dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
New update script, Version.php, new salted passwords, minor fixes.
[lhc/web/wiklou.git] / includes / User.php
1 <?
2 # See user.doc
3
4 class User {
5 /* private */ var $mId, $mName, $mPassword, $mEmail, $mNewtalk;
6 /* private */ var $mRights, $mOptions;
7 /* private */ var $mDataLoaded, $mNewpassword;
8 /* private */ var $mSkin;
9 /* private */ var $mBlockedby, $mBlockreason;
10 /* private */ var $mTouched;
11 /* private */ var $mCookiePassword;
12
13 function User()
14 {
15 $this->loadDefaults();
16 }
17
18 # Static factory method
19 #
20 function newFromName( $name )
21 {
22 $u = new User();
23
24 # Clean up name according to title rules
25
26 $t = Title::newFromText( $name );
27 $u->setName( $t->getText() );
28 return $u;
29 }
30
31 /* static */ function whoIs( $id )
32 {
33 return wfGetSQL( "user", "user_name", "user_id=$id" );
34 }
35
36 /* static */ function idFromName( $name )
37 {
38 $nt = Title::newFromText( $name );
39 $sql = "SELECT user_id FROM user WHERE user_name='" .
40 wfStrencode( $nt->getText() ) . "'";
41 $res = wfQuery( $sql, "User::idFromName" );
42
43 if ( 0 == wfNumRows( $res ) ) { return 0; }
44 else {
45 $s = wfFetchObject( $res );
46 return $s->user_id;
47 }
48 }
49
50 # does the string match an anonymous user IP address?
51 /* static */ function isIP( $name ) {
52 return preg_match("/^\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3}$/",$name);
53
54 }
55
56
57
58 /* static */ function randomPassword()
59 {
60 $pwchars = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz";
61 $l = strlen( $pwchars ) - 1;
62
63 wfSeedRandom();
64 $np = $pwchars{mt_rand( 0, $l )} . $pwchars{mt_rand( 0, $l )} .
65 $pwchars{mt_rand( 0, $l )} . chr( mt_rand(48, 57) ) .
66 $pwchars{mt_rand( 0, $l )} . $pwchars{mt_rand( 0, $l )} .
67 $pwchars{mt_rand( 0, $l )};
68 return $np;
69 }
70
71 function loadDefaults()
72 {
73 global $wgLang ;
74
75 $this->mId = $this->mNewtalk = 0;
76 $this->mName = getenv( "REMOTE_ADDR" );
77 $this->mEmail = "";
78 $this->mPassword = $this->mNewpassword = "";
79 $this->mRights = array();
80 $defOpt = $wgLang->getDefaultUserOptions() ;
81 foreach ( $defOpt as $oname => $val ) {
82 $this->mOptions[$oname] = $val;
83 }
84 unset( $this->mSkin );
85 $this->mDataLoaded = false;
86 $this->mBlockedby = -1; # Unset
87 $this->mTouched = '0'; # Allow any pages to be cached
88 $this->cookiePassword = "";
89 }
90
91 /* private */ function getBlockedStatus()
92 {
93 if ( -1 != $this->mBlockedby ) { return; }
94
95 $remaddr = getenv( "REMOTE_ADDR" );
96 if ( 0 == $this->mId ) {
97 $sql = "SELECT ipb_by,ipb_reason FROM ipblocks WHERE " .
98 "ipb_address='$remaddr'";
99 } else {
100 $sql = "SELECT ipb_by,ipb_reason FROM ipblocks WHERE " .
101 "(ipb_address='$remaddr' OR ipb_user={$this->mId})";
102 }
103 $res = wfQuery( $sql, "User::getBlockedStatus" );
104 if ( 0 == wfNumRows( $res ) ) {
105 $this->mBlockedby = 0;
106 return;
107 }
108 $s = wfFetchObject( $res );
109 $this->mBlockedby = $s->ipb_by;
110 $this->mBlockreason = $s->ipb_reason;
111 }
112
113 function isBlocked()
114 {
115 $this->getBlockedStatus();
116 if ( 0 == $this->mBlockedby ) { return false; }
117 return true;
118 }
119
120 function blockedBy() {
121 $this->getBlockedStatus();
122 return $this->mBlockedby;
123 }
124
125 function blockedFor() {
126 $this->getBlockedStatus();
127 return $this->mBlockreason;
128 }
129
130 function loadFromSession()
131 {
132 global $HTTP_COOKIE_VARS, $wsUserID, $wsUserName, $wsUserPassword;
133
134 if ( isset( $wsUserID ) ) {
135 if ( 0 != $wsUserID ) {
136 $sId = $wsUserID;
137 } else {
138 $this->mId = 0;
139 return;
140 }
141 } else if ( isset( $HTTP_COOKIE_VARS["wcUserID"] ) ) {
142 $sId = $HTTP_COOKIE_VARS["wcUserID"];
143 $wsUserID = $sId;
144 } else {
145 $this->mId = 0;
146 return;
147 }
148 if ( isset( $wsUserName ) ) {
149 $sName = $wsUserName;
150 } else if ( isset( $HTTP_COOKIE_VARS["wcUserName"] ) ) {
151 $sName = $HTTP_COOKIE_VARS["wcUserName"];
152 $wsUserName = $sName;
153 } else {
154 $this->mId = 0;
155 return;
156 }
157
158 $passwordCorrect = FALSE;
159 $this->mId = $sId;
160 $this->loadFromDatabase();
161
162 if ( isset( $wsUserPassword ) ) {
163 $passwordCorrect = $wsUserPassword == $this->mPassword;
164 } else if ( isset( $HTTP_COOKIE_VARS["wcUserPassword"] ) ) {
165 $this->mCookiePassword = $HTTP_COOKIE_VARS["wcUserPassword"];
166 $wsUserPassword = $this->addSalt($this->mCookiePassword);
167 $passwordCorrect = $wsUserPassword == $this->mPassword;
168 } else {
169 $this->mId = 0;
170 return;
171 }
172
173 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
174 return;
175 }
176 $this->loadDefaults(); # Can't log in from session
177 }
178
179 function loadFromDatabase()
180 {
181 if ( $this->mDataLoaded ) { return; }
182 # check in separate table if there are changes to the talk page
183 $this->mNewtalk=0; # reset talk page status
184 if($this->mId) {
185 $sql = "SELECT 1 FROM user_newtalk WHERE user_id={$this->mId}";
186 $res = wfQuery ($sql, "User::loadFromDatabase" );
187
188 if (wfNumRows($res)>0) {
189 $this->mNewtalk= 1;
190 }
191 wfFreeResult( $res );
192 } else {
193 $sql = "SELECT 1 FROM user_newtalk WHERE user_ip='{$this->mName}'";
194 $res = wfQuery ($sql, "User::loadFromDatabase" );
195
196 if (wfNumRows($res)>0) {
197 $this->mNewtalk= 1;
198 }
199 wfFreeResult( $res );
200 }
201 if(!$this->mId) {
202 $this->mDataLoaded = true;
203 return;
204 } # the following stuff is for non-anonymous users only
205
206 $sql = "SELECT user_name,user_password,user_newpassword,user_email," .
207 "user_options,user_rights,user_touched FROM user WHERE user_id=" .
208 "{$this->mId}";
209 $res = wfQuery( $sql, "User::loadFromDatabase" );
210
211 if ( wfNumRows( $res ) > 0 ) {
212 $s = wfFetchObject( $res );
213 $this->mName = $s->user_name;
214 $this->mEmail = $s->user_email;
215 $this->mPassword = $s->user_password;
216 $this->mNewpassword = $s->user_newpassword;
217 $this->decodeOptions( $s->user_options );
218 $this->mRights = explode( ",", strtolower( $s->user_rights ) );
219 $this->mTouched = $s->user_touched;
220 }
221
222 wfFreeResult( $res );
223 $this->mDataLoaded = true;
224 }
225
226 function getID() { return $this->mId; }
227 function setID( $v ) {
228 $this->mId = $v;
229 $this->mDataLoaded = false;
230 }
231
232 function getName() {
233 $this->loadFromDatabase();
234 return $this->mName;
235 }
236
237 function setName( $str )
238 {
239 $this->loadFromDatabase();
240 $this->mName = $str;
241 }
242
243 function getNewtalk()
244 {
245 $this->loadFromDatabase();
246 return ( 0 != $this->mNewtalk );
247 }
248
249 function setNewtalk( $val )
250 {
251 $this->loadFromDatabase();
252 $this->mNewtalk = $val;
253 $this->invalidateCache();
254 }
255
256 function invalidateCache() {
257 $this->loadFromDatabase();
258 $this->mTouched = wfTimestampNow();
259 # Don't forget to save the options after this or
260 # it won't take effect!
261 }
262
263 function validateCache( $timestamp ) {
264 $this->loadFromDatabase();
265 return ($timestamp >= $this->mTouched);
266 }
267
268 function getPassword()
269 {
270 $this->loadFromDatabase();
271 return $this->mPassword;
272 }
273
274 function getNewpassword()
275 {
276 $this->loadFromDatabase();
277 return $this->mNewpassword;
278 }
279
280 function addSalt( $p )
281 {
282 return md5( "wikipedia{$this->mId}-{$p}" );
283 }
284
285 function encryptPassword( $p )
286 {
287 return $this->addSalt( md5( $p ) );
288 }
289
290 function setPassword( $str )
291 {
292 $this->loadFromDatabase();
293 $this->setCookiePassword( $str );
294 $this->mPassword = $this->encryptPassword( $str );
295 $this->mNewpassword = "";
296 }
297
298 function setCookiePassword( $str )
299 {
300 $this->loadFromDatabase();
301 $this->mCookiePassword = md5( $str );
302 }
303
304 function setNewpassword( $str )
305 {
306 $this->loadFromDatabase();
307 $this->mNewpassword = $this->encryptPassword( $str );
308 }
309
310 function getEmail()
311 {
312 $this->loadFromDatabase();
313 return $this->mEmail;
314 }
315
316 function setEmail( $str )
317 {
318 $this->loadFromDatabase();
319 $this->mEmail = $str;
320 }
321
322 function getOption( $oname )
323 {
324 $this->loadFromDatabase();
325 if ( array_key_exists( $oname, $this->mOptions ) ) {
326 return $this->mOptions[$oname];
327 } else {
328 return "";
329 }
330 }
331
332 function setOption( $oname, $val )
333 {
334 $this->loadFromDatabase();
335 $this->mOptions[$oname] = $val;
336 $this->invalidateCache();
337 }
338
339 function getRights()
340 {
341 $this->loadFromDatabase();
342 return $this->mRights;
343 }
344
345 function isSysop()
346 {
347 $this->loadFromDatabase();
348 if ( 0 == $this->mId ) { return false; }
349
350 return in_array( "sysop", $this->mRights );
351 }
352
353 function isDeveloper()
354 {
355 $this->loadFromDatabase();
356 if ( 0 == $this->mId ) { return false; }
357
358 return in_array( "developer", $this->mRights );
359 }
360
361 function isBot()
362 {
363 $this->loadFromDatabase();
364 if ( 0 == $this->mId ) { return false; }
365
366 return in_array( "bot", $this->mRights );
367 }
368
369 function &getSkin()
370 {
371 if ( ! isset( $this->mSkin ) ) {
372 $skinNames = Skin::getSkinNames();
373 $s = $this->getOption( "skin" );
374 if ( "" == $s ) { $s = 0; }
375
376 if ( $s >= count( $skinNames ) ) { $sn = "SkinStandard"; }
377 else $sn = "Skin" . $skinNames[$s];
378 $this->mSkin = new $sn;
379 }
380 return $this->mSkin;
381 }
382
383 function isWatched( $title )
384 {
385 # Note - $title should be a Title _object_
386 # Pages and their talk pages are considered equivalent for watching;
387 # remember that talk namespaces are numbered as page namespace+1.
388 if( $this->mId ) {
389 $sql = "SELECT 1 FROM watchlist
390 WHERE wl_user={$this->mId} AND
391 wl_namespace = " . ($title->getNamespace() & ~1) . " AND
392 wl_title='" . wfStrencode( $title->getDBkey() ) . "'";
393 $res = wfQuery( $sql );
394 return (wfNumRows( $res ) > 0);
395 } else {
396 return false;
397 }
398 }
399
400 function addWatch( $title )
401 {
402 if( $this->mId ) {
403 # REPLACE instead of INSERT because occasionally someone
404 # accidentally reloads a watch-add operation.
405 $sql = "REPLACE INTO watchlist (wl_user, wl_namespace,wl_title)
406 VALUES ({$this->mId}," . (($title->getNamespace() | 1) - 1) .
407 ",'" . wfStrencode( $title->getDBkey() ) . "')";
408 wfQuery( $sql );
409 $this->invalidateCache();
410 }
411 }
412
413 function removeWatch( $title )
414 {
415 if( $this->mId ) {
416 $sql = "DELETE FROM watchlist WHERE wl_user={$this->mId} AND
417 wl_namespace=" . (($title->getNamespace() | 1) - 1) .
418 " AND wl_title='" . wfStrencode( $title->getDBkey() ) . "'";
419 wfQuery( $sql );
420 $this->invalidateCache();
421 }
422 }
423
424
425 /* private */ function encodeOptions()
426 {
427 $a = array();
428 foreach ( $this->mOptions as $oname => $oval ) {
429 array_push( $a, "{$oname}={$oval}" );
430 }
431 $s = implode( "\n", $a );
432 return wfStrencode( $s );
433 }
434
435 /* private */ function decodeOptions( $str )
436 {
437 $a = explode( "\n", $str );
438 foreach ( $a as $s ) {
439 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
440 $this->mOptions[$m[1]] = $m[2];
441 }
442 }
443 }
444
445 function setCookies()
446 {
447 global $wsUserID, $wsUserName, $wsUserPassword;
448 global $wgCookieExpiration;
449 if ( 0 == $this->mId ) return;
450 $this->loadFromDatabase();
451 $exp = time() + $wgCookieExpiration;
452
453 $wsUserID = $this->mId;
454 setcookie( "wcUserID", $this->mId, $exp, "/" );
455
456 $wsUserName = $this->mName;
457 setcookie( "wcUserName", $this->mName, $exp, "/" );
458
459 $wsUserPassword = $this->mPassword;
460 if ( 1 == $this->getOption( "rememberpassword" ) ) {
461 setcookie( "wcUserPassword", $this->mCookiePassword, $exp, "/" );
462 } else {
463 setcookie( "wcUserPassword", "", time() - 3600 );
464 }
465 }
466
467 function logout()
468 {
469 global $wsUserID;
470 $this->mId = 0;
471
472 $wsUserID = 0;
473
474 setcookie( "wcUserID", "", time() - 3600 );
475 setcookie( "wcUserPassword", "", time() - 3600 );
476 }
477
478 function saveSettings()
479 {
480 global $wgUser;
481
482 if(!$this->mNewtalk) {
483
484 if($this->mId) {
485 $sql="DELETE FROM user_newtalk WHERE user_id={$this->mId}";
486 wfQuery ($sql,"User::saveSettings");
487 } else {
488
489
490 $sql="DELETE FROM user_newtalk WHERE user_ip='{$this->mName}'";
491 wfQuery ($sql,"User::saveSettings");
492
493 }
494 }
495
496 if ( 0 == $this->mId ) { return; }
497
498 $sql = "UPDATE user SET " .
499 "user_name= '" . wfStrencode( $this->mName ) . "', " .
500 "user_password= '" . wfStrencode( $this->mPassword ) . "', " .
501 "user_newpassword= '" . wfStrencode( $this->mNewpassword ) . "', " .
502 "user_email= '" . wfStrencode( $this->mEmail ) . "', " .
503 "user_options= '" . $this->encodeOptions() . "', " .
504 "user_rights= '" . wfStrencode( implode( ",", $this->mRights ) ) . "', "
505 .
506 "user_touched= '" . wfStrencode( $this->mTouched ) .
507 "' WHERE user_id={$this->mId}";
508 wfQuery( $sql, "User::saveSettings" );
509 }
510
511 # Checks if a user with the given name exists
512 #
513 function idForName()
514 {
515 $gotid = 0;
516 $s = trim( $this->mName );
517 if ( 0 == strcmp( "", $s ) ) return 0;
518
519 $sql = "SELECT user_id FROM user WHERE user_name='" .
520 wfStrencode( $s ) . "'";
521 $res = wfQuery( $sql, "User::idForName" );
522 if ( 0 == wfNumRows( $res ) ) { return 0; }
523
524 $s = wfFetchObject( $res );
525 if ( "" == $s ) return 0;
526
527 $gotid = $s->user_id;
528 wfFreeResult( $res );
529 return $gotid;
530 }
531
532 function addToDatabase()
533 {
534 $sql = "INSERT INTO user (user_name,user_password,user_newpassword," .
535 "user_email, user_rights, user_options) " .
536 " VALUES ('" . wfStrencode( $this->mName ) . "', '" .
537 wfStrencode( $this->mPassword ) . "', '" .
538 wfStrencode( $this->mNewpassword ) . "', '" .
539 wfStrencode( $this->mEmail ) . "', '" .
540 wfStrencode( implode( ",", $this->mRights ) ) . "', '" .
541 $this->encodeOptions() . "')";
542 wfQuery( $sql, "User::addToDatabase" );
543 $this->mId = $this->idForName();
544 }
545 }
546
547 ?>
Wiklou, le Wiki du Wiklou