dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Password encryption should finally work now. Updates to
[lhc/web/wiklou.git] / includes / User.php
1 <?
2 # See user.doc
3
4 class User {
5 /* private */ var $mId, $mName, $mPassword, $mEmail, $mNewtalk;
6 /* private */ var $mRights, $mOptions;
7 /* private */ var $mDataLoaded, $mNewpassword;
8 /* private */ var $mSkin;
9 /* private */ var $mBlockedby, $mBlockreason;
10 /* private */ var $mTouched;
11 /* private */ var $mCookiePassword;
12
13 function User()
14 {
15 $this->loadDefaults();
16 }
17
18 # Static factory method
19 #
20 function newFromName( $name )
21 {
22 $u = new User();
23
24 # Clean up name according to title rules
25
26 $t = Title::newFromText( $name );
27 $u->setName( $t->getText() );
28 return $u;
29 }
30
31 /* static */ function whoIs( $id )
32 {
33 return wfGetSQL( "user", "user_name", "user_id=$id" );
34 }
35
36 /* static */ function idFromName( $name )
37 {
38 $nt = Title::newFromText( $name );
39 $sql = "SELECT user_id FROM user WHERE user_name='" .
40 wfStrencode( $nt->getText() ) . "'";
41 $res = wfQuery( $sql, "User::idFromName" );
42
43 if ( 0 == wfNumRows( $res ) ) { return 0; }
44 else {
45 $s = wfFetchObject( $res );
46 return $s->user_id;
47 }
48 }
49
50 # does the string match an anonymous user IP address?
51 /* static */ function isIP( $name ) {
52 return preg_match("/^\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3}$/",$name);
53
54 }
55
56 /* static */ function randomPassword()
57 {
58 $pwchars = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz";
59 $l = strlen( $pwchars ) - 1;
60
61 wfSeedRandom();
62 $np = $pwchars{mt_rand( 0, $l )} . $pwchars{mt_rand( 0, $l )} .
63 $pwchars{mt_rand( 0, $l )} . chr( mt_rand(48, 57) ) .
64 $pwchars{mt_rand( 0, $l )} . $pwchars{mt_rand( 0, $l )} .
65 $pwchars{mt_rand( 0, $l )};
66 return $np;
67 }
68
69 function loadDefaults()
70 {
71 global $wgLang ;
72
73 $this->mId = $this->mNewtalk = 0;
74 $this->mName = getenv( "REMOTE_ADDR" );
75 $this->mEmail = "";
76 $this->mPassword = $this->mNewpassword = "";
77 $this->mRights = array();
78 $defOpt = $wgLang->getDefaultUserOptions() ;
79 foreach ( $defOpt as $oname => $val ) {
80 $this->mOptions[$oname] = $val;
81 }
82 unset( $this->mSkin );
83 $this->mDataLoaded = false;
84 $this->mBlockedby = -1; # Unset
85 $this->mTouched = '0'; # Allow any pages to be cached
86 $this->cookiePassword = "";
87 }
88
89 /* private */ function getBlockedStatus()
90 {
91 if ( -1 != $this->mBlockedby ) { return; }
92
93 $remaddr = getenv( "REMOTE_ADDR" );
94 if ( 0 == $this->mId ) {
95 $sql = "SELECT ipb_by,ipb_reason FROM ipblocks WHERE " .
96 "ipb_address='$remaddr'";
97 } else {
98 $sql = "SELECT ipb_by,ipb_reason FROM ipblocks WHERE " .
99 "(ipb_address='$remaddr' OR ipb_user={$this->mId})";
100 }
101 $res = wfQuery( $sql, "User::getBlockedStatus" );
102 if ( 0 == wfNumRows( $res ) ) {
103 $this->mBlockedby = 0;
104 return;
105 }
106 $s = wfFetchObject( $res );
107 $this->mBlockedby = $s->ipb_by;
108 $this->mBlockreason = $s->ipb_reason;
109 }
110
111 function isBlocked()
112 {
113 $this->getBlockedStatus();
114 if ( 0 == $this->mBlockedby ) { return false; }
115 return true;
116 }
117
118 function blockedBy() {
119 $this->getBlockedStatus();
120 return $this->mBlockedby;
121 }
122
123 function blockedFor() {
124 $this->getBlockedStatus();
125 return $this->mBlockreason;
126 }
127
128 function loadFromSession()
129 {
130 global $HTTP_COOKIE_VARS, $wsUserID, $wsUserName, $wsUserPassword;
131
132 if ( isset( $wsUserID ) ) {
133 if ( 0 != $wsUserID ) {
134 $sId = $wsUserID;
135 } else {
136 $this->mId = 0;
137 return;
138 }
139 } else if ( isset( $HTTP_COOKIE_VARS["wcUserID"] ) ) {
140 $sId = $HTTP_COOKIE_VARS["wcUserID"];
141 $wsUserID = $sId;
142 } else {
143 $this->mId = 0;
144 return;
145 }
146 if ( isset( $wsUserName ) ) {
147 $sName = $wsUserName;
148 } else if ( isset( $HTTP_COOKIE_VARS["wcUserName"] ) ) {
149 $sName = $HTTP_COOKIE_VARS["wcUserName"];
150 $wsUserName = $sName;
151 } else {
152 $this->mId = 0;
153 return;
154 }
155
156 $passwordCorrect = FALSE;
157 $this->mId = $sId;
158 $this->loadFromDatabase();
159
160 if ( isset( $wsUserPassword ) ) {
161 $passwordCorrect = $wsUserPassword == $this->mPassword;
162 } else if ( isset( $HTTP_COOKIE_VARS["wcUserPassword"] ) ) {
163 $this->mCookiePassword = $HTTP_COOKIE_VARS["wcUserPassword"];
164 $wsUserPassword = $this->addSalt( $this->mCookiePassword );
165 $passwordCorrect = $wsUserPassword == $this->mPassword;
166 } else {
167 $this->mId = 0;
168 return;
169 }
170
171 if ( ( $sName == $this->mName ) && $passwordCorrect ) {
172 return;
173 }
174 $this->loadDefaults(); # Can't log in from session
175 }
176
177 function loadFromDatabase()
178 {
179 if ( $this->mDataLoaded ) { return; }
180 # check in separate table if there are changes to the talk page
181 $this->mNewtalk=0; # reset talk page status
182 if($this->mId) {
183 $sql = "SELECT 1 FROM user_newtalk WHERE user_id={$this->mId}";
184 $res = wfQuery ($sql, "User::loadFromDatabase" );
185
186 if (wfNumRows($res)>0) {
187 $this->mNewtalk= 1;
188 }
189 wfFreeResult( $res );
190 } else {
191 $sql = "SELECT 1 FROM user_newtalk WHERE user_ip='{$this->mName}'";
192 $res = wfQuery ($sql, "User::loadFromDatabase" );
193
194 if (wfNumRows($res)>0) {
195 $this->mNewtalk= 1;
196 }
197 wfFreeResult( $res );
198 }
199 if(!$this->mId) {
200 $this->mDataLoaded = true;
201 return;
202 } # the following stuff is for non-anonymous users only
203
204 $sql = "SELECT user_name,user_password,user_newpassword,user_email," .
205 "user_options,user_rights,user_touched FROM user WHERE user_id=" .
206 "{$this->mId}";
207 $res = wfQuery( $sql, "User::loadFromDatabase" );
208
209 if ( wfNumRows( $res ) > 0 ) {
210 $s = wfFetchObject( $res );
211 $this->mName = $s->user_name;
212 $this->mEmail = $s->user_email;
213 $this->mPassword = $s->user_password;
214 $this->mNewpassword = $s->user_newpassword;
215 $this->decodeOptions( $s->user_options );
216 $this->mRights = explode( ",", strtolower( $s->user_rights ) );
217 $this->mTouched = $s->user_touched;
218 }
219
220 wfFreeResult( $res );
221 $this->mDataLoaded = true;
222 }
223
224 function getID() { return $this->mId; }
225 function setID( $v ) {
226 $this->mId = $v;
227 $this->mDataLoaded = false;
228 }
229
230 function getName() {
231 $this->loadFromDatabase();
232 return $this->mName;
233 }
234
235 function setName( $str )
236 {
237 $this->loadFromDatabase();
238 $this->mName = $str;
239 }
240
241 function getNewtalk()
242 {
243 $this->loadFromDatabase();
244 return ( 0 != $this->mNewtalk );
245 }
246
247 function setNewtalk( $val )
248 {
249 $this->loadFromDatabase();
250 $this->mNewtalk = $val;
251 $this->invalidateCache();
252 }
253
254 function invalidateCache() {
255 $this->loadFromDatabase();
256 $this->mTouched = wfTimestampNow();
257 # Don't forget to save the options after this or
258 # it won't take effect!
259 }
260
261 function validateCache( $timestamp ) {
262 $this->loadFromDatabase();
263 return ($timestamp >= $this->mTouched);
264 }
265
266 function getPassword()
267 {
268 $this->loadFromDatabase();
269 return $this->mPassword;
270 }
271
272 function getNewpassword()
273 {
274 $this->loadFromDatabase();
275 return $this->mNewpassword;
276 }
277
278 function addSalt( $p )
279 {
280 return md5( "wikipedia{$this->mId}-{$p}" );
281 }
282
283 function encryptPassword( $p )
284 {
285 return $this->addSalt( md5( $p ) );
286 }
287
288 function setPassword( $str )
289 {
290 $this->loadFromDatabase();
291 $this->setCookiePassword( $str );
292 $this->mPassword = $this->encryptPassword( $str );
293 $this->mNewpassword = "";
294 }
295
296 function setCookiePassword( $str )
297 {
298 $this->loadFromDatabase();
299 $this->mCookiePassword = md5( $str );
300 }
301
302 function setNewpassword( $str )
303 {
304 $this->loadFromDatabase();
305 $this->mNewpassword = $this->encryptPassword( $str );
306 }
307
308 function getEmail()
309 {
310 $this->loadFromDatabase();
311 return $this->mEmail;
312 }
313
314 function setEmail( $str )
315 {
316 $this->loadFromDatabase();
317 $this->mEmail = $str;
318 }
319
320 function getOption( $oname )
321 {
322 $this->loadFromDatabase();
323 if ( array_key_exists( $oname, $this->mOptions ) ) {
324 return $this->mOptions[$oname];
325 } else {
326 return "";
327 }
328 }
329
330 function setOption( $oname, $val )
331 {
332 $this->loadFromDatabase();
333 $this->mOptions[$oname] = $val;
334 $this->invalidateCache();
335 }
336
337 function getRights()
338 {
339 $this->loadFromDatabase();
340 return $this->mRights;
341 }
342
343 function addRight( $rname )
344 {
345 $this->loadFromDatabase();
346 array_push( $this->mRights, $rname );
347 $this->invalidateCache();
348 }
349
350 function isSysop()
351 {
352 $this->loadFromDatabase();
353 if ( 0 == $this->mId ) { return false; }
354
355 return in_array( "sysop", $this->mRights );
356 }
357
358 function isDeveloper()
359 {
360 $this->loadFromDatabase();
361 if ( 0 == $this->mId ) { return false; }
362
363 return in_array( "developer", $this->mRights );
364 }
365
366 function isBot()
367 {
368 $this->loadFromDatabase();
369 if ( 0 == $this->mId ) { return false; }
370
371 return in_array( "bot", $this->mRights );
372 }
373
374 function &getSkin()
375 {
376 if ( ! isset( $this->mSkin ) ) {
377 $skinNames = Skin::getSkinNames();
378 $s = $this->getOption( "skin" );
379 if ( "" == $s ) { $s = 0; }
380
381 if ( $s >= count( $skinNames ) ) { $sn = "SkinStandard"; }
382 else $sn = "Skin" . $skinNames[$s];
383 $this->mSkin = new $sn;
384 }
385 return $this->mSkin;
386 }
387
388 function isWatched( $title )
389 {
390 # Note - $title should be a Title _object_
391 # Pages and their talk pages are considered equivalent for watching;
392 # remember that talk namespaces are numbered as page namespace+1.
393 if( $this->mId ) {
394 $sql = "SELECT 1 FROM watchlist
395 WHERE wl_user={$this->mId} AND
396 wl_namespace = " . ($title->getNamespace() & ~1) . " AND
397 wl_title='" . wfStrencode( $title->getDBkey() ) . "'";
398 $res = wfQuery( $sql );
399 return (wfNumRows( $res ) > 0);
400 } else {
401 return false;
402 }
403 }
404
405 function addWatch( $title )
406 {
407 if( $this->mId ) {
408 # REPLACE instead of INSERT because occasionally someone
409 # accidentally reloads a watch-add operation.
410 $sql = "REPLACE INTO watchlist (wl_user, wl_namespace,wl_title)
411 VALUES ({$this->mId}," . (($title->getNamespace() | 1) - 1) .
412 ",'" . wfStrencode( $title->getDBkey() ) . "')";
413 wfQuery( $sql );
414 $this->invalidateCache();
415 }
416 }
417
418 function removeWatch( $title )
419 {
420 if( $this->mId ) {
421 $sql = "DELETE FROM watchlist WHERE wl_user={$this->mId} AND
422 wl_namespace=" . (($title->getNamespace() | 1) - 1) .
423 " AND wl_title='" . wfStrencode( $title->getDBkey() ) . "'";
424 wfQuery( $sql );
425 $this->invalidateCache();
426 }
427 }
428
429
430 /* private */ function encodeOptions()
431 {
432 $a = array();
433 foreach ( $this->mOptions as $oname => $oval ) {
434 array_push( $a, "{$oname}={$oval}" );
435 }
436 $s = implode( "\n", $a );
437 return wfStrencode( $s );
438 }
439
440 /* private */ function decodeOptions( $str )
441 {
442 $a = explode( "\n", $str );
443 foreach ( $a as $s ) {
444 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
445 $this->mOptions[$m[1]] = $m[2];
446 }
447 }
448 }
449
450 function setCookies()
451 {
452 global $wsUserID, $wsUserName, $wsUserPassword;
453 global $wgCookieExpiration;
454 if ( 0 == $this->mId ) return;
455 $this->loadFromDatabase();
456 $exp = time() + $wgCookieExpiration;
457
458 $wsUserID = $this->mId;
459 setcookie( "wcUserID", $this->mId, $exp, "/" );
460
461 $wsUserName = $this->mName;
462 setcookie( "wcUserName", $this->mName, $exp, "/" );
463
464 $wsUserPassword = $this->mPassword;
465 if ( 1 == $this->getOption( "rememberpassword" ) ) {
466 setcookie( "wcUserPassword", $this->mCookiePassword, $exp, "/" );
467 } else {
468 setcookie( "wcUserPassword", "", time() - 3600 );
469 }
470 }
471
472 function logout()
473 {
474 global $wsUserID;
475 $this->mId = 0;
476
477 $wsUserID = 0;
478
479 setcookie( "wcUserID", "", time() - 3600 );
480 setcookie( "wcUserPassword", "", time() - 3600 );
481 }
482
483 function saveSettings()
484 {
485 global $wgUser;
486
487 if ( ! $this->mNewtalk ) {
488 if( $this->mId ) {
489 $sql="DELETE FROM user_newtalk WHERE user_id={$this->mId}";
490 wfQuery ($sql,"User::saveSettings");
491 } else {
492 $sql="DELETE FROM user_newtalk WHERE user_ip='{$this->mName}'";
493 wfQuery ($sql,"User::saveSettings");
494 }
495 }
496 if ( 0 == $this->mId ) { return; }
497
498 $sql = "UPDATE user SET " .
499 "user_name= '" . wfStrencode( $this->mName ) . "', " .
500 "user_password= '" . wfStrencode( $this->mPassword ) . "', " .
501 "user_newpassword= '" . wfStrencode( $this->mNewpassword ) . "', " .
502 "user_email= '" . wfStrencode( $this->mEmail ) . "', " .
503 "user_options= '" . $this->encodeOptions() . "', " .
504 "user_rights= '" . wfStrencode( implode( ",", $this->mRights ) ) . "', "
505 .
506 "user_touched= '" . wfStrencode( $this->mTouched ) .
507 "' WHERE user_id={$this->mId}";
508 wfQuery( $sql, "User::saveSettings" );
509 }
510
511 # Checks if a user with the given name exists
512 #
513 function idForName()
514 {
515 $gotid = 0;
516 $s = trim( $this->mName );
517 if ( 0 == strcmp( "", $s ) ) return 0;
518
519 $sql = "SELECT user_id FROM user WHERE user_name='" .
520 wfStrencode( $s ) . "'";
521 $res = wfQuery( $sql, "User::idForName" );
522 if ( 0 == wfNumRows( $res ) ) { return 0; }
523
524 $s = wfFetchObject( $res );
525 if ( "" == $s ) return 0;
526
527 $gotid = $s->user_id;
528 wfFreeResult( $res );
529 return $gotid;
530 }
531
532 function addToDatabase()
533 {
534 $sql = "INSERT INTO user (user_name,user_password,user_newpassword," .
535 "user_email, user_rights, user_options) " .
536 " VALUES ('" . wfStrencode( $this->mName ) . "', '" .
537 wfStrencode( $this->mPassword ) . "', '" .
538 wfStrencode( $this->mNewpassword ) . "', '" .
539 wfStrencode( $this->mEmail ) . "', '" .
540 wfStrencode( implode( ",", $this->mRights ) ) . "', '" .
541 $this->encodeOptions() . "')";
542 wfQuery( $sql, "User::addToDatabase" );
543 $this->mId = $this->idForName();
544 }
545 }
546
547 ?>
Wiklou, le Wiki du Wiklou