dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
When you log in from cookie, make the session valid for login as well. Not sure what...
[lhc/web/wiklou.git] / includes / User.php
1 <?php
2 /**
3 * See user.txt
4 *
5 */
6
7 # Number of characters in user_token field
8 define( 'USER_TOKEN_LENGTH', 32 );
9
10 # Serialized record version
11 define( 'MW_USER_VERSION', 5 );
12
13 # Some punctuation to prevent editing from broken text-mangling proxies.
14 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
15
16 /**
17 * Thrown by User::setPassword() on error
18 * @addtogroup Exception
19 */
20 class PasswordError extends MWException {
21 // NOP
22 }
23
24 /**
25 * The User object encapsulates all of the user-specific settings (user_id,
26 * name, rights, password, email address, options, last login time). Client
27 * classes use the getXXX() functions to access these fields. These functions
28 * do all the work of determining whether the user is logged in,
29 * whether the requested option can be satisfied from cookies or
30 * whether a database query is needed. Most of the settings needed
31 * for rendering normal pages are set in the cookie to minimize use
32 * of the database.
33 */
34 class User {
35
36 /**
37 * A list of default user toggles, i.e. boolean user preferences that are
38 * displayed by Special:Preferences as checkboxes. This list can be
39 * extended via the UserToggles hook or $wgContLang->getExtraUserToggles().
40 */
41 static public $mToggles = array(
42 'highlightbroken',
43 'justify',
44 'hideminor',
45 'extendwatchlist',
46 'usenewrc',
47 'numberheadings',
48 'showtoolbar',
49 'editondblclick',
50 'editsection',
51 'editsectiononrightclick',
52 'showtoc',
53 'rememberpassword',
54 'editwidth',
55 'watchcreations',
56 'watchdefault',
57 'watchmoves',
58 'watchdeletion',
59 'minordefault',
60 'previewontop',
61 'previewonfirst',
62 'nocache',
63 'enotifwatchlistpages',
64 'enotifusertalkpages',
65 'enotifminoredits',
66 'enotifrevealaddr',
67 'shownumberswatching',
68 'fancysig',
69 'externaleditor',
70 'externaldiff',
71 'showjumplinks',
72 'uselivepreview',
73 'forceeditsummary',
74 'watchlisthideown',
75 'watchlisthidebots',
76 'watchlisthideminor',
77 'ccmeonemails',
78 'diffonly',
79 );
80
81 /**
82 * List of member variables which are saved to the shared cache (memcached).
83 * Any operation which changes the corresponding database fields must
84 * call a cache-clearing function.
85 */
86 static $mCacheVars = array(
87 # user table
88 'mId',
89 'mName',
90 'mRealName',
91 'mPassword',
92 'mNewpassword',
93 'mNewpassTime',
94 'mEmail',
95 'mOptions',
96 'mTouched',
97 'mToken',
98 'mEmailAuthenticated',
99 'mEmailToken',
100 'mEmailTokenExpires',
101 'mRegistration',
102 'mEditCount',
103 # user_group table
104 'mGroups',
105 );
106
107 /**
108 * The cache variable declarations
109 */
110 var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
111 $mEmail, $mOptions, $mTouched, $mToken, $mEmailAuthenticated,
112 $mEmailToken, $mEmailTokenExpires, $mRegistration, $mGroups;
113
114 /**
115 * Whether the cache variables have been loaded
116 */
117 var $mDataLoaded;
118
119 /**
120 * Initialisation data source if mDataLoaded==false. May be one of:
121 * defaults anonymous user initialised from class defaults
122 * name initialise from mName
123 * id initialise from mId
124 * session log in from cookies or session if possible
125 *
126 * Use the User::newFrom*() family of functions to set this.
127 */
128 var $mFrom;
129
130 /**
131 * Lazy-initialised variables, invalidated with clearInstanceCache
132 */
133 var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mSkin, $mRights,
134 $mBlockreason, $mBlock, $mEffectiveGroups;
135
136 /**
137 * Lightweight constructor for anonymous user
138 * Use the User::newFrom* factory functions for other kinds of users
139 */
140 function User() {
141 $this->clearInstanceCache( 'defaults' );
142 }
143
144 /**
145 * Load the user table data for this object from the source given by mFrom
146 */
147 function load() {
148 if ( $this->mDataLoaded ) {
149 return;
150 }
151 wfProfileIn( __METHOD__ );
152
153 # Set it now to avoid infinite recursion in accessors
154 $this->mDataLoaded = true;
155
156 switch ( $this->mFrom ) {
157 case 'defaults':
158 $this->loadDefaults();
159 break;
160 case 'name':
161 $this->mId = self::idFromName( $this->mName );
162 if ( !$this->mId ) {
163 # Nonexistent user placeholder object
164 $this->loadDefaults( $this->mName );
165 } else {
166 $this->loadFromId();
167 }
168 break;
169 case 'id':
170 $this->loadFromId();
171 break;
172 case 'session':
173 $this->loadFromSession();
174 break;
175 default:
176 throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
177 }
178 wfProfileOut( __METHOD__ );
179 }
180
181 /**
182 * Load user table data given mId
183 * @return false if the ID does not exist, true otherwise
184 * @private
185 */
186 function loadFromId() {
187 global $wgMemc;
188 if ( $this->mId == 0 ) {
189 $this->loadDefaults();
190 return false;
191 }
192
193 # Try cache
194 $key = wfMemcKey( 'user', 'id', $this->mId );
195 $data = $wgMemc->get( $key );
196 if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
197 # Object is expired, load from DB
198 $data = false;
199 }
200
201 if ( !$data ) {
202 wfDebug( "Cache miss for user {$this->mId}\n" );
203 # Load from DB
204 if ( !$this->loadFromDatabase() ) {
205 # Can't load from ID, user is anonymous
206 return false;
207 }
208
209 # Save to cache
210 $data = array();
211 foreach ( self::$mCacheVars as $name ) {
212 $data[$name] = $this->$name;
213 }
214 $data['mVersion'] = MW_USER_VERSION;
215 $wgMemc->set( $key, $data );
216 } else {
217 wfDebug( "Got user {$this->mId} from cache\n" );
218 # Restore from cache
219 foreach ( self::$mCacheVars as $name ) {
220 $this->$name = $data[$name];
221 }
222 }
223 return true;
224 }
225
226 /**
227 * Static factory method for creation from username.
228 *
229 * This is slightly less efficient than newFromId(), so use newFromId() if
230 * you have both an ID and a name handy.
231 *
232 * @param string $name Username, validated by Title:newFromText()
233 * @param mixed $validate Validate username. Takes the same parameters as
234 * User::getCanonicalName(), except that true is accepted as an alias
235 * for 'valid', for BC.
236 *
237 * @return User object, or null if the username is invalid. If the username
238 * is not present in the database, the result will be a user object with
239 * a name, zero user ID and default settings.
240 * @static
241 */
242 static function newFromName( $name, $validate = 'valid' ) {
243 if ( $validate === true ) {
244 $validate = 'valid';
245 }
246 $name = self::getCanonicalName( $name, $validate );
247 if ( $name === false ) {
248 return null;
249 } else {
250 # Create unloaded user object
251 $u = new User;
252 $u->mName = $name;
253 $u->mFrom = 'name';
254 return $u;
255 }
256 }
257
258 static function newFromId( $id ) {
259 $u = new User;
260 $u->mId = $id;
261 $u->mFrom = 'id';
262 return $u;
263 }
264
265 /**
266 * Factory method to fetch whichever user has a given email confirmation code.
267 * This code is generated when an account is created or its e-mail address
268 * has changed.
269 *
270 * If the code is invalid or has expired, returns NULL.
271 *
272 * @param string $code
273 * @return User
274 * @static
275 */
276 static function newFromConfirmationCode( $code ) {
277 $dbr = wfGetDB( DB_SLAVE );
278 $id = $dbr->selectField( 'user', 'user_id', array(
279 'user_email_token' => md5( $code ),
280 'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
281 ) );
282 if( $id !== false ) {
283 return User::newFromId( $id );
284 } else {
285 return null;
286 }
287 }
288
289 /**
290 * Create a new user object using data from session or cookies. If the
291 * login credentials are invalid, the result is an anonymous user.
292 *
293 * @return User
294 * @static
295 */
296 static function newFromSession() {
297 $user = new User;
298 $user->mFrom = 'session';
299 return $user;
300 }
301
302 /**
303 * Get username given an id.
304 * @param integer $id Database user id
305 * @return string Nickname of a user
306 * @static
307 */
308 static function whoIs( $id ) {
309 $dbr = wfGetDB( DB_SLAVE );
310 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ), 'User::whoIs' );
311 }
312
313 /**
314 * Get real username given an id.
315 * @param integer $id Database user id
316 * @return string Realname of a user
317 * @static
318 */
319 static function whoIsReal( $id ) {
320 $dbr = wfGetDB( DB_SLAVE );
321 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ), 'User::whoIsReal' );
322 }
323
324 /**
325 * Get database id given a user name
326 * @param string $name Nickname of a user
327 * @return integer|null Database user id (null: if non existent
328 * @static
329 */
330 static function idFromName( $name ) {
331 $nt = Title::newFromText( $name );
332 if( is_null( $nt ) ) {
333 # Illegal name
334 return null;
335 }
336 $dbr = wfGetDB( DB_SLAVE );
337 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );
338
339 if ( $s === false ) {
340 return 0;
341 } else {
342 return $s->user_id;
343 }
344 }
345
346 /**
347 * Does the string match an anonymous IPv4 address?
348 *
349 * This function exists for username validation, in order to reject
350 * usernames which are similar in form to IP addresses. Strings such
351 * as 300.300.300.300 will return true because it looks like an IP
352 * address, despite not being strictly valid.
353 *
354 * We match \d{1,3}\.\d{1,3}\.\d{1,3}\.xxx as an anonymous IP
355 * address because the usemod software would "cloak" anonymous IP
356 * addresses like this, if we allowed accounts like this to be created
357 * new users could get the old edits of these anonymous users.
358 *
359 * @static
360 * @param string $name Nickname of a user
361 * @return bool
362 */
363 static function isIP( $name ) {
364 return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || User::isIPv6($name);
365 /*return preg_match("/^
366 (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
367 (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
368 (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
369 (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))
370 $/x", $name);*/
371 }
372
373 /**
374 * Check if $name is an IPv6 IP.
375 */
376 static function isIPv6($name) {
377 /*
378 * if it has any non-valid characters, it can't be a valid IPv6
379 * address.
380 */
381 if (preg_match("/[^:a-fA-F0-9]/", $name))
382 return false;
383
384 $parts = explode(":", $name);
385 if (count($parts) < 3)
386 return false;
387 foreach ($parts as $part) {
388 if (!preg_match("/^[0-9a-fA-F]{0,4}$/", $part))
389 return false;
390 }
391 return true;
392 }
393
394 /**
395 * Is the input a valid username?
396 *
397 * Checks if the input is a valid username, we don't want an empty string,
398 * an IP address, anything that containins slashes (would mess up subpages),
399 * is longer than the maximum allowed username size or doesn't begin with
400 * a capital letter.
401 *
402 * @param string $name
403 * @return bool
404 * @static
405 */
406 static function isValidUserName( $name ) {
407 global $wgContLang, $wgMaxNameChars;
408
409 if ( $name == ''
410 || User::isIP( $name )
411 || strpos( $name, '/' ) !== false
412 || strlen( $name ) > $wgMaxNameChars
413 || $name != $wgContLang->ucfirst( $name ) )
414 return false;
415
416 // Ensure that the name can't be misresolved as a different title,
417 // such as with extra namespace keys at the start.
418 $parsed = Title::newFromText( $name );
419 if( is_null( $parsed )
420 || $parsed->getNamespace()
421 || strcmp( $name, $parsed->getPrefixedText() ) )
422 return false;
423
424 // Check an additional blacklist of troublemaker characters.
425 // Should these be merged into the title char list?
426 $unicodeBlacklist = '/[' .
427 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
428 '\x{00a0}' . # non-breaking space
429 '\x{2000}-\x{200f}' . # various whitespace
430 '\x{2028}-\x{202f}' . # breaks and control chars
431 '\x{3000}' . # ideographic space
432 '\x{e000}-\x{f8ff}' . # private use
433 ']/u';
434 if( preg_match( $unicodeBlacklist, $name ) ) {
435 return false;
436 }
437
438 return true;
439 }
440
441 /**
442 * Usernames which fail to pass this function will be blocked
443 * from user login and new account registrations, but may be used
444 * internally by batch processes.
445 *
446 * If an account already exists in this form, login will be blocked
447 * by a failure to pass this function.
448 *
449 * @param string $name
450 * @return bool
451 */
452 static function isUsableName( $name ) {
453 global $wgReservedUsernames;
454 return
455 // Must be a usable username, obviously ;)
456 self::isValidUserName( $name ) &&
457
458 // Certain names may be reserved for batch processes.
459 !in_array( $name, $wgReservedUsernames );
460 }
461
462 /**
463 * Usernames which fail to pass this function will be blocked
464 * from new account registrations, but may be used internally
465 * either by batch processes or by user accounts which have
466 * already been created.
467 *
468 * Additional character blacklisting may be added here
469 * rather than in isValidUserName() to avoid disrupting
470 * existing accounts.
471 *
472 * @param string $name
473 * @return bool
474 */
475 static function isCreatableName( $name ) {
476 return
477 self::isUsableName( $name ) &&
478
479 // Registration-time character blacklisting...
480 strpos( $name, '@' ) === false;
481 }
482
483 /**
484 * Is the input a valid password?
485 *
486 * @param string $password
487 * @return bool
488 */
489 function isValidPassword( $password ) {
490 global $wgMinimalPasswordLength, $wgContLang;
491
492 $result = null;
493 if( !wfRunHooks( 'isValidPassword', array( $password, &$result ) ) ) return $result;
494 if ($result === false) return false;
495 return (strlen( $password ) >= $wgMinimalPasswordLength) &&
496 ($wgContLang->lc( $password ) !== $wgContLang->lc( $this->mName ));
497 }
498
499 /**
500 * Does the string match roughly an email address ?
501 *
502 * There used to be a regular expression here, it got removed because it
503 * rejected valid addresses. Actually just check if there is '@' somewhere
504 * in the given address.
505 *
506 * @todo Check for RFC 2822 compilance (bug 959)
507 *
508 * @param string $addr email address
509 * @static
510 * @return bool
511 */
512 static function isValidEmailAddr ( $addr ) {
513 return ( trim( $addr ) != '' ) &&
514 (false !== strpos( $addr, '@' ) );
515 }
516
517 /**
518 * Given unvalidated user input, return a canonical username, or false if
519 * the username is invalid.
520 * @param string $name
521 * @param mixed $validate Type of validation to use:
522 * false No validation
523 * 'valid' Valid for batch processes
524 * 'usable' Valid for batch processes and login
525 * 'creatable' Valid for batch processes, login and account creation
526 */
527 static function getCanonicalName( $name, $validate = 'valid' ) {
528 # Force usernames to capital
529 global $wgContLang;
530 $name = $wgContLang->ucfirst( $name );
531
532 # Reject names containing '#'; these will be cleaned up
533 # with title normalisation, but then it's too late to
534 # check elsewhere
535 if( strpos( $name, '#' ) !== false )
536 return false;
537
538 # Clean up name according to title rules
539 $t = Title::newFromText( $name );
540 if( is_null( $t ) ) {
541 return false;
542 }
543
544 # Reject various classes of invalid names
545 $name = $t->getText();
546 global $wgAuth;
547 $name = $wgAuth->getCanonicalName( $t->getText() );
548
549 switch ( $validate ) {
550 case false:
551 break;
552 case 'valid':
553 if ( !User::isValidUserName( $name ) ) {
554 $name = false;
555 }
556 break;
557 case 'usable':
558 if ( !User::isUsableName( $name ) ) {
559 $name = false;
560 }
561 break;
562 case 'creatable':
563 if ( !User::isCreatableName( $name ) ) {
564 $name = false;
565 }
566 break;
567 default:
568 throw new MWException( 'Invalid parameter value for $validate in '.__METHOD__ );
569 }
570 return $name;
571 }
572
573 /**
574 * Count the number of edits of a user
575 *
576 * It should not be static and some day should be merged as proper member function / deprecated -- domas
577 *
578 * @param int $uid The user ID to check
579 * @return int
580 * @static
581 */
582 static function edits( $uid ) {
583 wfProfileIn( __METHOD__ );
584 $dbr = wfGetDB( DB_SLAVE );
585 // check if the user_editcount field has been initialized
586 $field = $dbr->selectField(
587 'user', 'user_editcount',
588 array( 'user_id' => $uid ),
589 __METHOD__
590 );
591
592 if( $field === null ) { // it has not been initialized. do so.
593 $dbw = wfGetDb( DB_MASTER );
594 $count = $dbr->selectField(
595 'revision', 'count(*)',
596 array( 'rev_user' => $uid ),
597 __METHOD__
598 );
599 $dbw->update(
600 'user',
601 array( 'user_editcount' => $count ),
602 array( 'user_id' => $uid ),
603 __METHOD__
604 );
605 } else {
606 $count = $field;
607 }
608 wfProfileOut( __METHOD__ );
609 return $count;
610 }
611
612 /**
613 * Return a random password. Sourced from mt_rand, so it's not particularly secure.
614 * @todo hash random numbers to improve security, like generateToken()
615 *
616 * @return string
617 * @static
618 */
619 static function randomPassword() {
620 global $wgMinimalPasswordLength;
621 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
622 $l = strlen( $pwchars ) - 1;
623
624 $pwlength = max( 7, $wgMinimalPasswordLength );
625 $digit = mt_rand(0, $pwlength - 1);
626 $np = '';
627 for ( $i = 0; $i < $pwlength; $i++ ) {
628 $np .= $i == $digit ? chr( mt_rand(48, 57) ) : $pwchars{ mt_rand(0, $l)};
629 }
630 return $np;
631 }
632
633 /**
634 * Set cached properties to default. Note: this no longer clears
635 * uncached lazy-initialised properties. The constructor does that instead.
636 *
637 * @private
638 */
639 function loadDefaults( $name = false ) {
640 wfProfileIn( __METHOD__ );
641
642 global $wgCookiePrefix;
643
644 $this->mId = 0;
645 $this->mName = $name;
646 $this->mRealName = '';
647 $this->mPassword = $this->mNewpassword = '';
648 $this->mNewpassTime = null;
649 $this->mEmail = '';
650 $this->mOptions = null; # Defer init
651
652 if ( isset( $_COOKIE[$wgCookiePrefix.'LoggedOut'] ) ) {
653 $this->mTouched = wfTimestamp( TS_MW, $_COOKIE[$wgCookiePrefix.'LoggedOut'] );
654 } else {
655 $this->mTouched = '0'; # Allow any pages to be cached
656 }
657
658 $this->setToken(); # Random
659 $this->mEmailAuthenticated = null;
660 $this->mEmailToken = '';
661 $this->mEmailTokenExpires = null;
662 $this->mRegistration = wfTimestamp( TS_MW );
663 $this->mGroups = array();
664
665 wfProfileOut( __METHOD__ );
666 }
667
668 /**
669 * Initialise php session
670 * @deprecated use wfSetupSession()
671 */
672 function SetupSession() {
673 wfSetupSession();
674 }
675
676 /**
677 * Load user data from the session or login cookie. If there are no valid
678 * credentials, initialises the user as an anon.
679 * @return true if the user is logged in, false otherwise
680 */
681 private function loadFromSession() {
682 global $wgMemc, $wgCookiePrefix;
683
684 if ( isset( $_SESSION['wsUserID'] ) ) {
685 if ( 0 != $_SESSION['wsUserID'] ) {
686 $sId = $_SESSION['wsUserID'];
687 } else {
688 $this->loadDefaults();
689 return false;
690 }
691 } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserID"] ) ) {
692 $sId = intval( $_COOKIE["{$wgCookiePrefix}UserID"] );
693 $_SESSION['wsUserID'] = $sId;
694 } else {
695 $this->loadDefaults();
696 return false;
697 }
698 if ( isset( $_SESSION['wsUserName'] ) ) {
699 $sName = $_SESSION['wsUserName'];
700 } else if ( isset( $_COOKIE["{$wgCookiePrefix}UserName"] ) ) {
701 $sName = $_COOKIE["{$wgCookiePrefix}UserName"];
702 $_SESSION['wsUserName'] = $sName;
703 } else {
704 $this->loadDefaults();
705 return false;
706 }
707
708 $passwordCorrect = FALSE;
709 $this->mId = $sId;
710 if ( !$this->loadFromId() ) {
711 # Not a valid ID, loadFromId has switched the object to anon for us
712 return false;
713 }
714
715 if ( isset( $_SESSION['wsToken'] ) ) {
716 $passwordCorrect = $_SESSION['wsToken'] == $this->mToken;
717 $from = 'session';
718 } else if ( isset( $_COOKIE["{$wgCookiePrefix}Token"] ) ) {
719 $passwordCorrect = $this->mToken == $_COOKIE["{$wgCookiePrefix}Token"];
720 $from = 'cookie';
721 } else {
722 # No session or persistent login cookie
723 $this->loadDefaults();
724 return false;
725 }
726
727 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
728 $_SESSION['wsToken'] = $this->mToken;
729 wfDebug( "Logged in from $from\n" );
730 return true;
731 } else {
732 # Invalid credentials
733 wfDebug( "Can't log in from $from, invalid credentials\n" );
734 $this->loadDefaults();
735 return false;
736 }
737 }
738
739 /**
740 * Load user and user_group data from the database
741 * $this->mId must be set, this is how the user is identified.
742 *
743 * @return true if the user exists, false if the user is anonymous
744 * @private
745 */
746 function loadFromDatabase() {
747 # Paranoia
748 $this->mId = intval( $this->mId );
749
750 /** Anonymous user */
751 if( !$this->mId ) {
752 $this->loadDefaults();
753 return false;
754 }
755
756 $dbr = wfGetDB( DB_MASTER );
757 $s = $dbr->selectRow( 'user', '*', array( 'user_id' => $this->mId ), __METHOD__ );
758
759 if ( $s !== false ) {
760 # Initialise user table data
761 $this->mName = $s->user_name;
762 $this->mRealName = $s->user_real_name;
763 $this->mPassword = $s->user_password;
764 $this->mNewpassword = $s->user_newpassword;
765 $this->mNewpassTime = wfTimestampOrNull( TS_MW, $s->user_newpass_time );
766 $this->mEmail = $s->user_email;
767 $this->decodeOptions( $s->user_options );
768 $this->mTouched = wfTimestamp(TS_MW,$s->user_touched);
769 $this->mToken = $s->user_token;
770 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $s->user_email_authenticated );
771 $this->mEmailToken = $s->user_email_token;
772 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $s->user_email_token_expires );
773 $this->mRegistration = wfTimestampOrNull( TS_MW, $s->user_registration );
774 $this->mEditCount = $s->user_editcount;
775 $this->getEditCount(); // revalidation for nulls
776
777 # Load group data
778 $res = $dbr->select( 'user_groups',
779 array( 'ug_group' ),
780 array( 'ug_user' => $this->mId ),
781 __METHOD__ );
782 $this->mGroups = array();
783 while( $row = $dbr->fetchObject( $res ) ) {
784 $this->mGroups[] = $row->ug_group;
785 }
786 return true;
787 } else {
788 # Invalid user_id
789 $this->mId = 0;
790 $this->loadDefaults();
791 return false;
792 }
793 }
794
795 /**
796 * Clear various cached data stored in this object.
797 * @param string $reloadFrom Reload user and user_groups table data from a
798 * given source. May be "name", "id", "defaults", "session" or false for
799 * no reload.
800 */
801 function clearInstanceCache( $reloadFrom = false ) {
802 $this->mNewtalk = -1;
803 $this->mDatePreference = null;
804 $this->mBlockedby = -1; # Unset
805 $this->mHash = false;
806 $this->mSkin = null;
807 $this->mRights = null;
808 $this->mEffectiveGroups = null;
809
810 if ( $reloadFrom ) {
811 $this->mDataLoaded = false;
812 $this->mFrom = $reloadFrom;
813 }
814 }
815
816 /**
817 * Combine the language default options with any site-specific options
818 * and add the default language variants.
819 * Not really private cause it's called by Language class
820 * @return array
821 * @static
822 * @private
823 */
824 static function getDefaultOptions() {
825 global $wgNamespacesToBeSearchedDefault;
826 /**
827 * Site defaults will override the global/language defaults
828 */
829 global $wgDefaultUserOptions, $wgContLang;
830 $defOpt = $wgDefaultUserOptions + $wgContLang->getDefaultUserOptionOverrides();
831
832 /**
833 * default language setting
834 */
835 $variant = $wgContLang->getPreferredVariant( false );
836 $defOpt['variant'] = $variant;
837 $defOpt['language'] = $variant;
838
839 foreach( $wgNamespacesToBeSearchedDefault as $nsnum => $val ) {
840 $defOpt['searchNs'.$nsnum] = $val;
841 }
842 return $defOpt;
843 }
844
845 /**
846 * Get a given default option value.
847 *
848 * @param string $opt
849 * @return string
850 * @static
851 * @public
852 */
853 function getDefaultOption( $opt ) {
854 $defOpts = User::getDefaultOptions();
855 if( isset( $defOpts[$opt] ) ) {
856 return $defOpts[$opt];
857 } else {
858 return '';
859 }
860 }
861
862 /**
863 * Get a list of user toggle names
864 * @return array
865 */
866 static function getToggles() {
867 global $wgContLang;
868 $extraToggles = array();
869 wfRunHooks( 'UserToggles', array( &$extraToggles ) );
870 return array_merge( self::$mToggles, $extraToggles, $wgContLang->getExtraUserToggles() );
871 }
872
873
874 /**
875 * Get blocking information
876 * @private
877 * @param bool $bFromSlave Specify whether to check slave or master. To improve performance,
878 * non-critical checks are done against slaves. Check when actually saving should be done against
879 * master.
880 */
881 function getBlockedStatus( $bFromSlave = true ) {
882 global $wgEnableSorbs, $wgProxyWhitelist;
883
884 if ( -1 != $this->mBlockedby ) {
885 wfDebug( "User::getBlockedStatus: already loaded.\n" );
886 return;
887 }
888
889 wfProfileIn( __METHOD__ );
890 wfDebug( __METHOD__.": checking...\n" );
891
892 $this->mBlockedby = 0;
893 $this->mHideName = 0;
894 $ip = wfGetIP();
895
896 if ($this->isAllowed( 'ipblock-exempt' ) ) {
897 # Exempt from all types of IP-block
898 $ip = '';
899 }
900
901 # User/IP blocking
902 $this->mBlock = new Block();
903 $this->mBlock->fromMaster( !$bFromSlave );
904 if ( $this->mBlock->load( $ip , $this->mId ) ) {
905 wfDebug( __METHOD__.": Found block.\n" );
906 $this->mBlockedby = $this->mBlock->mBy;
907 $this->mBlockreason = $this->mBlock->mReason;
908 $this->mHideName = $this->mBlock->mHideName;
909 if ( $this->isLoggedIn() ) {
910 $this->spreadBlock();
911 }
912 } else {
913 $this->mBlock = null;
914 wfDebug( __METHOD__.": No block.\n" );
915 }
916
917 # Proxy blocking
918 if ( !$this->isAllowed('proxyunbannable') && !in_array( $ip, $wgProxyWhitelist ) ) {
919
920 # Local list
921 if ( wfIsLocallyBlockedProxy( $ip ) ) {
922 $this->mBlockedby = wfMsg( 'proxyblocker' );
923 $this->mBlockreason = wfMsg( 'proxyblockreason' );
924 }
925
926 # DNSBL
927 if ( !$this->mBlockedby && $wgEnableSorbs && !$this->getID() ) {
928 if ( $this->inSorbsBlacklist( $ip ) ) {
929 $this->mBlockedby = wfMsg( 'sorbs' );
930 $this->mBlockreason = wfMsg( 'sorbsreason' );
931 }
932 }
933 }
934
935 # Extensions
936 wfRunHooks( 'GetBlockedStatus', array( &$this ) );
937
938 wfProfileOut( __METHOD__ );
939 }
940
941 function inSorbsBlacklist( $ip ) {
942 global $wgEnableSorbs, $wgSorbsUrl;
943
944 return $wgEnableSorbs &&
945 $this->inDnsBlacklist( $ip, $wgSorbsUrl );
946 }
947
948 function inDnsBlacklist( $ip, $base ) {
949 wfProfileIn( __METHOD__ );
950
951 $found = false;
952 $host = '';
953
954 $m = array();
955 if ( preg_match( '/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/', $ip, $m ) ) {
956 # Make hostname
957 for ( $i=4; $i>=1; $i-- ) {
958 $host .= $m[$i] . '.';
959 }
960 $host .= $base;
961
962 # Send query
963 $ipList = gethostbynamel( $host );
964
965 if ( $ipList ) {
966 wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy says $base!\n" );
967 $found = true;
968 } else {
969 wfDebug( "Requested $host, not found in $base.\n" );
970 }
971 }
972
973 wfProfileOut( __METHOD__ );
974 return $found;
975 }
976
977 /**
978 * Is this user subject to rate limiting?
979 *
980 * @return bool
981 */
982 public function isPingLimitable() {
983 global $wgRateLimitsExcludedGroups;
984 return array_intersect($this->getEffectiveGroups(), $wgRateLimitsExcludedGroups) == array();
985 }
986
987 /**
988 * Primitive rate limits: enforce maximum actions per time period
989 * to put a brake on flooding.
990 *
991 * Note: when using a shared cache like memcached, IP-address
992 * last-hit counters will be shared across wikis.
993 *
994 * @return bool true if a rate limiter was tripped
995 * @public
996 */
997 function pingLimiter( $action='edit' ) {
998
999 # Call the 'PingLimiter' hook
1000 $result = false;
1001 if( !wfRunHooks( 'PingLimiter', array( &$this, $action, $result ) ) ) {
1002 return $result;
1003 }
1004
1005 global $wgRateLimits, $wgRateLimitsExcludedGroups;
1006 if( !isset( $wgRateLimits[$action] ) ) {
1007 return false;
1008 }
1009
1010 # Some groups shouldn't trigger the ping limiter, ever
1011 if( !$this->isPingLimitable() )
1012 return false;
1013
1014 global $wgMemc, $wgRateLimitLog;
1015 wfProfileIn( __METHOD__ );
1016
1017 $limits = $wgRateLimits[$action];
1018 $keys = array();
1019 $id = $this->getId();
1020 $ip = wfGetIP();
1021
1022 if( isset( $limits['anon'] ) && $id == 0 ) {
1023 $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
1024 }
1025
1026 if( isset( $limits['user'] ) && $id != 0 ) {
1027 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['user'];
1028 }
1029 if( $this->isNewbie() ) {
1030 if( isset( $limits['newbie'] ) && $id != 0 ) {
1031 $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
1032 }
1033 if( isset( $limits['ip'] ) ) {
1034 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
1035 }
1036 $matches = array();
1037 if( isset( $limits['subnet'] ) && preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
1038 $subnet = $matches[1];
1039 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
1040 }
1041 }
1042
1043 $triggered = false;
1044 foreach( $keys as $key => $limit ) {
1045 list( $max, $period ) = $limit;
1046 $summary = "(limit $max in {$period}s)";
1047 $count = $wgMemc->get( $key );
1048 if( $count ) {
1049 if( $count > $max ) {
1050 wfDebug( __METHOD__.": tripped! $key at $count $summary\n" );
1051 if( $wgRateLimitLog ) {
1052 @error_log( wfTimestamp( TS_MW ) . ' ' . wfWikiID() . ': ' . $this->getName() . " tripped $key at $count $summary\n", 3, $wgRateLimitLog );
1053 }
1054 $triggered = true;
1055 } else {
1056 wfDebug( __METHOD__.": ok. $key at $count $summary\n" );
1057 }
1058 } else {
1059 wfDebug( __METHOD__.": adding record for $key $summary\n" );
1060 $wgMemc->add( $key, 1, intval( $period ) );
1061 }
1062 $wgMemc->incr( $key );
1063 }
1064
1065 wfProfileOut( __METHOD__ );
1066 return $triggered;
1067 }
1068
1069 /**
1070 * Check if user is blocked
1071 * @return bool True if blocked, false otherwise
1072 */
1073 function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
1074 wfDebug( "User::isBlocked: enter\n" );
1075 $this->getBlockedStatus( $bFromSlave );
1076 return $this->mBlockedby !== 0;
1077 }
1078
1079 /**
1080 * Check if user is blocked from editing a particular article
1081 */
1082 function isBlockedFrom( $title, $bFromSlave = false ) {
1083 global $wgBlockAllowsUTEdit;
1084 wfProfileIn( __METHOD__ );
1085 wfDebug( __METHOD__.": enter\n" );
1086
1087 wfDebug( __METHOD__.": asking isBlocked()\n" );
1088 $blocked = $this->isBlocked( $bFromSlave );
1089 # If a user's name is suppressed, they cannot make edits anywhere
1090 if ( !$this->mHideName && $wgBlockAllowsUTEdit && $title->getText() === $this->getName() &&
1091 $title->getNamespace() == NS_USER_TALK ) {
1092 $blocked = false;
1093 wfDebug( __METHOD__.": self-talk page, ignoring any blocks\n" );
1094 }
1095 wfProfileOut( __METHOD__ );
1096 return $blocked;
1097 }
1098
1099 /**
1100 * Get name of blocker
1101 * @return string name of blocker
1102 */
1103 function blockedBy() {
1104 $this->getBlockedStatus();
1105 return $this->mBlockedby;
1106 }
1107
1108 /**
1109 * Get blocking reason
1110 * @return string Blocking reason
1111 */
1112 function blockedFor() {
1113 $this->getBlockedStatus();
1114 return $this->mBlockreason;
1115 }
1116
1117 /**
1118 * Get the user ID. Returns 0 if the user is anonymous or nonexistent.
1119 */
1120 function getID() {
1121 $this->load();
1122 return $this->mId;
1123 }
1124
1125 /**
1126 * Set the user and reload all fields according to that ID
1127 * @deprecated use User::newFromId()
1128 */
1129 function setID( $v ) {
1130 $this->mId = $v;
1131 $this->clearInstanceCache( 'id' );
1132 }
1133
1134 /**
1135 * Get the user name, or the IP for anons
1136 */
1137 function getName() {
1138 if ( !$this->mDataLoaded && $this->mFrom == 'name' ) {
1139 # Special case optimisation
1140 return $this->mName;
1141 } else {
1142 $this->load();
1143 if ( $this->mName === false ) {
1144 # Clean up IPs
1145 $this->mName = IP::sanitizeIP( wfGetIP() );
1146 }
1147 return $this->mName;
1148 }
1149 }
1150
1151 /**
1152 * Set the user name.
1153 *
1154 * This does not reload fields from the database according to the given
1155 * name. Rather, it is used to create a temporary "nonexistent user" for
1156 * later addition to the database. It can also be used to set the IP
1157 * address for an anonymous user to something other than the current
1158 * remote IP.
1159 *
1160 * User::newFromName() has rougly the same function, when the named user
1161 * does not exist.
1162 */
1163 function setName( $str ) {
1164 $this->load();
1165 $this->mName = $str;
1166 }
1167
1168 /**
1169 * Return the title dbkey form of the name, for eg user pages.
1170 * @return string
1171 * @public
1172 */
1173 function getTitleKey() {
1174 return str_replace( ' ', '_', $this->getName() );
1175 }
1176
1177 function getNewtalk() {
1178 $this->load();
1179
1180 # Load the newtalk status if it is unloaded (mNewtalk=-1)
1181 if( $this->mNewtalk === -1 ) {
1182 $this->mNewtalk = false; # reset talk page status
1183
1184 # Check memcached separately for anons, who have no
1185 # entire User object stored in there.
1186 if( !$this->mId ) {
1187 global $wgMemc;
1188 $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
1189 $newtalk = $wgMemc->get( $key );
1190 if( $newtalk != "" ) {
1191 $this->mNewtalk = (bool)$newtalk;
1192 } else {
1193 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName() );
1194 $wgMemc->set( $key, (int)$this->mNewtalk, time() + 1800 );
1195 }
1196 } else {
1197 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
1198 }
1199 }
1200
1201 return (bool)$this->mNewtalk;
1202 }
1203
1204 /**
1205 * Return the talk page(s) this user has new messages on.
1206 */
1207 function getNewMessageLinks() {
1208 $talks = array();
1209 if (!wfRunHooks('UserRetrieveNewTalks', array(&$this, &$talks)))
1210 return $talks;
1211
1212 if (!$this->getNewtalk())
1213 return array();
1214 $up = $this->getUserPage();
1215 $utp = $up->getTalkPage();
1216 return array(array("wiki" => wfWikiID(), "link" => $utp->getLocalURL()));
1217 }
1218
1219
1220 /**
1221 * Perform a user_newtalk check on current slaves; if the memcached data
1222 * is funky we don't want newtalk state to get stuck on save, as that's
1223 * damn annoying.
1224 *
1225 * @param string $field
1226 * @param mixed $id
1227 * @return bool
1228 * @private
1229 */
1230 function checkNewtalk( $field, $id ) {
1231 $dbr = wfGetDB( DB_SLAVE );
1232 $ok = $dbr->selectField( 'user_newtalk', $field,
1233 array( $field => $id ), __METHOD__ );
1234 return $ok !== false;
1235 }
1236
1237 /**
1238 * Add or update the
1239 * @param string $field
1240 * @param mixed $id
1241 * @private
1242 */
1243 function updateNewtalk( $field, $id ) {
1244 if( $this->checkNewtalk( $field, $id ) ) {
1245 wfDebug( __METHOD__." already set ($field, $id), ignoring\n" );
1246 return false;
1247 }
1248 $dbw = wfGetDB( DB_MASTER );
1249 $dbw->insert( 'user_newtalk',
1250 array( $field => $id ),
1251 __METHOD__,
1252 'IGNORE' );
1253 wfDebug( __METHOD__.": set on ($field, $id)\n" );
1254 return true;
1255 }
1256
1257 /**
1258 * Clear the new messages flag for the given user
1259 * @param string $field
1260 * @param mixed $id
1261 * @private
1262 */
1263 function deleteNewtalk( $field, $id ) {
1264 if( !$this->checkNewtalk( $field, $id ) ) {
1265 wfDebug( __METHOD__.": already gone ($field, $id), ignoring\n" );
1266 return false;
1267 }
1268 $dbw = wfGetDB( DB_MASTER );
1269 $dbw->delete( 'user_newtalk',
1270 array( $field => $id ),
1271 __METHOD__ );
1272 wfDebug( __METHOD__.": killed on ($field, $id)\n" );
1273 return true;
1274 }
1275
1276 /**
1277 * Update the 'You have new messages!' status.
1278 * @param bool $val
1279 */
1280 function setNewtalk( $val ) {
1281 if( wfReadOnly() ) {
1282 return;
1283 }
1284
1285 $this->load();
1286 $this->mNewtalk = $val;
1287
1288 if( $this->isAnon() ) {
1289 $field = 'user_ip';
1290 $id = $this->getName();
1291 } else {
1292 $field = 'user_id';
1293 $id = $this->getId();
1294 }
1295
1296 if( $val ) {
1297 $changed = $this->updateNewtalk( $field, $id );
1298 } else {
1299 $changed = $this->deleteNewtalk( $field, $id );
1300 }
1301
1302 if( $changed ) {
1303 if( $this->isAnon() ) {
1304 // Anons have a separate memcached space, since
1305 // user records aren't kept for them.
1306 global $wgMemc;
1307 $key = wfMemcKey( 'newtalk', 'ip', $val );
1308 $wgMemc->set( $key, $val ? 1 : 0 );
1309 } else {
1310 if( $val ) {
1311 // Make sure the user page is watched, so a notification
1312 // will be sent out if enabled.
1313 $this->addWatch( $this->getTalkPage() );
1314 }
1315 }
1316 $this->invalidateCache();
1317 }
1318 }
1319
1320 /**
1321 * Generate a current or new-future timestamp to be stored in the
1322 * user_touched field when we update things.
1323 */
1324 private static function newTouchedTimestamp() {
1325 global $wgClockSkewFudge;
1326 return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
1327 }
1328
1329 /**
1330 * Clear user data from memcached.
1331 * Use after applying fun updates to the database; caller's
1332 * responsibility to update user_touched if appropriate.
1333 *
1334 * Called implicitly from invalidateCache() and saveSettings().
1335 */
1336 private function clearSharedCache() {
1337 if( $this->mId ) {
1338 global $wgMemc;
1339 $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
1340 }
1341 }
1342
1343 /**
1344 * Immediately touch the user data cache for this account.
1345 * Updates user_touched field, and removes account data from memcached
1346 * for reload on the next hit.
1347 */
1348 function invalidateCache() {
1349 $this->load();
1350 if( $this->mId ) {
1351 $this->mTouched = self::newTouchedTimestamp();
1352
1353 $dbw = wfGetDB( DB_MASTER );
1354 $dbw->update( 'user',
1355 array( 'user_touched' => $dbw->timestamp( $this->mTouched ) ),
1356 array( 'user_id' => $this->mId ),
1357 __METHOD__ );
1358
1359 $this->clearSharedCache();
1360 }
1361 }
1362
1363 function validateCache( $timestamp ) {
1364 $this->load();
1365 return ($timestamp >= $this->mTouched);
1366 }
1367
1368 /**
1369 * Encrypt a password.
1370 * It can eventuall salt a password @see User::addSalt()
1371 * @param string $p clear Password.
1372 * @return string Encrypted password.
1373 */
1374 function encryptPassword( $p ) {
1375 $this->load();
1376 return wfEncryptPassword( $this->mId, $p );
1377 }
1378
1379 /**
1380 * Set the password and reset the random token
1381 * Calls through to authentication plugin if necessary;
1382 * will have no effect if the auth plugin refuses to
1383 * pass the change through or if the legal password
1384 * checks fail.
1385 *
1386 * As a special case, setting the password to null
1387 * wipes it, so the account cannot be logged in until
1388 * a new password is set, for instance via e-mail.
1389 *
1390 * @param string $str
1391 * @throws PasswordError on failure
1392 */
1393 function setPassword( $str ) {
1394 global $wgAuth;
1395
1396 if( $str !== null ) {
1397 if( !$wgAuth->allowPasswordChange() ) {
1398 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
1399 }
1400
1401 if( !$this->isValidPassword( $str ) ) {
1402 global $wgMinimalPasswordLength;
1403 throw new PasswordError( wfMsg( 'passwordtooshort',
1404 $wgMinimalPasswordLength ) );
1405 }
1406 }
1407
1408 if( !$wgAuth->setPassword( $this, $str ) ) {
1409 throw new PasswordError( wfMsg( 'externaldberror' ) );
1410 }
1411
1412 $this->setInternalPassword( $str );
1413
1414 return true;
1415 }
1416
1417 /**
1418 * Set the password and reset the random token no matter
1419 * what.
1420 *
1421 * @param string $str
1422 */
1423 function setInternalPassword( $str ) {
1424 $this->load();
1425 $this->setToken();
1426
1427 if( $str === null ) {
1428 // Save an invalid hash...
1429 $this->mPassword = '';
1430 } else {
1431 $this->mPassword = $this->encryptPassword( $str );
1432 }
1433 $this->mNewpassword = '';
1434 $this->mNewpassTime = null;
1435 }
1436 /**
1437 * Set the random token (used for persistent authentication)
1438 * Called from loadDefaults() among other places.
1439 * @private
1440 */
1441 function setToken( $token = false ) {
1442 global $wgSecretKey, $wgProxyKey;
1443 $this->load();
1444 if ( !$token ) {
1445 if ( $wgSecretKey ) {
1446 $key = $wgSecretKey;
1447 } elseif ( $wgProxyKey ) {
1448 $key = $wgProxyKey;
1449 } else {
1450 $key = microtime();
1451 }
1452 $this->mToken = md5( $key . mt_rand( 0, 0x7fffffff ) . wfWikiID() . $this->mId );
1453 } else {
1454 $this->mToken = $token;
1455 }
1456 }
1457
1458 function setCookiePassword( $str ) {
1459 $this->load();
1460 $this->mCookiePassword = md5( $str );
1461 }
1462
1463 /**
1464 * Set the password for a password reminder or new account email
1465 * Sets the user_newpass_time field if $throttle is true
1466 */
1467 function setNewpassword( $str, $throttle = true ) {
1468 $this->load();
1469 $this->mNewpassword = $this->encryptPassword( $str );
1470 if ( $throttle ) {
1471 $this->mNewpassTime = wfTimestampNow();
1472 }
1473 }
1474
1475 /**
1476 * Returns true if a password reminder email has already been sent within
1477 * the last $wgPasswordReminderResendTime hours
1478 */
1479 function isPasswordReminderThrottled() {
1480 global $wgPasswordReminderResendTime;
1481 $this->load();
1482 if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
1483 return false;
1484 }
1485 $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
1486 return time() < $expiry;
1487 }
1488
1489 function getEmail() {
1490 $this->load();
1491 return $this->mEmail;
1492 }
1493
1494 function getEmailAuthenticationTimestamp() {
1495 $this->load();
1496 return $this->mEmailAuthenticated;
1497 }
1498
1499 function setEmail( $str ) {
1500 $this->load();
1501 $this->mEmail = $str;
1502 }
1503
1504 function getRealName() {
1505 $this->load();
1506 return $this->mRealName;
1507 }
1508
1509 function setRealName( $str ) {
1510 $this->load();
1511 $this->mRealName = $str;
1512 }
1513
1514 /**
1515 * @param string $oname The option to check
1516 * @param string $defaultOverride A default value returned if the option does not exist
1517 * @return string
1518 */
1519 function getOption( $oname, $defaultOverride = '' ) {
1520 $this->load();
1521
1522 if ( is_null( $this->mOptions ) ) {
1523 if($defaultOverride != '') {
1524 return $defaultOverride;
1525 }
1526 $this->mOptions = User::getDefaultOptions();
1527 }
1528
1529 if ( array_key_exists( $oname, $this->mOptions ) ) {
1530 return trim( $this->mOptions[$oname] );
1531 } else {
1532 return $defaultOverride;
1533 }
1534 }
1535
1536 /**
1537 * Get the user's date preference, including some important migration for
1538 * old user rows.
1539 */
1540 function getDatePreference() {
1541 if ( is_null( $this->mDatePreference ) ) {
1542 global $wgLang;
1543 $value = $this->getOption( 'date' );
1544 $map = $wgLang->getDatePreferenceMigrationMap();
1545 if ( isset( $map[$value] ) ) {
1546 $value = $map[$value];
1547 }
1548 $this->mDatePreference = $value;
1549 }
1550 return $this->mDatePreference;
1551 }
1552
1553 /**
1554 * @param string $oname The option to check
1555 * @return bool False if the option is not selected, true if it is
1556 */
1557 function getBoolOption( $oname ) {
1558 return (bool)$this->getOption( $oname );
1559 }
1560
1561 /**
1562 * Get an option as an integer value from the source string.
1563 * @param string $oname The option to check
1564 * @param int $default Optional value to return if option is unset/blank.
1565 * @return int
1566 */
1567 function getIntOption( $oname, $default=0 ) {
1568 $val = $this->getOption( $oname );
1569 if( $val == '' ) {
1570 $val = $default;
1571 }
1572 return intval( $val );
1573 }
1574
1575 function setOption( $oname, $val ) {
1576 $this->load();
1577 if ( is_null( $this->mOptions ) ) {
1578 $this->mOptions = User::getDefaultOptions();
1579 }
1580 if ( $oname == 'skin' ) {
1581 # Clear cached skin, so the new one displays immediately in Special:Preferences
1582 unset( $this->mSkin );
1583 }
1584 // Filter out any newlines that may have passed through input validation.
1585 // Newlines are used to separate items in the options blob.
1586 $val = str_replace( "\r\n", "\n", $val );
1587 $val = str_replace( "\r", "\n", $val );
1588 $val = str_replace( "\n", " ", $val );
1589 $this->mOptions[$oname] = $val;
1590 }
1591
1592 function getRights() {
1593 if ( is_null( $this->mRights ) ) {
1594 $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
1595 }
1596 return $this->mRights;
1597 }
1598
1599 /**
1600 * Get the list of explicit group memberships this user has.
1601 * The implicit * and user groups are not included.
1602 * @return array of strings
1603 */
1604 function getGroups() {
1605 $this->load();
1606 return $this->mGroups;
1607 }
1608
1609 /**
1610 * Get the list of implicit group memberships this user has.
1611 * This includes all explicit groups, plus 'user' if logged in
1612 * and '*' for all accounts.
1613 * @param boolean $recache Don't use the cache
1614 * @return array of strings
1615 */
1616 function getEffectiveGroups( $recache = false ) {
1617 if ( $recache || is_null( $this->mEffectiveGroups ) ) {
1618 $this->load();
1619 $this->mEffectiveGroups = $this->mGroups;
1620 $this->mEffectiveGroups[] = '*';
1621 if( $this->mId ) {
1622 $this->mEffectiveGroups[] = 'user';
1623
1624 global $wgAutoConfirmAge, $wgAutoConfirmCount;
1625
1626 $accountAge = time() - wfTimestampOrNull( TS_UNIX, $this->mRegistration );
1627 if( $accountAge >= $wgAutoConfirmAge && $this->getEditCount() >= $wgAutoConfirmCount ) {
1628 $this->mEffectiveGroups[] = 'autoconfirmed';
1629 }
1630 # Implicit group for users whose email addresses are confirmed
1631 global $wgEmailAuthentication;
1632 if( self::isValidEmailAddr( $this->mEmail ) ) {
1633 if( $wgEmailAuthentication ) {
1634 if( $this->mEmailAuthenticated )
1635 $this->mEffectiveGroups[] = 'emailconfirmed';
1636 } else {
1637 $this->mEffectiveGroups[] = 'emailconfirmed';
1638 }
1639 }
1640 }
1641 }
1642 return $this->mEffectiveGroups;
1643 }
1644
1645 /* Return the edit count for the user. This is where User::edits should have been */
1646 function getEditCount() {
1647 if ($this->mId) {
1648 if ( !isset( $this->mEditCount ) ) {
1649 /* Populate the count, if it has not been populated yet */
1650 $this->mEditCount = User::edits($this->mId);
1651 }
1652 return $this->mEditCount;
1653 } else {
1654 /* nil */
1655 return null;
1656 }
1657 }
1658
1659 /**
1660 * Add the user to the given group.
1661 * This takes immediate effect.
1662 * @param string $group
1663 */
1664 function addGroup( $group ) {
1665 $this->load();
1666 $dbw = wfGetDB( DB_MASTER );
1667 if( $this->getId() ) {
1668 $dbw->insert( 'user_groups',
1669 array(
1670 'ug_user' => $this->getID(),
1671 'ug_group' => $group,
1672 ),
1673 'User::addGroup',
1674 array( 'IGNORE' ) );
1675 }
1676
1677 $this->mGroups[] = $group;
1678 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
1679
1680 $this->invalidateCache();
1681 }
1682
1683 /**
1684 * Remove the user from the given group.
1685 * This takes immediate effect.
1686 * @param string $group
1687 */
1688 function removeGroup( $group ) {
1689 $this->load();
1690 $dbw = wfGetDB( DB_MASTER );
1691 $dbw->delete( 'user_groups',
1692 array(
1693 'ug_user' => $this->getID(),
1694 'ug_group' => $group,
1695 ),
1696 'User::removeGroup' );
1697
1698 $this->mGroups = array_diff( $this->mGroups, array( $group ) );
1699 $this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
1700
1701 $this->invalidateCache();
1702 }
1703
1704
1705 /**
1706 * A more legible check for non-anonymousness.
1707 * Returns true if the user is not an anonymous visitor.
1708 *
1709 * @return bool
1710 */
1711 function isLoggedIn() {
1712 return( $this->getID() != 0 );
1713 }
1714
1715 /**
1716 * A more legible check for anonymousness.
1717 * Returns true if the user is an anonymous visitor.
1718 *
1719 * @return bool
1720 */
1721 function isAnon() {
1722 return !$this->isLoggedIn();
1723 }
1724
1725 /**
1726 * Whether the user is a bot
1727 * @deprecated
1728 */
1729 function isBot() {
1730 return $this->isAllowed( 'bot' );
1731 }
1732
1733 /**
1734 * Check if user is allowed to access a feature / make an action
1735 * @param string $action Action to be checked
1736 * @return boolean True: action is allowed, False: action should not be allowed
1737 */
1738 function isAllowed($action='') {
1739 if ( $action === '' )
1740 // In the spirit of DWIM
1741 return true;
1742
1743 return in_array( $action, $this->getRights() );
1744 }
1745
1746 /**
1747 * Load a skin if it doesn't exist or return it
1748 * @todo FIXME : need to check the old failback system [AV]
1749 */
1750 function &getSkin() {
1751 global $wgRequest;
1752 if ( ! isset( $this->mSkin ) ) {
1753 wfProfileIn( __METHOD__ );
1754
1755 # get the user skin
1756 $userSkin = $this->getOption( 'skin' );
1757 $userSkin = $wgRequest->getVal('useskin', $userSkin);
1758
1759 $this->mSkin =& Skin::newFromKey( $userSkin );
1760 wfProfileOut( __METHOD__ );
1761 }
1762 return $this->mSkin;
1763 }
1764
1765 /**#@+
1766 * @param string $title Article title to look at
1767 */
1768
1769 /**
1770 * Check watched status of an article
1771 * @return bool True if article is watched
1772 */
1773 function isWatched( $title ) {
1774 $wl = WatchedItem::fromUserTitle( $this, $title );
1775 return $wl->isWatched();
1776 }
1777
1778 /**
1779 * Watch an article
1780 */
1781 function addWatch( $title ) {
1782 $wl = WatchedItem::fromUserTitle( $this, $title );
1783 $wl->addWatch();
1784 $this->invalidateCache();
1785 }
1786
1787 /**
1788 * Stop watching an article
1789 */
1790 function removeWatch( $title ) {
1791 $wl = WatchedItem::fromUserTitle( $this, $title );
1792 $wl->removeWatch();
1793 $this->invalidateCache();
1794 }
1795
1796 /**
1797 * Clear the user's notification timestamp for the given title.
1798 * If e-notif e-mails are on, they will receive notification mails on
1799 * the next change of the page if it's watched etc.
1800 */
1801 function clearNotification( &$title ) {
1802 global $wgUser, $wgUseEnotif;
1803
1804 # Do nothing if the database is locked to writes
1805 if( wfReadOnly() ) {
1806 return;
1807 }
1808
1809 if ($title->getNamespace() == NS_USER_TALK &&
1810 $title->getText() == $this->getName() ) {
1811 if (!wfRunHooks('UserClearNewTalkNotification', array(&$this)))
1812 return;
1813 $this->setNewtalk( false );
1814 }
1815
1816 if( !$wgUseEnotif ) {
1817 return;
1818 }
1819
1820 if( $this->isAnon() ) {
1821 // Nothing else to do...
1822 return;
1823 }
1824
1825 // Only update the timestamp if the page is being watched.
1826 // The query to find out if it is watched is cached both in memcached and per-invocation,
1827 // and when it does have to be executed, it can be on a slave
1828 // If this is the user's newtalk page, we always update the timestamp
1829 if ($title->getNamespace() == NS_USER_TALK &&
1830 $title->getText() == $wgUser->getName())
1831 {
1832 $watched = true;
1833 } elseif ( $this->getID() == $wgUser->getID() ) {
1834 $watched = $title->userIsWatching();
1835 } else {
1836 $watched = true;
1837 }
1838
1839 // If the page is watched by the user (or may be watched), update the timestamp on any
1840 // any matching rows
1841 if ( $watched ) {
1842 $dbw = wfGetDB( DB_MASTER );
1843 $dbw->update( 'watchlist',
1844 array( /* SET */
1845 'wl_notificationtimestamp' => NULL
1846 ), array( /* WHERE */
1847 'wl_title' => $title->getDBkey(),
1848 'wl_namespace' => $title->getNamespace(),
1849 'wl_user' => $this->getID()
1850 ), 'User::clearLastVisited'
1851 );
1852 }
1853 }
1854
1855 /**#@-*/
1856
1857 /**
1858 * Resets all of the given user's page-change notification timestamps.
1859 * If e-notif e-mails are on, they will receive notification mails on
1860 * the next change of any watched page.
1861 *
1862 * @param int $currentUser user ID number
1863 * @public
1864 */
1865 function clearAllNotifications( $currentUser ) {
1866 global $wgUseEnotif;
1867 if ( !$wgUseEnotif ) {
1868 $this->setNewtalk( false );
1869 return;
1870 }
1871 if( $currentUser != 0 ) {
1872
1873 $dbw = wfGetDB( DB_MASTER );
1874 $dbw->update( 'watchlist',
1875 array( /* SET */
1876 'wl_notificationtimestamp' => NULL
1877 ), array( /* WHERE */
1878 'wl_user' => $currentUser
1879 ), 'UserMailer::clearAll'
1880 );
1881
1882 # we also need to clear here the "you have new message" notification for the own user_talk page
1883 # This is cleared one page view later in Article::viewUpdates();
1884 }
1885 }
1886
1887 /**
1888 * @private
1889 * @return string Encoding options
1890 */
1891 function encodeOptions() {
1892 $this->load();
1893 if ( is_null( $this->mOptions ) ) {
1894 $this->mOptions = User::getDefaultOptions();
1895 }
1896 $a = array();
1897 foreach ( $this->mOptions as $oname => $oval ) {
1898 array_push( $a, $oname.'='.$oval );
1899 }
1900 $s = implode( "\n", $a );
1901 return $s;
1902 }
1903
1904 /**
1905 * @private
1906 */
1907 function decodeOptions( $str ) {
1908 $this->mOptions = array();
1909 $a = explode( "\n", $str );
1910 foreach ( $a as $s ) {
1911 $m = array();
1912 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
1913 $this->mOptions[$m[1]] = $m[2];
1914 }
1915 }
1916 }
1917
1918 function setCookies() {
1919 global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookiePrefix;
1920 $this->load();
1921 if ( 0 == $this->mId ) return;
1922 $exp = time() + $wgCookieExpiration;
1923
1924 $_SESSION['wsUserID'] = $this->mId;
1925 setcookie( $wgCookiePrefix.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
1926
1927 $_SESSION['wsUserName'] = $this->getName();
1928 setcookie( $wgCookiePrefix.'UserName', $this->getName(), $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
1929
1930 $_SESSION['wsToken'] = $this->mToken;
1931 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
1932 setcookie( $wgCookiePrefix.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
1933 } else {
1934 setcookie( $wgCookiePrefix.'Token', '', time() - 3600 );
1935 }
1936 }
1937
1938 /**
1939 * Logout user
1940 * Clears the cookies and session, resets the instance cache
1941 */
1942 function logout() {
1943 global $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookiePrefix;
1944 $this->clearInstanceCache( 'defaults' );
1945
1946 $_SESSION['wsUserID'] = 0;
1947
1948 setcookie( $wgCookiePrefix.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
1949 setcookie( $wgCookiePrefix.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
1950
1951 # Remember when user logged out, to prevent seeing cached pages
1952 setcookie( $wgCookiePrefix.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
1953 }
1954
1955 /**
1956 * Save object settings into database
1957 * @todo Only rarely do all these fields need to be set!
1958 */
1959 function saveSettings() {
1960 $this->load();
1961 if ( wfReadOnly() ) { return; }
1962 if ( 0 == $this->mId ) { return; }
1963
1964 $this->mTouched = self::newTouchedTimestamp();
1965
1966 $dbw = wfGetDB( DB_MASTER );
1967 $dbw->update( 'user',
1968 array( /* SET */
1969 'user_name' => $this->mName,
1970 'user_password' => $this->mPassword,
1971 'user_newpassword' => $this->mNewpassword,
1972 'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
1973 'user_real_name' => $this->mRealName,
1974 'user_email' => $this->mEmail,
1975 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
1976 'user_options' => $this->encodeOptions(),
1977 'user_touched' => $dbw->timestamp($this->mTouched),
1978 'user_token' => $this->mToken
1979 ), array( /* WHERE */
1980 'user_id' => $this->mId
1981 ), __METHOD__
1982 );
1983 $this->clearSharedCache();
1984 }
1985
1986
1987 /**
1988 * Checks if a user with the given name exists, returns the ID
1989 */
1990 function idForName() {
1991 $s = trim( $this->getName() );
1992 if ( 0 == strcmp( '', $s ) ) return 0;
1993
1994 $dbr = wfGetDB( DB_SLAVE );
1995 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
1996 if ( $id === false ) {
1997 $id = 0;
1998 }
1999 return $id;
2000 }
2001
2002 /**
2003 * Add a user to the database, return the user object
2004 *
2005 * @param string $name The user's name
2006 * @param array $params Associative array of non-default parameters to save to the database:
2007 * password The user's password. Password logins will be disabled if this is omitted.
2008 * newpassword A temporary password mailed to the user
2009 * email The user's email address
2010 * email_authenticated The email authentication timestamp
2011 * real_name The user's real name
2012 * options An associative array of non-default options
2013 * token Random authentication token. Do not set.
2014 * registration Registration timestamp. Do not set.
2015 *
2016 * @return User object, or null if the username already exists
2017 */
2018 static function createNew( $name, $params = array() ) {
2019 $user = new User;
2020 $user->load();
2021 if ( isset( $params['options'] ) ) {
2022 $user->mOptions = $params['options'] + $user->mOptions;
2023 unset( $params['options'] );
2024 }
2025 $dbw = wfGetDB( DB_MASTER );
2026 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2027 $fields = array(
2028 'user_id' => $seqVal,
2029 'user_name' => $name,
2030 'user_password' => $user->mPassword,
2031 'user_newpassword' => $user->mNewpassword,
2032 'user_newpass_time' => $dbw->timestamp( $user->mNewpassTime ),
2033 'user_email' => $user->mEmail,
2034 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
2035 'user_real_name' => $user->mRealName,
2036 'user_options' => $user->encodeOptions(),
2037 'user_token' => $user->mToken,
2038 'user_registration' => $dbw->timestamp( $user->mRegistration ),
2039 'user_editcount' => 0,
2040 );
2041 foreach ( $params as $name => $value ) {
2042 $fields["user_$name"] = $value;
2043 }
2044 $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
2045 if ( $dbw->affectedRows() ) {
2046 $newUser = User::newFromId( $dbw->insertId() );
2047 } else {
2048 $newUser = null;
2049 }
2050 return $newUser;
2051 }
2052
2053 /**
2054 * Add an existing user object to the database
2055 */
2056 function addToDatabase() {
2057 $this->load();
2058 $dbw = wfGetDB( DB_MASTER );
2059 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
2060 $dbw->insert( 'user',
2061 array(
2062 'user_id' => $seqVal,
2063 'user_name' => $this->mName,
2064 'user_password' => $this->mPassword,
2065 'user_newpassword' => $this->mNewpassword,
2066 'user_newpass_time' => $dbw->timestamp( $this->mNewpassTime ),
2067 'user_email' => $this->mEmail,
2068 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
2069 'user_real_name' => $this->mRealName,
2070 'user_options' => $this->encodeOptions(),
2071 'user_token' => $this->mToken,
2072 'user_registration' => $dbw->timestamp( $this->mRegistration ),
2073 'user_editcount' => 0,
2074 ), __METHOD__
2075 );
2076 $this->mId = $dbw->insertId();
2077
2078 # Clear instance cache other than user table data, which is already accurate
2079 $this->clearInstanceCache();
2080 }
2081
2082 /**
2083 * If the (non-anonymous) user is blocked, this function will block any IP address
2084 * that they successfully log on from.
2085 */
2086 function spreadBlock() {
2087 wfDebug( __METHOD__."()\n" );
2088 $this->load();
2089 if ( $this->mId == 0 ) {
2090 return;
2091 }
2092
2093 $userblock = Block::newFromDB( '', $this->mId );
2094 if ( !$userblock ) {
2095 return;
2096 }
2097
2098 $userblock->doAutoblock( wfGetIp() );
2099
2100 }
2101
2102 /**
2103 * Generate a string which will be different for any combination of
2104 * user options which would produce different parser output.
2105 * This will be used as part of the hash key for the parser cache,
2106 * so users will the same options can share the same cached data
2107 * safely.
2108 *
2109 * Extensions which require it should install 'PageRenderingHash' hook,
2110 * which will give them a chance to modify this key based on their own
2111 * settings.
2112 *
2113 * @return string
2114 */
2115 function getPageRenderingHash() {
2116 global $wgContLang, $wgUseDynamicDates, $wgLang;
2117 if( $this->mHash ){
2118 return $this->mHash;
2119 }
2120
2121 // stubthreshold is only included below for completeness,
2122 // it will always be 0 when this function is called by parsercache.
2123
2124 $confstr = $this->getOption( 'math' );
2125 $confstr .= '!' . $this->getOption( 'stubthreshold' );
2126 if ( $wgUseDynamicDates ) {
2127 $confstr .= '!' . $this->getDatePreference();
2128 }
2129 $confstr .= '!' . ($this->getOption( 'numberheadings' ) ? '1' : '');
2130 $confstr .= '!' . $wgLang->getCode();
2131 $confstr .= '!' . $this->getOption( 'thumbsize' );
2132 // add in language specific options, if any
2133 $extra = $wgContLang->getExtraHashOptions();
2134 $confstr .= $extra;
2135
2136 // Give a chance for extensions to modify the hash, if they have
2137 // extra options or other effects on the parser cache.
2138 wfRunHooks( 'PageRenderingHash', array( &$confstr ) );
2139
2140 // Make it a valid memcached key fragment
2141 $confstr = str_replace( ' ', '_', $confstr );
2142 $this->mHash = $confstr;
2143 return $confstr;
2144 }
2145
2146 function isBlockedFromCreateAccount() {
2147 $this->getBlockedStatus();
2148 return $this->mBlock && $this->mBlock->mCreateAccount;
2149 }
2150
2151 /**
2152 * Determine if the user is blocked from using Special:Emailuser.
2153 *
2154 * @public
2155 * @return boolean
2156 */
2157 function isBlockedFromEmailuser() {
2158 $this->getBlockedStatus();
2159 return $this->mBlock && $this->mBlock->mBlockEmail;
2160 }
2161
2162 function isAllowedToCreateAccount() {
2163 return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
2164 }
2165
2166 /**
2167 * @deprecated
2168 */
2169 function setLoaded( $loaded ) {}
2170
2171 /**
2172 * Get this user's personal page title.
2173 *
2174 * @return Title
2175 * @public
2176 */
2177 function getUserPage() {
2178 return Title::makeTitle( NS_USER, $this->getName() );
2179 }
2180
2181 /**
2182 * Get this user's talk page title.
2183 *
2184 * @return Title
2185 * @public
2186 */
2187 function getTalkPage() {
2188 $title = $this->getUserPage();
2189 return $title->getTalkPage();
2190 }
2191
2192 /**
2193 * @static
2194 */
2195 function getMaxID() {
2196 static $res; // cache
2197
2198 if ( isset( $res ) )
2199 return $res;
2200 else {
2201 $dbr = wfGetDB( DB_SLAVE );
2202 return $res = $dbr->selectField( 'user', 'max(user_id)', false, 'User::getMaxID' );
2203 }
2204 }
2205
2206 /**
2207 * Determine whether the user is a newbie. Newbies are either
2208 * anonymous IPs, or the most recently created accounts.
2209 * @return bool True if it is a newbie.
2210 */
2211 function isNewbie() {
2212 return !$this->isAllowed( 'autoconfirmed' );
2213 }
2214
2215 /**
2216 * Check to see if the given clear-text password is one of the accepted passwords
2217 * @param string $password User password.
2218 * @return bool True if the given password is correct otherwise False.
2219 */
2220 function checkPassword( $password ) {
2221 global $wgAuth;
2222 $this->load();
2223
2224 // Even though we stop people from creating passwords that
2225 // are shorter than this, doesn't mean people wont be able
2226 // to. Certain authentication plugins do NOT want to save
2227 // domain passwords in a mysql database, so we should
2228 // check this (incase $wgAuth->strict() is false).
2229 if( !$this->isValidPassword( $password ) ) {
2230 return false;
2231 }
2232
2233 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
2234 return true;
2235 } elseif( $wgAuth->strict() ) {
2236 /* Auth plugin doesn't allow local authentication */
2237 return false;
2238 }
2239 $ep = $this->encryptPassword( $password );
2240 if ( 0 == strcmp( $ep, $this->mPassword ) ) {
2241 return true;
2242 } elseif ( function_exists( 'iconv' ) ) {
2243 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
2244 # Check for this with iconv
2245 $cp1252hash = $this->encryptPassword( iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password ) );
2246 if ( 0 == strcmp( $cp1252hash, $this->mPassword ) ) {
2247 return true;
2248 }
2249 }
2250 return false;
2251 }
2252
2253 /**
2254 * Check if the given clear-text password matches the temporary password
2255 * sent by e-mail for password reset operations.
2256 * @return bool
2257 */
2258 function checkTemporaryPassword( $plaintext ) {
2259 $hash = $this->encryptPassword( $plaintext );
2260 return $hash === $this->mNewpassword;
2261 }
2262
2263 /**
2264 * Initialize (if necessary) and return a session token value
2265 * which can be used in edit forms to show that the user's
2266 * login credentials aren't being hijacked with a foreign form
2267 * submission.
2268 *
2269 * @param mixed $salt - Optional function-specific data for hash.
2270 * Use a string or an array of strings.
2271 * @return string
2272 * @public
2273 */
2274 function editToken( $salt = '' ) {
2275 if ( $this->isAnon() ) {
2276 return EDIT_TOKEN_SUFFIX;
2277 } else {
2278 if( !isset( $_SESSION['wsEditToken'] ) ) {
2279 $token = $this->generateToken();
2280 $_SESSION['wsEditToken'] = $token;
2281 } else {
2282 $token = $_SESSION['wsEditToken'];
2283 }
2284 if( is_array( $salt ) ) {
2285 $salt = implode( '|', $salt );
2286 }
2287 return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
2288 }
2289 }
2290
2291 /**
2292 * Generate a hex-y looking random token for various uses.
2293 * Could be made more cryptographically sure if someone cares.
2294 * @return string
2295 */
2296 function generateToken( $salt = '' ) {
2297 $token = dechex( mt_rand() ) . dechex( mt_rand() );
2298 return md5( $token . $salt );
2299 }
2300
2301 /**
2302 * Check given value against the token value stored in the session.
2303 * A match should confirm that the form was submitted from the
2304 * user's own login session, not a form submission from a third-party
2305 * site.
2306 *
2307 * @param string $val - the input value to compare
2308 * @param string $salt - Optional function-specific data for hash
2309 * @return bool
2310 * @public
2311 */
2312 function matchEditToken( $val, $salt = '' ) {
2313 global $wgMemc;
2314 $sessionToken = $this->editToken( $salt );
2315 if ( $val != $sessionToken ) {
2316 wfDebug( "User::matchEditToken: broken session data\n" );
2317 }
2318 return $val == $sessionToken;
2319 }
2320
2321 /**
2322 * Generate a new e-mail confirmation token and send a confirmation
2323 * mail to the user's given address.
2324 *
2325 * @return mixed True on success, a WikiError object on failure.
2326 */
2327 function sendConfirmationMail() {
2328 global $wgContLang;
2329 $expiration = null; // gets passed-by-ref and defined in next line.
2330 $url = $this->confirmationTokenUrl( $expiration );
2331 return $this->sendMail( wfMsg( 'confirmemail_subject' ),
2332 wfMsg( 'confirmemail_body',
2333 wfGetIP(),
2334 $this->getName(),
2335 $url,
2336 $wgContLang->timeanddate( $expiration, false ) ) );
2337 }
2338
2339 /**
2340 * Send an e-mail to this user's account. Does not check for
2341 * confirmed status or validity.
2342 *
2343 * @param string $subject
2344 * @param string $body
2345 * @param strong $from Optional from address; default $wgPasswordSender will be used otherwise.
2346 * @return mixed True on success, a WikiError object on failure.
2347 */
2348 function sendMail( $subject, $body, $from = null ) {
2349 if( is_null( $from ) ) {
2350 global $wgPasswordSender;
2351 $from = $wgPasswordSender;
2352 }
2353
2354 require_once( 'UserMailer.php' );
2355 $to = new MailAddress( $this );
2356 $sender = new MailAddress( $from );
2357 $error = userMailer( $to, $sender, $subject, $body );
2358
2359 if( $error == '' ) {
2360 return true;
2361 } else {
2362 return new WikiError( $error );
2363 }
2364 }
2365
2366 /**
2367 * Generate, store, and return a new e-mail confirmation code.
2368 * A hash (unsalted since it's used as a key) is stored.
2369 * @param &$expiration mixed output: accepts the expiration time
2370 * @return string
2371 * @private
2372 */
2373 function confirmationToken( &$expiration ) {
2374 $now = time();
2375 $expires = $now + 7 * 24 * 60 * 60;
2376 $expiration = wfTimestamp( TS_MW, $expires );
2377
2378 $token = $this->generateToken( $this->mId . $this->mEmail . $expires );
2379 $hash = md5( $token );
2380
2381 $dbw = wfGetDB( DB_MASTER );
2382 $dbw->update( 'user',
2383 array( 'user_email_token' => $hash,
2384 'user_email_token_expires' => $dbw->timestamp( $expires ) ),
2385 array( 'user_id' => $this->mId ),
2386 __METHOD__ );
2387
2388 return $token;
2389 }
2390
2391 /**
2392 * Generate and store a new e-mail confirmation token, and return
2393 * the URL the user can use to confirm.
2394 * @param &$expiration mixed output: accepts the expiration time
2395 * @return string
2396 * @private
2397 */
2398 function confirmationTokenUrl( &$expiration ) {
2399 $token = $this->confirmationToken( $expiration );
2400 $title = SpecialPage::getTitleFor( 'Confirmemail', $token );
2401 return $title->getFullUrl();
2402 }
2403
2404 /**
2405 * Mark the e-mail address confirmed and save.
2406 */
2407 function confirmEmail() {
2408 $this->load();
2409 $this->mEmailAuthenticated = wfTimestampNow();
2410 $this->saveSettings();
2411 return true;
2412 }
2413
2414 /**
2415 * Is this user allowed to send e-mails within limits of current
2416 * site configuration?
2417 * @return bool
2418 */
2419 function canSendEmail() {
2420 return $this->isEmailConfirmed();
2421 }
2422
2423 /**
2424 * Is this user allowed to receive e-mails within limits of current
2425 * site configuration?
2426 * @return bool
2427 */
2428 function canReceiveEmail() {
2429 return $this->canSendEmail() && !$this->getOption( 'disablemail' );
2430 }
2431
2432 /**
2433 * Is this user's e-mail address valid-looking and confirmed within
2434 * limits of the current site configuration?
2435 *
2436 * If $wgEmailAuthentication is on, this may require the user to have
2437 * confirmed their address by returning a code or using a password
2438 * sent to the address from the wiki.
2439 *
2440 * @return bool
2441 */
2442 function isEmailConfirmed() {
2443 global $wgEmailAuthentication;
2444 $this->load();
2445 $confirmed = true;
2446 if( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
2447 if( $this->isAnon() )
2448 return false;
2449 if( !self::isValidEmailAddr( $this->mEmail ) )
2450 return false;
2451 if( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() )
2452 return false;
2453 return true;
2454 } else {
2455 return $confirmed;
2456 }
2457 }
2458
2459 /**
2460 * Return true if there is an outstanding request for e-mail confirmation.
2461 * @return bool
2462 */
2463 function isEmailConfirmationPending() {
2464 global $wgEmailAuthentication;
2465 return $wgEmailAuthentication &&
2466 !$this->isEmailConfirmed() &&
2467 $this->mEmailToken &&
2468 $this->mEmailTokenExpires > wfTimestamp();
2469 }
2470
2471 /**
2472 * @param array $groups list of groups
2473 * @return array list of permission key names for given groups combined
2474 * @static
2475 */
2476 static function getGroupPermissions( $groups ) {
2477 global $wgGroupPermissions;
2478 $rights = array();
2479 foreach( $groups as $group ) {
2480 if( isset( $wgGroupPermissions[$group] ) ) {
2481 $rights = array_merge( $rights,
2482 array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
2483 }
2484 }
2485 return $rights;
2486 }
2487
2488 /**
2489 * @param string $group key name
2490 * @return string localized descriptive name for group, if provided
2491 * @static
2492 */
2493 static function getGroupName( $group ) {
2494 MessageCache::loadAllMessages();
2495 $key = "group-$group";
2496 $name = wfMsg( $key );
2497 return $name == '' || wfEmptyMsg( $key, $name )
2498 ? $group
2499 : $name;
2500 }
2501
2502 /**
2503 * @param string $group key name
2504 * @return string localized descriptive name for member of a group, if provided
2505 * @static
2506 */
2507 static function getGroupMember( $group ) {
2508 MessageCache::loadAllMessages();
2509 $key = "group-$group-member";
2510 $name = wfMsg( $key );
2511 return $name == '' || wfEmptyMsg( $key, $name )
2512 ? $group
2513 : $name;
2514 }
2515
2516 /**
2517 * Return the set of defined explicit groups.
2518 * The *, 'user', 'autoconfirmed' and 'emailconfirmed'
2519 * groups are not included, as they are defined
2520 * automatically, not in the database.
2521 * @return array
2522 * @static
2523 */
2524 static function getAllGroups() {
2525 global $wgGroupPermissions;
2526 return array_diff(
2527 array_keys( $wgGroupPermissions ),
2528 array( '*', 'user', 'autoconfirmed', 'emailconfirmed' ) );
2529 }
2530
2531 /**
2532 * Get the title of a page describing a particular group
2533 *
2534 * @param $group Name of the group
2535 * @return mixed
2536 */
2537 static function getGroupPage( $group ) {
2538 MessageCache::loadAllMessages();
2539 $page = wfMsgForContent( 'grouppage-' . $group );
2540 if( !wfEmptyMsg( 'grouppage-' . $group, $page ) ) {
2541 $title = Title::newFromText( $page );
2542 if( is_object( $title ) )
2543 return $title;
2544 }
2545 return false;
2546 }
2547
2548 /**
2549 * Create a link to the group in HTML, if available
2550 *
2551 * @param $group Name of the group
2552 * @param $text The text of the link
2553 * @return mixed
2554 */
2555 static function makeGroupLinkHTML( $group, $text = '' ) {
2556 if( $text == '' ) {
2557 $text = self::getGroupName( $group );
2558 }
2559 $title = self::getGroupPage( $group );
2560 if( $title ) {
2561 global $wgUser;
2562 $sk = $wgUser->getSkin();
2563 return $sk->makeLinkObj( $title, htmlspecialchars( $text ) );
2564 } else {
2565 return $text;
2566 }
2567 }
2568
2569 /**
2570 * Create a link to the group in Wikitext, if available
2571 *
2572 * @param $group Name of the group
2573 * @param $text The text of the link (by default, the name of the group)
2574 * @return mixed
2575 */
2576 static function makeGroupLinkWiki( $group, $text = '' ) {
2577 if( $text == '' ) {
2578 $text = self::getGroupName( $group );
2579 }
2580 $title = self::getGroupPage( $group );
2581 if( $title ) {
2582 $page = $title->getPrefixedText();
2583 return "[[$page|$text]]";
2584 } else {
2585 return $text;
2586 }
2587 }
2588
2589 /**
2590 * Increment the user's edit-count field.
2591 * Will have no effect for anonymous users.
2592 */
2593 function incEditCount() {
2594 if( !$this->isAnon() ) {
2595 $dbw = wfGetDB( DB_MASTER );
2596 $dbw->update( 'user',
2597 array( 'user_editcount=user_editcount+1' ),
2598 array( 'user_id' => $this->getId() ),
2599 __METHOD__ );
2600
2601 // Lazy initialization check...
2602 if( $dbw->affectedRows() == 0 ) {
2603 // Pull from a slave to be less cruel to servers
2604 // Accuracy isn't the point anyway here
2605 $dbr = wfGetDB( DB_SLAVE );
2606 $count = $dbr->selectField( 'revision',
2607 'COUNT(rev_user)',
2608 array( 'rev_user' => $this->getId() ),
2609 __METHOD__ );
2610
2611 // Now here's a goddamn hack...
2612 if( $dbr !== $dbw ) {
2613 // If we actually have a slave server, the count is
2614 // at least one behind because the current transaction
2615 // has not been committed and replicated.
2616 $count++;
2617 } else {
2618 // But if DB_SLAVE is selecting the master, then the
2619 // count we just read includes the revision that was
2620 // just added in the working transaction.
2621 }
2622
2623 $dbw->update( 'user',
2624 array( 'user_editcount' => $count ),
2625 array( 'user_id' => $this->getId() ),
2626 __METHOD__ );
2627 }
2628 }
2629 // edit count in user cache too
2630 $this->invalidateCache();
2631 }
2632 }
2633
2634 ?>
Wiklou, le Wiki du Wiklou