* @package MediaWiki
*/
-/**
- *
- */
-require_once( 'WatchedItem.php' );
-
# Number of characters in user_token field
define( 'USER_TOKEN_LENGTH', 32 );
*/
var $mBlockedby; //!<
var $mBlockreason; //!<
+ var $mBlock; //!<
var $mDataLoaded; //!<
var $mEmail; //!<
var $mEmailAuthenticated; //!<
var $mSkin; //!<
var $mToken; //!<
var $mTouched; //!<
+ var $mDatePreference; // !<
var $mVersion; //!< serialized version
/**@}} */
+ /**
+ * Default user options
+ * To change this array at runtime, use a UserDefaultOptions hook
+ */
+ static public $mDefaultOptions = array(
+ 'quickbar' => 1,
+ 'underline' => 2,
+ 'cols' => 80,
+ 'rows' => 25,
+ 'searchlimit' => 20,
+ 'contextlines' => 5,
+ 'contextchars' => 50,
+ 'skin' => false,
+ 'math' => 1,
+ 'rcdays' => 7,
+ 'rclimit' => 50,
+ 'wllimit' => 250,
+ 'highlightbroken' => 1,
+ 'stubthreshold' => 0,
+ 'previewontop' => 1,
+ 'editsection' => 1,
+ 'editsectiononrightclick'=> 0,
+ 'showtoc' => 1,
+ 'showtoolbar' => 1,
+ 'date' => 'default',
+ 'imagesize' => 2,
+ 'thumbsize' => 2,
+ 'rememberpassword' => 0,
+ 'enotifwatchlistpages' => 0,
+ 'enotifusertalkpages' => 1,
+ 'enotifminoredits' => 0,
+ 'enotifrevealaddr' => 0,
+ 'shownumberswatching' => 1,
+ 'fancysig' => 0,
+ 'externaleditor' => 0,
+ 'externaldiff' => 0,
+ 'showjumplinks' => 1,
+ 'numberheadings' => 0,
+ 'uselivepreview' => 0,
+ 'watchlistdays' => 3.0,
+ );
+
+ static public $mToggles = array(
+ 'highlightbroken',
+ 'justify',
+ 'hideminor',
+ 'extendwatchlist',
+ 'usenewrc',
+ 'numberheadings',
+ 'showtoolbar',
+ 'editondblclick',
+ 'editsection',
+ 'editsectiononrightclick',
+ 'showtoc',
+ 'rememberpassword',
+ 'editwidth',
+ 'watchcreations',
+ 'watchdefault',
+ 'minordefault',
+ 'previewontop',
+ 'previewonfirst',
+ 'nocache',
+ 'enotifwatchlistpages',
+ 'enotifusertalkpages',
+ 'enotifminoredits',
+ 'enotifrevealaddr',
+ 'shownumberswatching',
+ 'fancysig',
+ 'externaleditor',
+ 'externaldiff',
+ 'showjumplinks',
+ 'uselivepreview',
+ 'autopatrol',
+ 'forceeditsummary',
+ 'watchlisthideown',
+ 'watchlisthidebots',
+ );
+
/** Constructor using User:loadDefaults() */
function User() {
$this->loadDefaults();
/**
* Static factory method
* @param string $name Username, validated by Title:newFromText()
+ * @param bool $validate Validate username
* @return User
* @static
*/
- function newFromName( $name ) {
+ function newFromName( $name, $validate = true ) {
# Force usernames to capital
global $wgContLang;
$name = $wgContLang->ucfirst( $name );
global $wgAuth;
$canonicalName = $wgAuth->getCanonicalName( $t->getText() );
- if( !User::isValidUserName( $canonicalName ) ) {
+ if( $validate && !User::isValidUserName( $canonicalName ) ) {
return null;
}
*/
function __sleep() {
return array(
-'mBlockedby',
-'mBlockreason',
'mDataLoaded',
'mEmail',
'mEmailAuthenticated',
}
/**
- * does the string match an anonymous IPv4 address?
+ * Does the string match an anonymous IPv4 address?
*
- * Note: We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
+ * This function exists for username validation, in order to reject
+ * usernames which are similar in form to IP addresses. Strings such
+ * as 300.300.300.300 will return true because it looks like an IP
+ * address, despite not being strictly valid.
+ *
+ * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
* address because the usemod software would "cloak" anonymous IP
* addresses like this, if we allowed accounts like this to be created
* new users could get the old edits of these anonymous users.
return true;
}
+
+ /**
+ * Usernames which fail to pass this function will be blocked
+ * from user login and new account registrations, but may be used
+ * internally by batch processes.
+ *
+ * If an account already exists in this form, login will be blocked
+ * by a failure to pass this function.
+ *
+ * @param string $name
+ * @return bool
+ */
+ static function isUsableName( $name ) {
+ global $wgReservedUsernames;
+ return
+ // Must be a usable username, obviously ;)
+ self::isValidUserName( $name ) &&
+
+ // Certain names may be reserved for batch processes.
+ !in_array( $name, $wgReservedUsernames );
+ }
+
+ /**
+ * Usernames which fail to pass this function will be blocked
+ * from new account registrations, but may be used internally
+ * either by batch processes or by user accounts which have
+ * already been created.
+ *
+ * Additional character blacklisting may be added here
+ * rather than in isValidUserName() to avoid disrupting
+ * existing accounts.
+ *
+ * @param string $name
+ * @return bool
+ */
+ static function isCreatableName( $name ) {
+ return
+ self::isUsableName( $name ) &&
+
+ // Registration-time character blacklisting...
+ strpos( $name, '@' ) === false;
+ }
/**
* Is the input a valid password?
(false !== strpos( $addr, '@' ) );
}
- /**f
+ /**
* Count the number of edits of a user
*
* @param int $uid The user ID to check
$this->mPassword = $this->mNewpassword = '';
$this->mRights = array();
$this->mGroups = array();
- $this->mOptions = User::getDefaultOptions();
+ $this->mOptions = null;
+ $this->mDatePreference = null;
- foreach( $wgNamespacesToBeSearchedDefault as $nsnum => $val ) {
- $this->mOptions['searchNs'.$nsnum] = $val;
- }
unset( $this->mSkin );
$this->mDataLoaded = false;
$this->mBlockedby = -1; # Unset
* @private
*/
function getDefaultOptions() {
+ global $wgNamespacesToBeSearchedDefault;
/**
* Site defaults will override the global/language defaults
*/
- global $wgContLang, $wgDefaultUserOptions;
- $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptions();
+ global $wgContLang;
+ $defOpt = self::$mDefaultOptions + $wgContLang->getDefaultUserOptionOverrides();
/**
* default language setting
*/
- $variant = $wgContLang->getPreferredVariant();
+ $variant = $wgContLang->getPreferredVariant( false );
$defOpt['variant'] = $variant;
$defOpt['language'] = $variant;
+ foreach( $wgNamespacesToBeSearchedDefault as $nsnum => $val ) {
+ $defOpt['searchNs'.$nsnum] = $val;
+ }
return $defOpt;
}
}
}
+ /**
+ * Get a list of user toggle names
+ * @return array
+ */
+ static function getToggles() {
+ global $wgContLang;
+ $extraToggles = array();
+ wfRunHooks( 'UserToggles', array( &$extraToggles ) );
+ return array_merge( self::$mToggles, $extraToggles, $wgContLang->getExtraUserToggles() );
+ }
+
+
/**
* Get blocking information
* @private
$ip = wfGetIP();
# User/IP blocking
- $block = new Block();
- $block->fromMaster( !$bFromSlave );
- if ( $block->load( $ip , $this->mId ) ) {
+ $this->mBlock = new Block();
+ $this->mBlock->fromMaster( !$bFromSlave );
+ if ( $this->mBlock->load( $ip , $this->mId ) ) {
wfDebug( "$fname: Found block.\n" );
- $this->mBlockedby = $block->mBy;
- $this->mBlockreason = $block->mReason;
+ $this->mBlockedby = $this->mBlock->mBy;
+ $this->mBlockreason = $this->mBlock->mReason;
if ( $this->isLoggedIn() ) {
$this->spreadBlock();
}
} else {
+ $this->mBlock = null;
wfDebug( "$fname: No block.\n" );
}
# Proxy blocking
- if ( !$this->isSysop() && !in_array( $ip, $wgProxyWhitelist ) ) {
+ if ( !$this->isAllowed('proxyunbannable') && !in_array( $ip, $wgProxyWhitelist ) ) {
# Local list
if ( wfIsLocallyBlockedProxy( $ip ) ) {
$this->inDnsBlacklist( $ip, 'http.dnsbl.sorbs.net.' );
}
- function inOpmBlacklist( $ip ) {
- global $wgEnableOpm;
- return $wgEnableOpm &&
- $this->inDnsBlacklist( $ip, 'opm.blitzed.org.' );
- }
-
function inDnsBlacklist( $ip, $base ) {
$fname = 'User::inDnsBlacklist';
wfProfileIn( $fname );
* @public
*/
function pingLimiter( $action='edit' ) {
- global $wgRateLimits;
+ global $wgRateLimits, $wgRateLimitsExcludedGroups;
if( !isset( $wgRateLimits[$action] ) ) {
return false;
}
- if( $this->isAllowed( 'delete' ) ) {
- // goddam cabal
- return false;
+
+ # Some groups shouldn't trigger the ping limiter, ever
+ foreach( $this->getGroups() as $group ) {
+ if( array_search( $group, $wgRateLimitsExcludedGroups ) !== false )
+ return false;
}
-
+
global $wgMemc, $wgDBname, $wgRateLimitLog;
$fname = 'User::pingLimiter';
wfProfileIn( $fname );
/**
* Initialise php session
+ * @deprecated use wfSetupSession()
*/
function SetupSession() {
- global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain;
- if( $wgSessionsInMemcached ) {
- require_once( 'MemcachedSessions.php' );
- } elseif( 'files' != ini_get( 'session.save_handler' ) ) {
- # If it's left on 'user' or another setting from another
- # application, it will end up failing. Try to recover.
- ini_set ( 'session.save_handler', 'files' );
- }
- session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain );
- session_cache_limiter( 'private, must-revalidate' );
- @session_start();
+ wfSetupSession();
}
/**
$user->loadFromDatabase();
} else {
wfDebug( "User::loadFromSession() got from cache!\n" );
+ # Set block status to unloaded, that should be loaded every time
+ $user->mBlockedby = -1;
}
if ( isset( $_SESSION['wsToken'] ) ) {
if( $accountAge >= $wgAutoConfirmAge ) {
$implicitGroups[] = 'autoconfirmed';
}
+
+ # Implicit group for users whose email addresses are confirmed
+ global $wgEmailAuthentication;
+ if( $this->isValidEmailAddr( $this->mEmail ) ) {
+ if( $wgEmailAuthentication ) {
+ if( $this->mEmailAuthenticated )
+ $implicitGroups[] = 'emailconfirmed';
+ } else {
+ $implicitGroups[] = 'emailconfirmed';
+ }
+ }
$effectiveGroups = array_merge( $implicitGroups, $this->mGroups );
$this->mRights = $this->getGroupPermissions( $effectiveGroups );
}
}
$this->invalidateCache();
- $this->saveSettings();
+ }
+ }
+
+ /**
+ * Generate a current or new-future timestamp to be stored in the
+ * user_touched field when we update things.
+ */
+ private static function newTouchedTimestamp() {
+ global $wgClockSkewFudge;
+ return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
+ }
+
+ /**
+ * Clear user data from memcached.
+ * Use after applying fun updates to the database; caller's
+ * responsibility to update user_touched if appropriate.
+ *
+ * Called implicitly from invalidateCache() and saveSettings().
+ */
+ private function clearUserCache() {
+ if( $this->mId ) {
+ global $wgMemc, $wgDBname;
+ $wgMemc->delete( "$wgDBname:user:id:$this->mId" );
}
}
+ /**
+ * Immediately touch the user data cache for this account.
+ * Updates user_touched field, and removes account data from memcached
+ * for reload on the next hit.
+ */
function invalidateCache() {
- global $wgClockSkewFudge;
- $this->loadFromDatabase();
- $this->mTouched = wfTimestamp(TS_MW, time() + $wgClockSkewFudge );
- # Don't forget to save the options after this or
- # it won't take effect!
+ if( $this->mId ) {
+ $this->mTouched = self::newTouchedTimestamp();
+
+ $dbw =& wfGetDB( DB_MASTER );
+ $dbw->update( 'user',
+ array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
+ array( 'user_id' => $this->mId ),
+ __METHOD__ );
+
+ $this->clearUserCache();
+ }
}
function validateCache( $timestamp ) {
*/
function getOption( $oname ) {
$this->loadFromDatabase();
+ if ( is_null( $this->mOptions ) ) {
+ $this->mOptions = User::getDefaultOptions();
+ }
if ( array_key_exists( $oname, $this->mOptions ) ) {
return trim( $this->mOptions[$oname] );
} else {
}
}
+ /**
+ * Get the user's date preference, including some important migration for
+ * old user rows.
+ */
+ function getDatePreference() {
+ if ( is_null( $this->mDatePreference ) ) {
+ global $wgLang;
+ $value = $this->getOption( 'date' );
+ $map = $wgLang->getDatePreferenceMigrationMap();
+ if ( isset( $map[$value] ) ) {
+ $value = $map[$value];
+ }
+ $this->mDatePreference = $value;
+ }
+ return $this->mDatePreference;
+ }
+
/**
* @param string $oname The option to check
* @return bool False if the option is not selected, true if it is
function getBoolOption( $oname ) {
return (bool)$this->getOption( $oname );
}
+
+ /**
+ * Get an option as an integer value from the source string.
+ * @param string $oname The option to check
+ * @param int $default Optional value to return if option is unset/blank.
+ * @return int
+ */
+ function getIntOption( $oname, $default=0 ) {
+ $val = $this->getOption( $oname );
+ if( $val == '' ) {
+ $val = $default;
+ }
+ return intval( $val );
+ }
function setOption( $oname, $val ) {
$this->loadFromDatabase();
+ if ( is_null( $this->mOptions ) ) {
+ $this->mOptions = User::getDefaultOptions();
+ }
if ( $oname == 'skin' ) {
# Clear cached skin, so the new one displays immediately in Special:Preferences
unset( $this->mSkin );
}
+ // Filter out any newlines that may have passed through input validation.
+ // Newlines are used to separate items in the options blob.
+ $val = str_replace( "\r\n", "\n", $val );
+ $val = str_replace( "\r", "\n", $val );
+ $val = str_replace( "\n", " ", $val );
$this->mOptions[$oname] = $val;
- $this->invalidateCache();
}
function getRights() {
$this->mRights = User::getGroupPermissions( $this->getEffectiveGroups() );
$this->invalidateCache();
- $this->saveSettings();
}
/**
$this->mRights = User::getGroupPermissions( $this->getEffectiveGroups() );
$this->invalidateCache();
- $this->saveSettings();
}
return !$this->isLoggedIn();
}
- /**
- * Check if a user is sysop
- * @deprecated
- */
- function isSysop() {
- return $this->isAllowed( 'protect' );
- }
-
- /** @deprecated */
- function isDeveloper() {
- return $this->isAllowed( 'siteadmin' );
- }
-
- /** @deprecated */
- function isBureaucrat() {
- return $this->isAllowed( 'makesysop' );
- }
-
/**
* Whether the user is a bot
- * @todo need to be migrated to the new user level management sytem
+ * @deprecated
*/
function isBot() {
- $this->loadFromDatabase();
- return in_array( 'bot', $this->mRights );
+ return $this->isAllowed( 'bot' );
}
/**
* Check if user is allowed to access a feature / make an action
- * @param string $action Action to be checked (see $wgAvailableRights in Defines.php for possible actions).
+ * @param string $action Action to be checked
* @return boolean True: action is allowed, False: action should not be allowed
*/
function isAllowed($action='') {
$dbw =& wfGetDB( DB_MASTER );
$success = $dbw->update( 'watchlist',
array( /* SET */
- 'wl_notificationtimestamp' => 0
+ 'wl_notificationtimestamp' => NULL
), array( /* WHERE */
'wl_user' => $currentUser
), 'UserMailer::clearAll'
* @return string Encoding options
*/
function encodeOptions() {
+ if ( is_null( $this->mOptions ) ) {
+ $this->mOptions = User::getDefaultOptions();
+ }
$a = array();
foreach ( $this->mOptions as $oname => $oval ) {
array_push( $a, $oname.'='.$oval );
* @private
*/
function decodeOptions( $str ) {
+ global $wgLang;
+
+ $this->mOptions = array();
$a = explode( "\n", $str );
foreach ( $a as $s ) {
if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
/**
* Save object settings into database
+ * @fixme Only rarely do all these fields need to be set!
*/
function saveSettings() {
- global $wgMemc, $wgDBname;
$fname = 'User::saveSettings';
if ( wfReadOnly() ) { return; }
if ( 0 == $this->mId ) { return; }
+
+ $this->mTouched = self::newTouchedTimestamp();
$dbw =& wfGetDB( DB_MASTER );
$dbw->update( 'user',
'user_id' => $this->mId
), $fname
);
- $wgMemc->delete( "$wgDBname:user:id:$this->mId" );
+ $this->clearUserCache();
}
}
$userblock = Block::newFromDB( '', $this->mId );
- if ( !$userblock->isValid() ) {
+ if ( !$userblock ) {
return;
}
# Check if this IP address is already blocked
$ipblock = Block::newFromDB( wfGetIP() );
- if ( $ipblock->isValid() ) {
+ if ( $ipblock ) {
# If the user is already blocked. Then check if the autoblock would
# excede the user block. If it would excede, then do nothing, else
# prolong block time
# Just update the timestamp
$ipblock->updateTimestamp();
return;
+ } else {
+ $ipblock = new Block;
}
# Make a new block object with the desired properties
* @return string
*/
function getPageRenderingHash() {
- global $wgContLang;
+ global $wgContLang, $wgUseDynamicDates;
if( $this->mHash ){
return $this->mHash;
}
$confstr = $this->getOption( 'math' );
$confstr .= '!' . $this->getOption( 'stubthreshold' );
- $confstr .= '!' . $this->getOption( 'date' );
+ if ( $wgUseDynamicDates ) {
+ $confstr .= '!' . $this->getDatePreference();
+ }
$confstr .= '!' . ($this->getOption( 'numberheadings' ) ? '1' : '');
$confstr .= '!' . $this->getOption( 'language' );
$confstr .= '!' . $this->getOption( 'thumbsize' );
return $confstr;
}
+ function isBlockedFromCreateAccount() {
+ $this->getBlockedStatus();
+ return $this->mBlock && $this->mBlock->mCreateAccount;
+ }
+
function isAllowedToCreateAccount() {
- return $this->isAllowed( 'createaccount' ) && !$this->isBlocked();
+ return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
}
/**
if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
return false;
return true;
- else {
+ } else {
return $confirmed;
}
}
* @return array list of permission key names for given groups combined
* @static
*/
- function getGroupPermissions( $groups ) {
+ static function getGroupPermissions( $groups ) {
global $wgGroupPermissions;
$rights = array();
foreach( $groups as $group ) {
/**
* @param string $group key name
- * @return string localized descriptive name, if provided
+ * @return string localized descriptive name for group, if provided
+ * @static
+ */
+ static function getGroupName( $group ) {
+ $key = "group-$group";
+ $name = wfMsg( $key );
+ if( $name == '' || wfEmptyMsg( $key, $name ) ) {
+ return $group;
+ } else {
+ return $name;
+ }
+ }
+
+ /**
+ * @param string $group key name
+ * @return string localized descriptive name for member of a group, if provided
* @static
*/
- function getGroupName( $group ) {
- $key = "group-$group-name";
+ static function getGroupMember( $group ) {
+ $key = "group-$group-member";
$name = wfMsg( $key );
- if( $name == '' || $name == "<$key>" ) {
+ if( $name == '' || wfEmptyMsg( $key, $name ) ) {
return $group;
} else {
return $name;
/**
* Return the set of defined explicit groups.
- * The * and 'user' groups are not included.
+ * The *, 'user', 'autoconfirmed' and 'emailconfirmed'
+ * groups are not included, as they are defined
+ * automatically, not in the database.
* @return array
* @static
*/
- function getAllGroups() {
+ static function getAllGroups() {
global $wgGroupPermissions;
return array_diff(
array_keys( $wgGroupPermissions ),
- array( '*', 'user', 'autoconfirmed' ) );
+ array( '*', 'user', 'autoconfirmed', 'emailconfirmed' ) );
+ }
+
+ /**
+ * Get the title of a page describing a particular group
+ *
+ * @param $group Name of the group
+ * @return mixed
+ */
+ static function getGroupPage( $group ) {
+ $page = wfMsgForContent( 'grouppage-' . $group );
+ if( !wfEmptyMsg( 'grouppage-' . $group, $page ) ) {
+ $title = Title::newFromText( $page );
+ if( is_object( $title ) )
+ return $title;
+ }
+ return false;
+ }
+
+ /**
+ * Create a link to the group in HTML, if available
+ *
+ * @param $group Name of the group
+ * @param $text The text of the link
+ * @return mixed
+ */
+ static function makeGroupLinkHTML( $group, $text = '' ) {
+ if( $text == '' ) {
+ $text = self::getGroupName( $group );
+ }
+ $title = self::getGroupPage( $group );
+ if( $title ) {
+ global $wgUser;
+ $sk = $wgUser->getSkin();
+ return $sk->makeLinkObj( $title, $text );
+ } else {
+ return $text;
+ }
+ }
+
+ /**
+ * Create a link to the group in Wikitext, if available
+ *
+ * @param $group Name of the group
+ * @param $text The text of the link (by default, the name of the group)
+ * @return mixed
+ */
+ static function makeGroupLinkWiki( $group, $text = '' ) {
+ if( $text == '' ) {
+ $text = self::getGroupName( $group );
+ }
+ $title = self::getGroupPage( $group );
+ if( $title ) {
+ $page = $title->getPrefixedText();
+ return "[[$page|$text]]";
+ } else {
+ return $text;
+ }
}
}