected function clearCookie( $name ) {
3124 $this->setCookie( $name, '', time() - 86400 );
3128 * Set the default cookies for this session on the user's client.
3130 * @param $request WebRequest object to use; $wgRequest will be used if null
3131 * is passed.
3132 * @param bool $secure Whether to force secure/insecure cookies or use default
3134 public function setCookies( $request = null, $secure = null ) {
3135 if ( $request === null ) {
3136 $request = $this->getRequest();
3139 $this->load();
3140 if ( 0 == $this->mId ) {
3141 return;
3143 if ( !$this->mToken ) {
3144 // When token is empty or NULL generate a new one and then save it to the database
3145 // This allows a wiki to re-secure itself after a leak of it's user table or $wgSecretKey
3146 // Simply by setting every cell in the user_token column to NULL and letting them be
3147 // regenerated as users log back into the wiki.
3148 $this->setToken();
3149 $this->saveSettings();
3151 $session = array(
3152 'wsUserID' => $this->mId,
3153 'wsToken' => $this->mToken,
3154 'wsUserName' => $this->getName()
3156 $cookies = array(
3157 'UserID' => $this->mId,
3158 'UserName' => $this->getName(),
3160 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
3161 $cookies['Token'] = $this->mToken;
3162 } else {
3163 $cookies['Token'] = false;
3166 wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
3168 foreach ( $session as $name => $value ) {
3169 $request->setSessionData( $name, $value );
3171 foreach ( $cookies as $name => $value ) {
3172 if ( $value === false ) {
3173 $this->clearCookie( $name );
3174 } else {
3175 $this->setCookie( $name, $value, 0, $secure );
3180 * If wpStickHTTPS was selected, also set an insecure cookie that
3181 * will cause the site to redirect the user to HTTPS, if they access
3182 * it over HTTP. Bug 29898.
3184 if ( $request->getCheck( 'wpStickHTTPS' ) ) {
3185 $this->setCookie( 'forceHTTPS', 'true', time() + 2592000, false ); //30 days
3190 * Log this user out.
3192 public function logout() {
3193 if ( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
3194 $this->doLogout();
3199 * Clear the user's cookies and session, and reset the instance cache.
3200 * @see logout()
3202 public function doLogout() {
3203 $this->clearInstanceCache( 'defaults' );
3205 $this->getRequest()->setSessionData( 'wsUserID', 0 );
3207 $this->clearCookie( 'UserID' );
3208 $this->clearCookie( 'Token' );
3209 $this->clearCookie( 'forceHTTPS' );
3211 // Remember when user logged out, to prevent seeing cached pages
3212 $this->setCookie( 'LoggedOut', time(), time() + 86400 );
3216 * Save this user's settings into the database.
3217 * @todo Only rarely do all these fields need to be set!
3219 public function saveSettings() {
3220 global $wgAuth;
3222 $this->load();
3223 if ( wfReadOnly() ) {
3224 return;
3226 if ( 0 == $this->mId ) {
3227 return;
3230 $this->mTouched = self::newTouchedTimestamp();
3231 if ( !$wgAuth->allowSetLocalPassword() ) {
3232 $this->mPassword = '';
3235 $dbw = wfGetDB( DB_MASTER );
3236 $dbw->update( 'user',
3237 array( /* SET */
3238 'user_name' => $this->mName,
3239 'user_password' => $this->mPassword,
3240 'user_newpassword' => $this->mNewpassword,
3241 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
3242 'user_real_name' => $this->mRealName,
3243 'user_email' => $this->mEmail,
3244 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
3245 'user_touched' => $dbw->timestamp( $this->mTouched ),
3246 'user_token' => strval( $this->mToken ),
3247 'user_email_token' => $this->mEmailToken,
3248 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
3249 ), array( /* WHERE */
3250 'user_id' => $this->mId
3251 ), __METHOD__
3254 $this->saveOptions();
3256 wfRunHooks( 'UserSaveSettings', array( $this ) );
3257 $this->clearSharedCache();
3258 $this->getUserPage()->invalidateCache();
3262 * If only this user's username is known, and it exists, return the user ID.
3263 * @return int
3265 public function idForName() {
3266 $s = trim( $this->getName() );
3267 if ( $s === '' ) {
3268 return 0;
3271 $dbr = wfGetDB( DB_SLAVE );
3272 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
3273 if ( $id === false ) {
3274 $id = 0;
3276 return $id;
3280 * Add a user to the database, return the user object
3282 * @param string $name Username to add
3283 * @param array $params of Strings Non-default parameters to save to the database as user_* fields:
3284 * - password The user's password hash. Password logins will be disabled if this is omitted.
3285 * - newpassword Hash for a temporary password that has been mailed to the user
3286 * - email The user's email address
3287 * - email_authenticated The email authentication timestamp
3288 * - real_name The user's real name
3289 * - options An associative array of non-default options
3290 * - token Random authentication token. Do not set.
3291 * - registration Registration timestamp. Do not set.
3293 * @return User object, or null if the username already exists
3295 public static function createNew( $name, $params = array() ) {
3296 $user = new User;
3297 $user->load();
3298 $user->setToken(); // init token
3299 if ( isset( $params['options'] ) ) {
3300 $user->mOptions = $params['options'] + (array)$user->mOptions;
3301 unset( $params['options'] );
3303 $dbw = wfGetDB( DB_MASTER );
3304 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
3306 $fields = array(
3307 'user_id' => $seqVal,
3308 'user_name' => $name,
3309 'user_password' => $user->mPassword,
3310 'user_newpassword' => $user->mNewpassword,
3311 'user_newpass_time' => $dbw->timestampOrNull( $user->mNewpassTime ),
3312 'user_email' => $user->mEmail,
3313 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
3314 'user_real_name' => $user->mRealName,
3315 'user_token' => strval( $user->mToken ),
3316 'user_registration' => $dbw->timestamp( $user->mRegistration ),
3317 'user_editcount' => 0,
3318 'user_touched' => $dbw->timestamp( self::newTouchedTimestamp() ),
3320 foreach ( $params as $name => $value ) {
3321 $fields["user_$name"] = $value;
3323 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
3324 if ( $dbw->affectedRows() ) {
3325 $newUser = User::newFromId( $dbw->insertId() );
3326 } else {
3327 $newUser = null;
3329 return $newUser;
3333 * Add this existing user object to the database. If the user already
3334 * exists, a fatal status object is returned, and the user object is
3335 * initialised with the data from the database.
3337 * Previously, this function generated a DB error due to a key conflict
3338 * if the user already existed. Many extension callers use this function
3339 * in code along the lines of:
3341 * $user = User::newFromName( $name );
3342 * if ( !$user->isLoggedIn() ) {
3343 * $user->addToDatabase();
3345 * // do something with $user...
3347 * However, this was vulnerable to a race condition (bug 16020). By
3348 * initialising the user object if the user exists, we aim to support this
3349 * calling sequence as far as possible.
3351 * Note that if the user exists, this function will acquire a write lock,
3352 * so it is still advisable to make the call conditional on isLoggedIn(),
3353 * and to commit the transaction after calling.
3355 * @throws MWException
3356 * @return Status
3358 public function addToDatabase() {
3359 $this->load();
3360 if ( !$this->mToken ) {
3361 $this->setToken(); // init token
3364 $this->mTouched = self::newTouchedTimestamp();
3366 $dbw = wfGetDB( DB_MASTER );
3367 $inWrite = $dbw->writesOrCallbacksPending();
3368 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
3369 $dbw->insert( 'user',
3370 array(
3371 'user_id' => $seqVal,
3372 'user_name' => $this->mName,
3373 'user_password' => $this->mPassword,
3374 'user_newpassword' => $this->mNewpassword,
3375 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
3376 'user_email' => $this->mEmail,
3377 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
3378 'user_real_name' => $this->mRealName,
3379 'user_token' => strval( $this->mToken ),
3380 'user_registration' => $dbw->timestamp( $this->mRegistration ),
3381 'user_editcount' => 0,
3382 'user_touched' => $dbw->timestamp( $this->mTouched ),
3383 ), __METHOD__,
3384 array( 'IGNORE' )
3386 if ( !$dbw->affectedRows() ) {
3387 if ( !$inWrite ) {
3388 // XXX: Get out of REPEATABLE-READ so the SELECT below works.
3389 // Often this case happens early in views before any writes.
3390 // This shows up at least with CentralAuth.
3391 $dbw->commit( __METHOD__, 'flush' );
3393 $this->mId = $dbw->selectField( 'user', 'user_id',
3394 array( 'user_name' => $this->mName ), __METHOD__ );
3395 $loaded = false;
3396 if ( $this->mId ) {
3397 if ( $this->loadFromDatabase() ) {
3398 $loaded = true;
3401 if ( !$loaded ) {
3402 throw new MWException( __METHOD__ . ": hit a key conflict attempting " .
3403 "to insert user '{$this->mName}' row, but it was not present in select!" );
3405 return Status::newFatal( 'userexists' );
3407 $this->mId = $dbw->insertId();
3409 // Clear instance cache other than user table data, which is already accurate
3410 $this->clearInstanceCache();
3412 $this->saveOptions();
3413 return Status::newGood();
3417 * If this user is logged-in and blocked,
3418 * block any IP address they've successfully logged in from.
3419 * @return bool A block was spread
3421 public function spreadAnyEditBlock() {
3422 if ( $this->isLoggedIn() && $this->isBlocked() ) {
3423 return $this->spreadBlock();
3425 return false;
3429 * If this (non-anonymous) user is blocked,
3430 * block the IP address they've successfully logged in from.
3431 * @return bool A block was spread
3433 protected function spreadBlock() {
3434 wfDebug( __METHOD__ . "()\n" );
3435 $this->load();
3436 if ( $this->mId == 0 ) {
3437 return false;
3440 $userblock = Block::newFromTarget( $this->getName() );
3441 if ( !$userblock ) {
3442 return false;
3445 return (bool)$userblock->doAutoblock( $this->getRequest()->getIP() );
3449 * Generate a string which will be different for any combination of
3450 * user options which would produce different parser output.
3451 * This will be used as part of the hash key for the parser cache,
3452 * so users with the same options can share the same cached data
3453 * safely.
3455 * Extensions which require it should install 'PageRenderingHash' hook,
3456 * which will give them a chance to modify this key based on their own
3457 * settings.
3459 * @deprecated since 1.17 use the ParserOptions object to get the relevant options
3460 * @return string Page rendering hash
3462 public function getPageRenderingHash() {
3463 wfDeprecated( __METHOD__, '1.17' );
3465 global $wgRenderHashAppend, $wgLang, $wgContLang;
3466 if ( $this->mHash ) {
3467 return $this->mHash;
3470 // stubthreshold is only included below for completeness,
3471 // since it disables the parser cache, its value will always
3472 // be 0 when this function is called by parsercache.
3474 $confstr = $this->getOption( 'math' );
3475 $confstr .= '!' . $this->getStubThreshold();
3476 $confstr .= '!' . ( $this->getOption( 'numberheadings' ) ? '1' : '' );
3477 $confstr .= '!' . $wgLang->getCode();
3478 $confstr .= '!' . $this->getOption( 'thumbsize' );
3479 // add in language specific options, if any
3480 $extra = $wgContLang->getExtraHashOptions();
3481 $confstr .= $extra;
3483 // Since the skin could be overloading link(), it should be
3484 // included here but in practice, none of our skins do that.
3486 $confstr .= $wgRenderHashAppend;
3488 // Give a chance for extensions to modify the hash, if they have
3489 // extra options or other effects on the parser cache.
3490 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
3492 // Make it a valid memcached key fragment
3493 $confstr = str_replace( ' ', '_', $confstr );
3494 $this->mHash = $confstr;
3495 return $confstr;
3499 * Get whether the user is explicitly blocked from account creation.
3500 * @return bool|Block
3502 public function isBlockedFromCreateAccount() {
3503 $this->getBlockedStatus();
3504 if ( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ) {
3505 return $this->mBlock;
3508 # bug 13611: if the IP address the user is trying to create an account from is
3509 # blocked with createaccount disabled, prevent new account creation there even
3510 # when the user is logged in
3511 if ( $this->mBlockedFromCreateAccount === false && !$this->isAllowed( 'ipblock-exempt' ) ) {
3512 $this->mBlockedFromCreateAccount = Block::newFromTarget( null, $this->getRequest()->getIP() );
3514 return $this->mBlockedFromCreateAccount instanceof Block && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
3515 ? $this->mBlockedFromCreateAccount
3516 : false;
3520 * Get whether the user is blocked from using Special:Emailuser.
3521 * @return bool
3523 public function isBlockedFromEmailuser() {
3524 $this->getBlockedStatus();
3525 return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
3529 * Get whether the user is allowed to create an account.
3530 * @return bool
3532 function isAllowedToCreateAccount() {
3533 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
3537 * Get this user's personal page title.
3539 * @return Title: User's personal page title
3541 public function getUserPage() {
3542 return Title::makeTitle( NS_USER, $this->getName() );
3546 * Get this user's talk page title.
3548 * @return Title: User's talk page title
3550 public function getTalkPage() {
3551 $title = $this->getUserPage();
3552 return $title->getTalkPage();
3556 * Determine whether the user is a newbie. Newbies are either
3557 * anonymous IPs, or the most recently created accounts.
3558 * @return bool
3560 public function isNewbie() {
3561 return !$this->isAllowed( 'autoconfirmed' );
3565 * Check to see if the given clear-text password is one of the accepted passwords
3566 * @param string $password user password.
3567 * @return boolean: True if the given password is correct, otherwise False.
3569 public function checkPassword( $password ) {
3570 global $wgAuth, $wgLegacyEncoding;
3571 $this->load();
3573 // Even though we stop people from creating passwords that
3574 // are shorter than this, doesn't mean people wont be able
3575 // to. Certain authentication plugins do NOT want to save
3576 // domain passwords in a mysql database, so we should
3577 // check this (in case $wgAuth->strict() is false).
3578 if ( !$this->isValidPassword( $password ) ) {
3579 return false;
3582 if ( $wgAuth->authenticate( $this->getName(), $password ) ) {
3583 return true;
3584 } elseif ( $wgAuth->strict() ) {
3585 // Auth plugin doesn't allow local authentication
3586 return false;
3587 } elseif ( $wgAuth->strictUserAuth( $this->getName() ) ) {
3588 // Auth plugin doesn't allow local authentication for this user name
3589 return false;
3591 if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
3592 return true;
3593 } elseif ( $wgLegacyEncoding ) {
3594 // Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
3595 // Check for this with iconv
3596 $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
3597 if ( $cp1252Password != $password &&
3598 self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) )
3600 return true;
3603 return false;
3607 * Check if the given clear-text password matches the temporary password
3608 * sent by e-mail for password reset operations.
3610 * @param $plaintext string
3612 * @return boolean: True if matches, false otherwise
3614 public function checkTemporaryPassword( $plaintext ) {
3615 global $wgNewPasswordExpiry;
3617 $this->load();
3618 if ( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
3619 if ( is_null( $this->mNewpassTime ) ) {
3620 return true;
3622 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
3623 return ( time() < $expiry );
3624 } else {
3625 return false;
3630 * Alias for getEditToken.
3631 * @deprecated since 1.19, use getEditToken instead.
3633 * @param string|array $salt of Strings Optional function-specific data for hashing
3634 * @param $request WebRequest object to use or null to use $wgRequest
3635 * @return string The new edit token
3637 public function editToken( $salt = '', $request = null ) {
3638 wfDeprecated( __METHOD__, '1.19' );
3639 return $this->getEditToken( $salt, $request );
3643 * Initialize (if necessary) and return a session token value
3644 * which can be used in edit forms to show that the user's
3645 * login credentials aren't being hijacked with a foreign form
3646 * submission.
3648 * @since 1.19
3650 * @param string|array $salt of Strings Optional function-specific data for hashing
3651 * @param $request WebRequest object to use or null to use $wgRequest
3652 * @return string The new edit token
3654 public function getEditToken( $salt = '', $request = null ) {
3655 if ( $request == null ) {
3656 $request = $this->getRequest();
3659 if ( $this->isAnon() ) {
3660 return EDIT_TOKEN_SUFFIX;
3661 } else {
3662 $token = $request->getSessionData( 'wsEditToken' );
3663 if ( $token === null ) {
3664 $token = MWCryptRand::generateHex( 32 );
3665 $request->setSessionData( 'wsEditToken', $token );
3667 if ( is_array( $salt ) ) {
3668 $salt = implode( '|', $salt );
3670 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
3675 * Generate a looking random token for various uses.
3677 * @return string The new random token
3678 * @deprecated since 1.20: Use MWCryptRand for secure purposes or wfRandomString for pseudo-randomness
3680 public static function generateToken() {
3681 return MWCryptRand::generateHex( 32 );
3685 * Check given value against the token value stored in the session.
3686 * A match should confirm that the form was submitted from the
3687 * user's own login session, not a form submission from a third-party
3688 * site.
3690 * @param string $val Input value to compare
3691 * @param string $salt Optional function-specific data for hashing
3692 * @param WebRequest $request Object to use or null to use $wgRequest
3693 * @return boolean: Whether the token matches
3695 public function matchEditToken( $val, $salt = '', $request = null ) {
3696 $sessionToken = $this->getEditToken( $salt, $request );
3697 if ( $val != $sessionToken ) {
3698 wfDebug( "User::matchEditToken: broken session data\n" );
3700 return $val == $sessionToken;
3704 * Check given value against the token value stored in the session,
3705 * ignoring the suffix.
3707 * @param string $val Input value to compare
3708 * @param string $salt Optional function-specific data for hashing
3709 * @param WebRequest $request object to use or null to use $wgRequest
3710 * @return boolean: Whether the token matches
3712 public function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
3713 $sessionToken = $this->getEditToken( $salt, $request );
3714 return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
3718 * Generate a new e-mail confirmation token and send a confirmation/invalidation
3719 * mail to the user's given address.
3721 * @param string $type message to send, either "created", "changed" or "set"
3722 * @return Status object
3724 public function sendConfirmationMail( $type = 'created' ) {
3725 global $wgLang;
3726 $expiration = null; // gets passed-by-ref and defined in next line.
3727 $token = $this->confirmationToken( $expiration );
3728 $url = $this->confirmationTokenUrl( $token );
3729 $invalidateURL = $this->invalidationTokenUrl( $token );
3730 $this->saveSettings();
3732 if ( $type == 'created' || $type === false ) {
3733 $message = 'confirmemail_body';
3734 } elseif ( $type === true ) {
3735 $message = 'confirmemail_body_changed';
3736 } else {
3737 $message = 'confirmemail_body_' . $type;
3740 return $this->sendMail( wfMessage( 'confirmemail_subject' )->text(),
3741 wfMessage( $message,
3742 $this->getRequest()->getIP(),
3743 $this->getName(),
3744 $url,
3745 $wgLang->timeanddate( $expiration, false ),
3746 $invalidateURL,
3747 $wgLang->date( $expiration, false ),
3748 $wgLang->time( $expiration, false ) )->text() );
3752 * Send an e-mail to this user's account. Does not check for
3753 * confirmed status or validity.
3755 * @param string $subject Message subject
3756 * @param string $body Message body
3757 * @param string $from Optional From address; if unspecified, default $wgPasswordSender will be used
3758 * @param string $replyto Reply-To address
3759 * @return Status
3761 public function sendMail( $subject, $body, $from = null, $replyto = null ) {
3762 if ( is_null( $from ) ) {
3763 global $wgPasswordSender, $wgPasswordSenderName;
3764 $sender = new MailAddress( $wgPasswordSender, $wgPasswordSenderName );
3765 } else {
3766 $sender = new MailAddress( $from );
3769 $to = new MailAddress( $this );
3770 return UserMailer::send( $to, $sender, $subject, $body, $replyto );
3774 * Generate, store, and return a new e-mail confirmation code.
3775 * A hash (unsalted, since it's used as a key) is stored.
3777 * @note Call saveSettings() after calling this function to commit
3778 * this change to the database.
3780 * @param &$expiration \mixed Accepts the expiration time
3781 * @return string New token
3783 protected function confirmationToken( &$expiration ) {
3784 global $wgUserEmailConfirmationTokenExpiry;
3785 $now = time();
3786 $expires = $now + $wgUserEmailConfirmationTokenExpiry;
3787 $expiration = wfTimestamp( TS_MW, $expires );
3788 $this->load();
3789 $token = MWCryptRand::generateHex( 32 );
3790 $hash = md5( $token );
3791 $this->mEmailToken = $hash;
3792 $this->mEmailTokenExpires = $expiration;
3793 return $token;
3797 * Return a URL the user can use to confirm their email address.
3798 * @param string $token Accepts the email confirmation token
3799 * @return string New token URL
3801 protected function confirmationTokenUrl( $token ) {
3802 return $this->getTokenUrl( 'ConfirmEmail', $token );
3806 * Return a URL the user can use to invalidate their email address.
3807 * @param string $token Accepts the email confirmation token
3808 * @return string New token URL
3810 protected function invalidationTokenUrl( $token ) {
3811 return $this->getTokenUrl( 'InvalidateEmail', $token );
3815 * Internal function to format the e-mail validation/invalidation URLs.
3816 * This uses a quickie hack to use the
3817 * hardcoded English names of the Special: pages, for ASCII safety.
3819 * @note Since these URLs get dropped directly into emails, using the
3820 * short English names avoids insanely long URL-encoded links, which
3821 * also sometimes can get corrupted in some browsers/mailers
3822 * (bug 6957 with Gmail and Internet Explorer).
3824 * @param string $page Special page
3825 * @param string $token Token
3826 * @return string Formatted URL
3828 protected function getTokenUrl( $page, $token ) {
3829 // Hack to bypass localization of 'Special:'
3830 $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" );
3831 return $title->getCanonicalURL();
3835 * Mark the e-mail address confirmed.
3837 * @note Call saveSettings() after calling this function to commit the change.
3839 * @return bool
3841 public function confirmEmail() {
3842 // Check if it's already confirmed, so we don't touch the database
3843 // and fire the ConfirmEmailComplete hook on redundant confirmations.
3844 if ( !$this->isEmailConfirmed() ) {
3845 $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
3846 wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
3848 return true;
3852 * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail
3853 * address if it was already confirmed.
3855 * @note Call saveSettings() after calling this function to commit the change.
3856 * @return bool Returns true
3858 function invalidateEmail() {
3859 $this->load();
3860 $this->mEmailToken = null;
3861 $this->mEmailTokenExpires = null;
3862 $this->setEmailAuthenticationTimestamp( null );
3863 wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
3864 return true;
3868 * Set the e-mail authentication timestamp.
3869 * @param string $timestamp TS_MW timestamp
3871 function setEmailAuthenticationTimestamp( $timestamp ) {
3872 $this->load();
3873 $this->mEmailAuthenticated = $timestamp;
3874 wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
3878 * Is this user allowed to send e-mails within limits of current
3879 * site configuration?
3880 * @return bool
3882 public function canSendEmail() {
3883 global $wgEnableEmail, $wgEnableUserEmail;
3884 if ( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
3885 return false;
3887 $canSend = $this->isEmailConfirmed();
3888 wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
3889 return $canSend;
3893 * Is this user allowed to receive e-mails within limits of current
3894 * site configuration?
3895 * @return bool
3897 public function canReceiveEmail() {
3898 return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
3902 * Is this user's e-mail address valid-looking and confirmed within
3903 * limits of the current site configuration?
3905 * @note If $wgEmailAuthentication is on, this may require the user to have
3906 * confirmed their address by returning a code or using a password
3907 * sent to the address from the wiki.
3909 * @return bool
3911 public function isEmailConfirmed() {
3912 global $wgEmailAuthentication;
3913 $this->load();
3914 $confirmed = true;
3915 if ( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
3916 if ( $this->isAnon() ) {
3917 return false;
3919 if ( !Sanitizer::validateEmail( $this->mEmail ) ) {
3920 return false;
3922 if ( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() ) {
3923 return false;
3925 return true;
3926 } else {
3927 return $confirmed;
3932 * Check whether there is an outstanding request for e-mail confirmation.
3933 * @return bool
3935 public function isEmailConfirmationPending() {
3936 global $wgEmailAuthentication;
3937 return $wgEmailAuthentication &&
3938 !$this->isEmailConfirmed() &&
3939 $this->mEmailToken &&
3940 $this->mEmailTokenExpires > wfTimestamp();
3944 * Get the timestamp of account creation.
3946 * @return string|bool|null Timestamp of account creation, false for
3947 * non-existent/anonymous user accounts, or null if existing account
3948 * but information is not in database.
3950 public function getRegistration() {
3951 if ( $this->isAnon() ) {
3952 return false;
3954 $this->load();
3955 return $this->mRegistration;
3959 * Get the timestamp of the first edit
3961 * @return string|bool Timestamp of first edit, or false for
3962 * non-existent/anonymous user accounts.
3964 public function getFirstEditTimestamp() {
3965 if ( $this->getId() == 0 ) {
3966 return false; // anons
3968 $dbr = wfGetDB( DB_SLAVE );
3969 $time = $dbr->selectField( 'revision', 'rev_timestamp',
3970 array( 'rev_user' => $this->getId() ),
3971 __METHOD__,
3972 array( 'ORDER BY' => 'rev_timestamp ASC' )
3974 if ( !$time ) {
3975 return false; // no edits
3977 return wfTimestamp( TS_MW, $time );
3981 * Get the permissions associated with a given list of groups
3983 * @param array $groups of Strings List of internal group names
3984 * @return Array of Strings List of permission key names for given groups combined
3986 public static function getGroupPermissions( $groups ) {
3987 global $wgGroupPermissions, $wgRevokePermissions;
3988 $rights = array();
3989 // grant every granted permission first
3990 foreach ( $groups as $group ) {
3991 if ( isset( $wgGroupPermissions[$group] ) ) {
3992 $rights = array_merge( $rights,
3993 // array_filter removes empty items
3994 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
3997 // now revoke the revoked permissions
3998 foreach ( $groups as $group ) {
3999 if ( isset( $wgRevokePermissions[$group] ) ) {
4000 $rights = array_diff( $rights,
4001 array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
4004 return array_unique( $rights );
4008 * Get all the groups who have a given permission
4010 * @param string $role Role to check
4011 * @return Array of Strings List of internal group names with the given permission
4013 public static function getGroupsWithPermission( $role ) {
4014 global $wgGroupPermissions;
4015 $allowedGroups = array();
4016 foreach ( array_keys( $wgGroupPermissions ) as $group ) {
4017 if ( self::groupHasPermission( $group, $role ) ) {
4018 $allowedGroups[] = $group;
4021 return $allowedGroups;
4025 * Check, if the given group has the given permission
4027 * If you're wanting to check whether all users have a permission, use
4028 * User::isEveryoneAllowed() instead. That properly checks if it's revoked
4029 * from anyone.
4031 * @since 1.21
4032 * @param string $group Group to check
4033 * @param string $role Role to check
4034 * @return bool
4036 public static function groupHasPermission( $group, $role ) {
4037 global $wgGroupPermissions, $wgRevokePermissions;
4038 return isset( $wgGroupPermissions[$group][$role] ) && $wgGroupPermissions[$group][$role]
4039 && !( isset( $wgRevokePermissions[$group][$role] ) && $wgRevokePermissions[$group][$role] );
4043 * Check if all users have the given permission
4045 * @since 1.22
4046 * @param string $right Right to check
4047 * @return bool
4049 public static function isEveryoneAllowed( $right ) {
4050 global $wgGroupPermissions, $wgRevokePermissions;
4051 static $cache = array();
4053 // Use the cached results, except in unit tests which rely on
4054 // being able change the permission mid-request
4055 if ( isset( $cache[$right] ) && !defined( 'MW_PHPUNIT_TEST' ) ) {
4056 return $cache[$right];
4059 if ( !isset( $wgGroupPermissions['*'][$right] ) || !$wgGroupPermissions['*'][$right] ) {
4060 $cache[$right] = false;
4061 return false;
4064 // If it's revoked anywhere, then everyone doesn't have it
4065 foreach ( $wgRevokePermissions as $rights ) {
4066 if ( isset( $rights[$right] ) && $rights[$right] ) {
4067 $cache[$right] = false;
4068 return false;
4072 // Allow extensions (e.g. OAuth) to say false
4073 if ( !wfRunHooks( 'UserIsEveryoneAllowed', array( $right ) ) ) {
4074 $cache[$right] = false;
4075 return false;
4078 $cache[$right] = true;
4079 return true;
4083 * Get the localized descriptive name for a group, if it exists
4085 * @param string $group Internal group name
4086 * @return string Localized descriptive group name
4088 public static function getGroupName( $group ) {
4089 $msg = wfMessage( "group-$group" );
4090 return $msg->isBlank() ? $group : $msg->text();
4094 * Get the localized descriptive name for a member of a group, if it exists
4096 * @param string $group Internal group name
4097 * @param string $username Username for gender (since 1.19)
4098 * @return string Localized name for group member
4100 public static function getGroupMember( $group, $username = '#' ) {
4101 $msg = wfMessage( "group-$group-member", $username );
4102 return $msg->isBlank() ? $group : $msg->text();
4106 * Return the set of defined explicit groups.
4107 * The implicit groups (by default *, 'user' and 'autoconfirmed')
4108 * are not included, as they are defined automatically, not in the database.
4109 * @return Array of internal group names
4111 public static function getAllGroups() {
4112 global $wgGroupPermissions, $wgRevokePermissions;
4113 return array_diff(
4114 array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
4115 self::getImplicitGroups()
4120 * Get a list of all available permissions.
4121 * @return Array of permission names
4123 public static function getAllRights() {
4124 if ( self::$mAllRights === false ) {
4125 global $wgAvailableRights;
4126 if ( count( $wgAvailableRights ) ) {
4127 self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
4128 } else {
4129 self::$mAllRights = self::$mCoreRights;
4131 wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
4133 return self::$mAllRights;
4137 * Get a list of implicit groups
4138 * @return Array of Strings Array of internal group names
4140 public static function getImplicitGroups() {
4141 global $wgImplicitGroups;
4142 $groups = $wgImplicitGroups;
4143 wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) ); #deprecated, use $wgImplictGroups instead
4144 return $groups;
4148 * Get the title of a page describing a particular group
4150 * @param string $group Internal group name
4151 * @return Title|bool Title of the page if it exists, false otherwise
4153 public static function getGroupPage( $group ) {
4154 $msg = wfMessage( 'grouppage-' . $group )->inContentLanguage();
4155 if ( $msg->exists() ) {
4156 $title = Title::newFromText( $msg->text() );
4157 if ( is_object( $title ) ) {
4158 return $title;
4161 return false;
4165 * Create a link to the group in HTML, if available;
4166 * else return the group name.
4168 * @param string $group Internal name of the group
4169 * @param string $text The text of the link
4170 * @return string HTML link to the group
4172 public static function makeGroupLinkHTML( $group, $text = '' ) {
4173 if ( $text == '' ) {
4174 $text = self::getGroupName( $group );
4176 $title = self::getGroupPage( $group );
4177 if ( $title ) {
4178 return Linker::link( $title, htmlspecialchars( $text ) );
4179 } else {
4180 return $text;
4185 * Create a link to the group in Wikitext, if available;
4186 * else return the group name.
4188 * @param string $group Internal name of the group
4189 * @param string $text The text of the link
4190 * @return string Wikilink to the group
4192 public static function makeGroupLinkWiki( $group, $text = '' ) {
4193 if ( $text == '' ) {
4194 $text = self::getGroupName( $group );
4196 $title = self::getGroupPage( $group );
4197 if ( $title ) {
4198 $page = $title->getPrefixedText();
4199 return "[[$page|$text]]";
4200 } else {
4201 return $text;
4206 * Returns an array of the groups that a particular group can add/remove.
4208 * @param string $group the group to check for whether it can add/remove
4209 * @return Array array( 'add' => array( addablegroups ),
4210 * 'remove' => array( removablegroups ),
4211 * 'add-self' => array( addablegroups to self),
4212 * 'remove-self' => array( removable groups from self) )
4214 public static function changeableByGroup( $group ) {
4215 global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
4217 $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
4218 if ( empty( $wgAddGroups[$group] ) ) {
4219 // Don't add anything to $groups
4220 } elseif ( $wgAddGroups[$group] === true ) {
4221 // You get everything
4222 $groups['add'] = self::getAllGroups();
4223 } elseif ( is_array( $wgAddGroups[$group] ) ) {
4224 $groups['add'] = $wgAddGroups[$group];
4227 // Same thing for remove
4228 if ( empty( $wgRemoveGroups[$group] ) ) {
4229 } elseif ( $wgRemoveGroups[$group] === true ) {
4230 $groups['remove'] = self::getAllGroups();
4231 } elseif ( is_array( $wgRemoveGroups[$group] ) ) {
4232 $groups['remove'] = $wgRemoveGroups[$group];
4235 // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
4236 if ( empty( $wgGroupsAddToSelf['user'] ) || $wgGroupsAddToSelf['user'] !== true ) {
4237 foreach ( $wgGroupsAddToSelf as $key => $value ) {
4238 if ( is_int( $key ) ) {
4239 $wgGroupsAddToSelf['user'][] = $value;
4244 if ( empty( $wgGroupsRemoveFromSelf['user'] ) || $wgGroupsRemoveFromSelf['user'] !== true ) {
4245 foreach ( $wgGroupsRemoveFromSelf as $key => $value ) {
4246 if ( is_int( $key ) ) {
4247 $wgGroupsRemoveFromSelf['user'][] = $value;
4252 // Now figure out what groups the user can add to him/herself
4253 if ( empty( $wgGroupsAddToSelf[$group] ) ) {
4254 } elseif ( $wgGroupsAddToSelf[$group] === true ) {
4255 // No idea WHY this would be used, but it's there
4256 $groups['add-self'] = User::getAllGroups();
4257 } elseif ( is_array( $wgGroupsAddToSelf[$group] ) ) {
4258 $groups['add-self'] = $wgGroupsAddToSelf[$group];
4261 if ( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
4262 } elseif ( $wgGroupsRemoveFromSelf[$group] === true ) {
4263 $groups['remove-self'] = User::getAllGroups();
4264 } elseif ( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
4265 $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
4268 return $groups;
4272 * Returns an array of groups that this user can add and remove
4273 * @return Array array( 'add' => array( addablegroups ),
4274 * 'remove' => array( removablegroups ),
4275 * 'add-self' => array( addablegroups to self),
4276 * 'remove-self' => array( removable groups from self) )
4278 public function changeableGroups() {
4279 if ( $this->isAllowed( 'userrights' ) ) {
4280 // This group gives the right to modify everything (reverse-
4281 // compatibility with old "userrights lets you change
4282 // everything")
4283 // Using array_merge to make the groups reindexed
4284 $all = array_merge( User::getAllGroups() );
4285 return array(
4286 'add' => $all,
4287 'remove' => $all,
4288 'add-self' => array(),
4289 'remove-self' => array()
4293 // Okay, it's not so simple, we will have to go through the arrays
4294 $groups = array(
4295 'add' => array(),
4296 'remove' => array(),
4297 'add-self' => array(),
4298 'remove-self' => array()
4300 $addergroups = $this->getEffectiveGroups();
4302 foreach ( $addergroups as $addergroup ) {
4303 $groups = array_merge_recursive(
4304 $groups, $this->changeableByGroup( $addergroup )
4306 $groups['add'] = array_unique( $groups['add'] );
4307 $groups['remove'] = array_unique( $groups['remove'] );
4308 $groups['add-self'] = array_unique( $groups['add-self'] );
4309 $groups['remove-self'] = array_unique( $groups['remove-self'] );
4311 return $groups;
4315 * Increment the user's edit-count field.
4316 * Will have no effect for anonymous users.
4318 public function incEditCount() {
4319 if ( !$this->isAnon() ) {
4320 $dbw = wfGetDB( DB_MASTER );
4321 $dbw->update(
4322 'user',
4323 array( 'user_editcount=user_editcount+1' ),
4324 array( 'user_id' => $this->getId() ),
4325 __METHOD__
4328 // Lazy initialization check...
4329 if ( $dbw->affectedRows() == 0 ) {
4330 // Now here's a goddamn hack...
4331 $dbr = wfGetDB( DB_SLAVE );
4332 if ( $dbr !== $dbw ) {
4333 // If we actually have a slave server, the count is
4334 // at least one behind because the current transaction
4335 // has not been committed and replicated.
4336 $this->initEditCount( 1 );
4337 } else {
4338 // But if DB_SLAVE is selecting the master, then the
4339 // count we just read includes the revision that was
4340 // just added in the working transaction.
4341 $this->initEditCount();
4345 // edit count in user cache too
4346 $this->invalidateCache();
4350 * Initialize user_editcount from data out of the revision table
4352 * @param $add Integer Edits to add to the count from the revision table
4353 * @return integer Number of edits
4355 protected function initEditCount( $add = 0 ) {
4356 // Pull from a slave to be less cruel to servers
4357 // Accuracy isn't the point anyway here
4358 $dbr = wfGetDB( DB_SLAVE );
4359 $count = (int) $dbr->selectField(
4360 'revision',
4361 'COUNT(rev_user)',
4362 array( 'rev_user' => $this->getId() ),
4363 __METHOD__
4365 $count = $count + $add;
4367 $dbw = wfGetDB( DB_MASTER );
4368 $dbw->update(
4369 'user',
4370 array( 'user_editcount' => $count ),
4371 array( 'user_id' => $this->getId() ),
4372 __METHOD__
4375 return $count;
4379 * Get the description of a given right
4381 * @param string $right Right to query
4382 * @return string Localized description of the right
4384 public static function getRightDescription( $right ) {
4385 $key = "right-$right";
4386 $msg = wfMessage( $key );
4387 return $msg->isBlank() ? $right : $msg->text();
4391 * Make an old-style password hash
4393 * @param string $password Plain-text password
4394 * @param string $userId User ID
4395 * @return string Password hash
4397 public static function oldCrypt( $password, $userId ) {
4398 global $wgPasswordSalt;
4399 if ( $wgPasswordSalt ) {
4400 return md5( $userId . '-' . md5( $password ) );
4401 } else {
4402 return md5( $password );
4407 * Make a new-style password hash
4409 * @param string $password Plain-text password
4410 * @param bool|string $salt Optional salt, may be random or the user ID.
4411 * If unspecified or false, will generate one automatically
4412 * @return string Password hash
4414 public static function crypt( $password, $salt = false ) {
4415 global $wgPasswordSalt;
4417 $hash = '';
4418 if ( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
4419 return $hash;
4422 if ( $wgPasswordSalt ) {
4423 if ( $salt === false ) {
4424 $salt = MWCryptRand::generateHex( 8 );
4426 return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
4427 } else {
4428 return ':A:' . md5( $password );
4433 * Compare a password hash with a plain-text password. Requires the user
4434 * ID if there's a chance that the hash is an old-style hash.
4436 * @param string $hash Password hash
4437 * @param string $password Plain-text password to compare
4438 * @param string|bool $userId User ID for old-style password salt
4440 * @return boolean
4442 public static function comparePasswords( $hash, $password, $userId = false ) {
4443 $type = substr( $hash, 0, 3 );
4445 $result = false;
4446 if ( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
4447 return $result;
4450 if ( $type == ':A:' ) {
4451 // Unsalted
4452 return md5( $password ) === substr( $hash, 3 );
4453 } elseif ( $type == ':B:' ) {
4454 // Salted
4455 list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
4456 return md5( $salt . '-' . md5( $password ) ) === $realHash;
4457 } else {
4458 // Old-style
4459 return self::oldCrypt( $password, $userId ) === $hash;
4464 * Add a newuser log entry for this user.
4465 * Before 1.19 the return value was always true.
4467 * @param string|bool $action account creation type.
4468 * - String, one of the following values:
4469 * - 'create' for an anonymous user creating an account for himself.
4470 * This will force the action's performer to be the created user itself,
4471 * no matter the value of $wgUser
4472 * - 'create2' for a logged in user creating an account for someone else
4473 * - 'byemail' when the created user will receive its password by e-mail
4474 * - 'autocreate' when the user is automatically created (such as by CentralAuth).
4475 * - Boolean means whether the account was created by e-mail (deprecated):
4476 * - true will be converted to 'byemail'
4477 * - false will be converted to 'create' if this object is the same as
4478 * $wgUser and to 'create2' otherwise
4480 * @param string $reason user supplied reason
4482 * @return int|bool True if not $wgNewUserLog; otherwise ID of log item or 0 on failure
4484 public function addNewUserLogEntry( $action = false, $reason = '' ) {
4485 global $wgUser, $wgNewUserLog;
4486 if ( empty( $wgNewUserLog ) ) {
4487 return true; // disabled
4490 if ( $action === true ) {
4491 $action = 'byemail';
4492 } elseif ( $action === false ) {
4493 if ( $this->getName() == $wgUser->getName() ) {
4494 $action = 'create';
4495 } else {
4496 $action = 'create2';
4500 if ( $action === 'create' || $action === 'autocreate' ) {
4501 $performer = $this;
4502 } else {
4503 $performer = $wgUser;
4506 $logEntry = new ManualLogEntry( 'newusers', $action );
4507 $logEntry->setPerformer( $performer );
4508 $logEntry->setTarget( $this->getUserPage() );
4509 $logEntry->setComment( $reason );
4510 $logEntry->setParameters( array(
4511 '4::userid' => $this->getId(),
4512 ) );
4513 $logid = $logEntry->insert();
4515 if ( $action !== 'autocreate' ) {
4516 $logEntry->publish( $logid );
4519 return (int)$logid;
4523 * Add an autocreate newuser log entry for this user
4524 * Used by things like CentralAuth and perhaps other authplugins.
4525 * Consider calling addNewUserLogEntry() directly instead.
4527 * @return bool
4529 public function addNewUserLogEntryAutoCreate() {
4530 $this->addNewUserLogEntry( 'autocreate' );
4532 return true;
4536 * Load the user options either from cache, the database or an array
4538 * @param array $data Rows for the current user out of the user_properties table
4540 protected function loadOptions( $data = null ) {
4541 global $wgContLang;
4543 $this->load();
4545 if ( $this->mOptionsLoaded ) {
4546 return;
4549 $this->mOptions = self::getDefaultOptions();
4551 if ( !$this->getId() ) {
4552 // For unlogged-in users, load language/variant options from request.
4553 // There's no need to do it for logged-in users: they can set preferences,
4554 // and handling of page content is done by $pageLang->getPreferredVariant() and such,
4555 // so don't override user's choice (especially when the user chooses site default).
4556 $variant = $wgContLang->getDefaultVariant();
4557 $this->mOptions['variant'] = $variant;
4558 $this->mOptions['language'] = $variant;
4559 $this->mOptionsLoaded = true;
4560 return;
4563 // Maybe load from the object
4564 if ( !is_null( $this->mOptionOverrides ) ) {
4565 wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
4566 foreach ( $this->mOptionOverrides as $key => $value ) {
4567 $this->mOptions[$key] = $value;
4569 } else {
4570 if ( !is_array( $data ) ) {
4571 wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
4572 // Load from database
4573 $dbr = wfGetDB( DB_SLAVE );
4575 $res = $dbr->select(
4576 'user_properties',
4577 array( 'up_property', 'up_value' ),
4578 array( 'up_user' => $this->getId() ),
4579 __METHOD__
4582 $this->mOptionOverrides = array();
4583 $data = array();
4584 foreach ( $res as $row ) {
4585 $data[$row->up_property] = $row->up_value;
4588 foreach ( $data as $property => $value ) {
4589 $this->mOptionOverrides[$property] = $value;
4590 $this->mOptions[$property] = $value;
4594 $this->mOptionsLoaded = true;
4596 wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
4600 * @todo document
4602 protected function saveOptions() {
4603 $this->loadOptions();
4605 // Not using getOptions(), to keep hidden preferences in database
4606 $saveOptions = $this->mOptions;
4608 // Allow hooks to abort, for instance to save to a global profile.
4609 // Reset options to default state before saving.
4610 if ( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) ) {
4611 return;
4614 $userId = $this->getId();
4615 $insert_rows = array();
4616 foreach ( $saveOptions as $key => $value ) {
4617 // Don't bother storing default values
4618 $defaultOption = self::getDefaultOption( $key );
4619 if ( ( is_null( $defaultOption ) &&
4620 !( $value === false || is_null( $value ) ) ) ||
4621 $value != $defaultOption ) {
4622 $insert_rows[] = array(
4623 'up_user' => $userId,
4624 'up_property' => $key,
4625 'up_value' => $value,
4630 $dbw = wfGetDB( DB_MASTER );
4631 $hasRows = $dbw->selectField( 'user_properties', '1',
4632 array( 'up_user' => $userId ), __METHOD__ );
4634 if ( $hasRows ) {
4635 // Only do this delete if there is something there. A very large portion of
4636 // calls to this function are for setting 'rememberpassword' for new accounts.
4637 // Doing this delete for new accounts with no rows in the table rougly causes
4638 // gap locks on [max user ID,+infinity) which causes high contention since many
4639 // updates will pile up on each other since they are for higher (newer) user IDs.
4640 $dbw->delete( 'user_properties', array( 'up_user' => $userId ), __METHOD__ );
4642 $dbw->insert( 'user_properties', $insert_rows, __METHOD__, array( 'IGNORE' ) );
4646 * Provide an array of HTML5 attributes to put on an input element
4647 * intended for the user to enter a new password. This may include
4648 * required, title, and/or pattern, depending on $wgMinimalPasswordLength.
4650 * Do *not* use this when asking the user to enter his current password!
4651 * Regardless of configuration, users may have invalid passwords for whatever
4652 * reason (e.g., they were set before requirements were tightened up).
4653 * Only use it when asking for a new password, like on account creation or
4654 * ResetPass.
4656 * Obviously, you still need to do server-side checking.
4658 * NOTE: A combination of bugs in various browsers means that this function
4659 * actually just returns array() unconditionally at the moment. May as
4660 * well keep it around for when the browser bugs get fixed, though.
4662 * @todo FIXME: This does not belong here; put it in Html or Linker or somewhere
4664 * @return array Array of HTML attributes suitable for feeding to
4665 * Html::element(), directly or indirectly. (Don't feed to Xml::*()!
4666 * That will get confused by the boolean attribute syntax used.)
4668 public static function passwordChangeInputAttribs() {
4669 global $wgMinimalPasswordLength;
4671 if ( $wgMinimalPasswordLength == 0 ) {
4672 return array();
4675 # Note that the pattern requirement will always be satisfied if the
4676 # input is empty, so we need required in all cases.
4678 # @todo FIXME: Bug 23769: This needs to not claim the password is required
4679 # if e-mail confirmation is being used. Since HTML5 input validation
4680 # is b0rked anyway in some browsers, just return nothing. When it's
4681 # re-enabled, fix this code to not output required for e-mail
4682 # registration.
4683 #$ret = array( 'required' );
4684 $ret = array();
4686 # We can't actually do this right now, because Opera 9.6 will print out
4687 # the entered password visibly in its error message! When other
4688 # browsers add support for this attribute, or Opera fixes its support,
4689 # we can add support with a version check to avoid doing this on Opera
4690 # versions where it will be a problem. Reported to Opera as
4691 # DSK-262266, but they don't have a public bug tracker for us to follow.
4693 if ( $wgMinimalPasswordLength > 1 ) {
4694 $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
4695 $ret['title'] = wfMessage( 'passwordtooshort' )
4696 ->numParams( $wgMinimalPasswordLength )->text();
4700 return $ret;
4704 * Return the list of user fields that should be selected to create
4705 * a new user object.
4706 * @return array
4708 public static function selectFields() {
4709 return array(
4710 'user_id',
4711 'user_name',
4712 'user_real_name',
4713 'user_password',
4714 'user_newpassword',
4715 'user_newpass_time',
4716 'user_email',
4717 'user_touched',
4718 'user_token',
4719 'user_email_authenticated',
4720 'user_email_token',
4721 'user_email_token_expires',
4722 'user_registration',
4723 'user_editcount',
4728 * Factory function for fatal permission-denied errors
4730 * @since 1.22
4731 * @param string $permission User right required
4732 * @return Status
4734 static function newFatalPermissionDeniedStatus( $permission ) {
4735 global $wgLang;
4737 $groups = array_map(
4738 array( 'User', 'makeGroupLinkWiki' ),
4739 User::getGroupsWithPermission( $permission )
4742 if ( $groups ) {
4743 return Status::newFatal( 'badaccess-groups', $wgLang->commaList( $groups ), count( $groups ) );
4744 } else {
4745 return Status::newFatal( 'badaccess-group0' );