<?php
/**
* See user.txt
- *
+ * @file
*/
# Number of characters in user_token field
define( 'USER_TOKEN_LENGTH', 32 );
# Serialized record version
-define( 'MW_USER_VERSION', 5 );
+define( 'MW_USER_VERSION', 6 );
# Some punctuation to prevent editing from broken text-mangling proxies.
define( 'EDIT_TOKEN_SUFFIX', '+\\' );
/**
* Thrown by User::setPassword() on error
- * @addtogroup Exception
+ * @ingroup Exception
*/
class PasswordError extends MWException {
// NOP
'mGroups',
);
+ /**
+ * Core rights
+ * Each of these should have a corresponding message of the form "right-$right"
+ */
+ static $mCoreRights = array(
+ 'apihighlimits',
+ 'autoconfirmed',
+ 'autopatrol',
+ 'bigdelete',
+ 'block',
+ 'blockemail',
+ 'bot',
+ 'browsearchive',
+ 'createaccount',
+ 'createpage',
+ 'createtalk',
+ 'delete',
+ 'deletedhistory',
+ 'edit',
+ 'editinterface',
+ 'editusercssjs',
+ 'import',
+ 'importupload',
+ 'ipblock-exempt',
+ 'markbotedits',
+ 'minoredit',
+ 'move',
+ 'nominornewtalk',
+ 'noratelimit',
+ 'patrol',
+ 'protect',
+ 'proxyunbannable',
+ 'purge',
+ 'read',
+ 'reupload',
+ 'reupload-shared',
+ 'rollback',
+ 'suppressredirect',
+ 'trackback',
+ 'undelete',
+ 'unwatchedpages',
+ 'upload',
+ 'upload_by_url',
+ 'userrights',
+ );
+ static $mAllRights = false;
+
/**
* The cache variable declarations
*/
# Can't load from ID, user is anonymous
return false;
}
-
$this->saveToCache();
} else {
wfDebug( "Got user {$this->mId} from cache\n" );
*/
function saveToCache() {
$this->load();
+ $this->loadGroups();
if ( $this->isAnon() ) {
// Anonymous users are uncached
return;
return $user;
}
+ /**
+ * Create a new user object from a user row.
+ * The row should have all fields from the user table in it.
+ */
+ static function newFromRow( $row ) {
+ $user = new User;
+ $user->loadFromRow( $row );
+ return $user;
+ }
+
/**
* Get username given an id.
* @param integer $id Database user id
* @return bool
*/
static function isIP( $name ) {
- return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || User::isIPv6($name);
- /*return preg_match("/^
- (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
- (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
- (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
- (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))
- $/x", $name);*/
- }
-
- /**
- * Check if $name is an IPv6 IP.
- */
- static function isIPv6($name) {
- /*
- * if it has any non-valid characters, it can't be a valid IPv6
- * address.
- */
- if (preg_match("/[^:a-fA-F0-9]/", $name))
- return false;
-
- $parts = explode(":", $name);
- if (count($parts) < 3)
- return false;
- foreach ($parts as $part) {
- if (!preg_match("/^[0-9a-fA-F]{0,4}$/", $part))
- return false;
- }
- return true;
+ return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
}
/**
$this->mRegistration = wfTimestamp( TS_MW );
$this->mGroups = array();
+ wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
+
wfProfileOut( __METHOD__ );
}
private function loadFromSession() {
global $wgMemc, $wgCookiePrefix;
+ $result = null;
+ wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
+ if ( $result !== null ) {
+ return $result;
+ }
+
if ( isset( $_SESSION['wsUserID'] ) ) {
if ( 0 != $_SESSION['wsUserID'] ) {
$sId = $_SESSION['wsUserID'];
if ( $s !== false ) {
# Initialise user table data
- $this->mName = $s->user_name;
- $this->mRealName = $s->user_real_name;
- $this->mPassword = $s->user_password;
- $this->mNewpassword = $s->user_newpassword;
- $this->mNewpassTime = wfTimestampOrNull( TS_MW, $s->user_newpass_time );
- $this->mEmail = $s->user_email;
- $this->decodeOptions( $s->user_options );
- $this->mTouched = wfTimestamp(TS_MW,$s->user_touched);
- $this->mToken = $s->user_token;
- $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $s->user_email_authenticated );
- $this->mEmailToken = $s->user_email_token;
- $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $s->user_email_token_expires );
- $this->mRegistration = wfTimestampOrNull( TS_MW, $s->user_registration );
- $this->mEditCount = $s->user_editcount;
+ $this->loadFromRow( $s );
+ $this->mGroups = null; // deferred
$this->getEditCount(); // revalidation for nulls
+ return true;
+ } else {
+ # Invalid user_id
+ $this->mId = 0;
+ $this->loadDefaults();
+ return false;
+ }
+ }
+
+ /**
+ * Initialise the user object from a row from the user table
+ */
+ function loadFromRow( $row ) {
+ $this->mDataLoaded = true;
- # Load group data
+ if ( isset( $row->user_id ) ) {
+ $this->mId = $row->user_id;
+ }
+ $this->mName = $row->user_name;
+ $this->mRealName = $row->user_real_name;
+ $this->mPassword = $row->user_password;
+ $this->mNewpassword = $row->user_newpassword;
+ $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
+ $this->mEmail = $row->user_email;
+ $this->decodeOptions( $row->user_options );
+ $this->mTouched = wfTimestamp(TS_MW,$row->user_touched);
+ $this->mToken = $row->user_token;
+ $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
+ $this->mEmailToken = $row->user_email_token;
+ $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
+ $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
+ $this->mEditCount = $row->user_editcount;
+ }
+
+ /**
+ * Load the groups from the database if they aren't already loaded
+ * @private
+ */
+ function loadGroups() {
+ if ( is_null( $this->mGroups ) ) {
+ $dbr = wfGetDB( DB_MASTER );
$res = $dbr->select( 'user_groups',
array( 'ug_group' ),
array( 'ug_user' => $this->mId ),
while( $row = $dbr->fetchObject( $res ) ) {
$this->mGroups[] = $row->ug_group;
}
- return true;
- } else {
- # Invalid user_id
- $this->mId = 0;
- $this->loadDefaults();
- return false;
}
}
*
* @param string $opt
* @return string
- * @static
- * @public
*/
- function getDefaultOption( $opt ) {
- $defOpts = User::getDefaultOptions();
+ public static function getDefaultOption( $opt ) {
+ $defOpts = self::getDefaultOptions();
if( isset( $defOpts[$opt] ) ) {
return $defOpts[$opt];
} else {
wfProfileIn( __METHOD__ );
wfDebug( __METHOD__.": checking...\n" );
+ // Initialize data...
+ // Otherwise something ends up stomping on $this->mBlockedby when
+ // things get lazy-loaded later, causing false positive block hits
+ // due to -1 !== 0. Probably session-related... Nothing should be
+ // overwriting mBlockedby, surely?
+ $this->load();
+
$this->mBlockedby = 0;
$this->mHideName = 0;
$ip = wfGetIP();
# Proxy blocking
if ( !$this->isAllowed('proxyunbannable') && !in_array( $ip, $wgProxyWhitelist ) ) {
-
# Local list
if ( wfIsLocallyBlockedProxy( $ip ) ) {
$this->mBlockedby = wfMsg( 'proxyblocker' );
*/
public function isPingLimitable() {
global $wgRateLimitsExcludedGroups;
- return array_intersect($this->getEffectiveGroups(), $wgRateLimitsExcludedGroups) == array();
+ if( array_intersect( $this->getEffectiveGroups(), $wgRateLimitsExcludedGroups ) ) {
+ // Deprecated, but kept for backwards-compatibility config
+ return false;
+ }
+ return !$this->isAllowed('noratelimit');
}
/**
$keys = array();
$id = $this->getId();
$ip = wfGetIP();
+ $userLimit = false;
if( isset( $limits['anon'] ) && $id == 0 ) {
$keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
}
if( isset( $limits['user'] ) && $id != 0 ) {
- $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['user'];
+ $userLimit = $limits['user'];
}
if( $this->isNewbie() ) {
if( isset( $limits['newbie'] ) && $id != 0 ) {
$keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
}
}
+ // Check for group-specific permissions
+ // If more than one group applies, use the group with the highest limit
+ foreach ( $this->getGroups() as $group ) {
+ if ( isset( $limits[$group] ) ) {
+ if ( $userLimit === false || $limits[$group] > $userLimit ) {
+ $userLimit = $limits[$group];
+ }
+ }
+ }
+ // Set the user limit key
+ if ( $userLimit !== false ) {
+ wfDebug( __METHOD__.": effective user limit: $userLimit\n" );
+ $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
+ }
$triggered = false;
foreach( $keys as $key => $limit ) {
/**
* Get the user ID. Returns 0 if the user is anonymous or nonexistent.
*/
- function getID() {
+ function getId() {
if( $this->mId === null and $this->mName !== null
and User::isIP( $this->mName ) ) {
// Special case, we know the user is anonymous
/**
* Set the user and reload all fields according to that ID
- * @deprecated use User::newFromId()
*/
- function setID( $v ) {
- wfDeprecated( __METHOD__ );
+ function setId( $v ) {
$this->mId = $v;
$this->clearInstanceCache( 'id' );
}
return ($timestamp >= $this->mTouched);
}
- /**
- * Encrypt a password.
- * It can eventually salt a password.
- * @see User::addSalt()
- * @param string $p clear Password.
- * @return string Encrypted password.
- */
- function encryptPassword( $p ) {
- $this->load();
- return wfEncryptPassword( $this->mId, $p );
- }
-
/**
* Set the password and reset the random token
* Calls through to authentication plugin if necessary;
if( !$this->isValidPassword( $str ) ) {
global $wgMinimalPasswordLength;
- throw new PasswordError( wfMsg( 'passwordtooshort',
+ throw new PasswordError( wfMsgExt( 'passwordtooshort', array( 'parsemag' ),
$wgMinimalPasswordLength ) );
}
}
// Save an invalid hash...
$this->mPassword = '';
} else {
- $this->mPassword = $this->encryptPassword( $str );
+ $this->mPassword = self::crypt( $str );
}
$this->mNewpassword = '';
$this->mNewpassTime = null;
}
+
+ function getToken() {
+ $this->load();
+ return $this->mToken;
+ }
+
/**
* Set the random token (used for persistent authentication)
* Called from loadDefaults() among other places.
*/
function setNewpassword( $str, $throttle = true ) {
$this->load();
- $this->mNewpassword = $this->encryptPassword( $str );
+ $this->mNewpassword = self::crypt( $str );
if ( $throttle ) {
$this->mNewpassTime = wfTimestampNow();
}
function getEmail() {
$this->load();
+ wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
return $this->mEmail;
}
function getEmailAuthenticationTimestamp() {
$this->load();
+ wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
return $this->mEmailAuthenticated;
}
function setEmail( $str ) {
$this->load();
$this->mEmail = $str;
+ wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
}
function getRealName() {
}
// Filter out any newlines that may have passed through input validation.
// Newlines are used to separate items in the options blob.
- $val = str_replace( "\r\n", "\n", $val );
- $val = str_replace( "\r", "\n", $val );
- $val = str_replace( "\n", " ", $val );
+ if( $val ) {
+ $val = str_replace( "\r\n", "\n", $val );
+ $val = str_replace( "\r", "\n", $val );
+ $val = str_replace( "\n", " ", $val );
+ }
+ // Explicitly NULL values should refer to defaults
+ global $wgDefaultUserOptions;
+ if( is_null($val) && isset($wgDefaultUserOptions[$oname]) ) {
+ $val = $wgDefaultUserOptions[$oname];
+ }
$this->mOptions[$oname] = $val;
}
if ( is_null( $this->mRights ) ) {
$this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
+ // Force reindexation of rights when a hook has unset one of them
+ $this->mRights = array_values( $this->mRights );
}
return $this->mRights;
}
*/
function getEffectiveGroups( $recache = false ) {
if ( $recache || is_null( $this->mEffectiveGroups ) ) {
- $this->load();
- $this->mEffectiveGroups = $this->mGroups;
+ $this->mEffectiveGroups = $this->getGroups();
$this->mEffectiveGroups[] = '*';
- if( $this->mId ) {
+ if( $this->getId() ) {
$this->mEffectiveGroups[] = 'user';
$this->mEffectiveGroups = array_unique( array_merge(
* @param string $group
*/
function addGroup( $group ) {
- $this->load();
$dbw = wfGetDB( DB_MASTER );
if( $this->getId() ) {
$dbw->insert( 'user_groups',
array( 'IGNORE' ) );
}
+ $this->loadGroups();
$this->mGroups[] = $group;
$this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
),
'User::removeGroup' );
+ $this->loadGroups();
$this->mGroups = array_diff( $this->mGroups, array( $group ) );
$this->mRights = User::getGroupPermissions( $this->getEffectiveGroups( true ) );
* the next change of the page if it's watched etc.
*/
function clearNotification( &$title ) {
- global $wgUser, $wgUseEnotif;
+ global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
# Do nothing if the database is locked to writes
if( wfReadOnly() ) {
$this->setNewtalk( false );
}
- if( !$wgUseEnotif ) {
+ if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
return;
}
$title->getText() == $wgUser->getName())
{
$watched = true;
- } elseif ( $this->getID() == $wgUser->getID() ) {
+ } elseif ( $this->getId() == $wgUser->getId() ) {
$watched = $title->userIsWatching();
} else {
$watched = true;
* @public
*/
function clearAllNotifications( $currentUser ) {
- global $wgUseEnotif;
- if ( !$wgUseEnotif ) {
+ global $wgUseEnotif, $wgShowUpdatedMarker;
+ if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
$this->setNewtalk( false );
return;
}
if( $currentUser != 0 ) {
-
$dbw = wfGetDB( DB_MASTER );
$dbw->update( 'watchlist',
array( /* SET */
'wl_user' => $currentUser
), __METHOD__
);
-
- # we also need to clear here the "you have new message" notification for the own user_talk page
+ # We also need to clear here the "you have new message" notification for the own user_talk page
# This is cleared one page view later in Article::viewUpdates();
}
}
}
}
}
+
+ protected function setCookie( $name, $value, $exp=0 ) {
+ global $wgCookiePrefix,$wgCookieDomain,$wgCookieSecure,$wgCookieExpiration, $wgCookieHttpOnly;
+ if( $exp == 0 ) {
+ $exp = time() + $wgCookieExpiration;
+ }
+ $httpOnlySafe = wfHttpOnlySafe();
+ wfDebugLog( 'cookie',
+ 'setcookie: "' . implode( '", "',
+ array(
+ $wgCookiePrefix . $name,
+ $value,
+ $exp,
+ '/',
+ $wgCookieDomain,
+ $wgCookieSecure,
+ $httpOnlySafe && $wgCookieHttpOnly ) ) . '"' );
+ if( $httpOnlySafe && isset( $wgCookieHttpOnly ) ) {
+ setcookie( $wgCookiePrefix . $name,
+ $value,
+ $exp,
+ '/',
+ $wgCookieDomain,
+ $wgCookieSecure,
+ $wgCookieHttpOnly );
+ } else {
+ // setcookie() fails on PHP 5.1 if you give it future-compat paramters.
+ // stab stab!
+ setcookie( $wgCookiePrefix . $name,
+ $value,
+ $exp,
+ '/',
+ $wgCookieDomain,
+ $wgCookieSecure );
+ }
+ }
+
+ protected function clearCookie( $name ) {
+ $this->setCookie( $name, '', time() - 86400 );
+ }
function setCookies() {
- global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookiePrefix;
$this->load();
if ( 0 == $this->mId ) return;
- $exp = time() + $wgCookieExpiration;
-
- $_SESSION['wsUserID'] = $this->mId;
- setcookie( $wgCookiePrefix.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
-
- $_SESSION['wsUserName'] = $this->getName();
- setcookie( $wgCookiePrefix.'UserName', $this->getName(), $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
-
- $_SESSION['wsToken'] = $this->mToken;
+ $session = array(
+ 'wsUserID' => $this->mId,
+ 'wsToken' => $this->mToken,
+ 'wsUserName' => $this->getName()
+ );
+ $cookies = array(
+ 'UserID' => $this->mId,
+ 'UserName' => $this->getName(),
+ );
if ( 1 == $this->getOption( 'rememberpassword' ) ) {
- setcookie( $wgCookiePrefix.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+ $cookies['Token'] = $this->mToken;
} else {
- setcookie( $wgCookiePrefix.'Token', '', time() - 3600 );
+ $cookies['Token'] = false;
+ }
+
+ wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
+ $_SESSION = $session + $_SESSION;
+ foreach ( $cookies as $name => $value ) {
+ if ( $value === false ) {
+ $this->clearCookie( $name );
+ } else {
+ $this->setCookie( $name, $value );
+ }
}
}
* Clears the cookies and session, resets the instance cache
*/
function doLogout() {
- global $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookiePrefix;
$this->clearInstanceCache( 'defaults' );
$_SESSION['wsUserID'] = 0;
- setcookie( $wgCookiePrefix.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
- setcookie( $wgCookiePrefix.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+ $this->clearCookie( 'UserID' );
+ $this->clearCookie( 'Token' );
# Remember when user logged out, to prevent seeing cached pages
- setcookie( $wgCookiePrefix.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+ $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 );
}
/**
'user_id' => $this->mId
), __METHOD__
);
+ wfRunHooks( 'UserSaveSettings', array( $this ) );
$this->clearSharedCache();
}
-
/**
* Checks if a user with the given name exists, returns the ID.
*/
function isNewbie() {
return !$this->isAllowed( 'autoconfirmed' );
}
+
+ /**
+ * Is the user active? We check to see if they've made at least
+ * X number of edits in the last Y days.
+ *
+ * @return bool true if the user is active, false if not
+ */
+ public function isActiveEditor() {
+ global $wgActiveUserEditCount, $wgActiveUserDays;
+ $dbr = wfGetDB( DB_SLAVE );
+
+ // Stolen without shame from RC
+ $cutoff_unixtime = time() - ( $wgActiveUserDays * 86400 );
+ $cutoff_unixtime = $cutoff_unixtime - ( $cutoff_unixtime % 86400 );
+ $oldTime = $dbr->addQuotes( $dbr->timestamp( $cutoff_unixtime ) );
+
+ $res = $dbr->select( 'revision', '1',
+ array( 'rev_user_text' => $this->getName(), "rev_timestamp > $oldTime"),
+ __METHOD__,
+ array('LIMIT' => $wgActiveUserEditCount ) );
+
+ $count = $dbr->numRows($res);
+ $dbr->freeResult($res);
+
+ return $count == $wgActiveUserEditCount;
+ }
/**
* Check to see if the given clear-text password is one of the accepted passwords
/* Auth plugin doesn't allow local authentication for this user name */
return false;
}
- $ep = $this->encryptPassword( $password );
- if ( 0 == strcmp( $ep, $this->mPassword ) ) {
+ if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
return true;
} elseif ( function_exists( 'iconv' ) ) {
# Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
# Check for this with iconv
- $cp1252hash = $this->encryptPassword( iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password ) );
- if ( 0 == strcmp( $cp1252hash, $this->mPassword ) ) {
+ $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
+ if ( self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) ) {
return true;
}
}
* @return bool
*/
function checkTemporaryPassword( $plaintext ) {
- $hash = $this->encryptPassword( $plaintext );
- return $hash === $this->mNewpassword;
+ return self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() );
}
/**
* Generate a new e-mail confirmation token and send a confirmation/invalidation
* mail to the user's given address.
*
+ * Calls saveSettings() internally; as it has side effects, not committing changes
+ * would be pretty silly.
+ *
* @return mixed True on success, a WikiError object on failure.
*/
function sendConfirmationMail() {
$token = $this->confirmationToken( $expiration );
$url = $this->confirmationTokenUrl( $token );
$invalidateURL = $this->invalidationTokenUrl( $token );
+ $this->saveSettings();
+
return $this->sendMail( wfMsg( 'confirmemail_subject' ),
wfMsg( 'confirmemail_body',
wfGetIP(),
/**
* Generate, store, and return a new e-mail confirmation code.
* A hash (unsalted since it's used as a key) is stored.
+ *
+ * Call saveSettings() after calling this function to commit
+ * this change to the database.
+ *
* @param &$expiration mixed output: accepts the expiration time
* @return string
* @private
$this->load();
$this->mEmailToken = $hash;
$this->mEmailTokenExpires = $expiration;
- $this->saveSettings();
return $token;
}
* @private
*/
function confirmationTokenUrl( $token ) {
- $title = SpecialPage::getTitleFor( 'Confirmemail', $token );
- return $title->getFullUrl();
+ return $this->getTokenUrl( 'ConfirmEmail', $token );
}
/**
* Return a URL the user can use to invalidate their email address.
* @return string
* @private
*/
- function invalidationTokenUrl( $token ) {
- $title = SpecialPage::getTitleFor( 'Invalidateemail', $token );
- return $title->getFullUrl();
+ function invalidationTokenUrl( $token ) {
+ return $this->getTokenUrl( 'Invalidateemail', $token );
+ }
+
+ /**
+ * Internal function to format the e-mail validation/invalidation URLs.
+ * This uses $wgArticlePath directly as a quickie hack to use the
+ * hardcoded English names of the Special: pages, for ASCII safety.
+ *
+ * Since these URLs get dropped directly into emails, using the
+ * short English names avoids insanely long URL-encoded links, which
+ * also sometimes can get corrupted in some browsers/mailers
+ * (bug 6957 with Gmail and Internet Explorer).
+ */
+ protected function getTokenUrl( $page, $token ) {
+ global $wgArticlePath;
+ return wfExpandUrl(
+ str_replace(
+ '$1',
+ "Special:$page/$token",
+ $wgArticlePath ) );
}
/**
- * Mark the e-mail address confirmed and save.
+ * Mark the e-mail address confirmed.
+ *
+ * Call saveSettings() after calling this function to commit the change.
*/
function confirmEmail() {
- $this->load();
- $this->mEmailAuthenticated = wfTimestampNow();
- $this->saveSettings();
+ $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
return true;
}
/**
* Invalidate the user's email confirmation, unauthenticate the email
- * if it was already confirmed and save.
+ * if it was already confirmed.
+ *
+ * Call saveSettings() after calling this function to commit the change.
*/
function invalidateEmail() {
$this->load();
$this->mEmailToken = null;
$this->mEmailTokenExpires = null;
- $this->mEmailAuthenticated = null;
- $this->saveSettings();
+ $this->setEmailAuthenticationTimestamp( null );
return true;
}
+ function setEmailAuthenticationTimestamp( $timestamp ) {
+ $this->load();
+ $this->mEmailAuthenticated = $timestamp;
+ wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
+ }
+
/**
* Is this user allowed to send e-mails within limits of current
* site configuration?
/**
* @param array $groups list of groups
* @return array list of permission key names for given groups combined
- * @static
*/
static function getGroupPermissions( $groups ) {
global $wgGroupPermissions;
/**
* @param string $group key name
* @return string localized descriptive name for group, if provided
- * @static
*/
static function getGroupName( $group ) {
global $wgMessageCache;
/**
* @param string $group key name
* @return string localized descriptive name for member of a group, if provided
- * @static
*/
static function getGroupMember( $group ) {
global $wgMessageCache;
/**
* Return the set of defined explicit groups.
- * The *, 'user', 'autoconfirmed' and 'emailconfirmed'
- * groups are not included, as they are defined
- * automatically, not in the database.
+ * The implicit groups (by default *, 'user' and 'autoconfirmed')
+ * are not included, as they are defined automatically,
+ * not in the database.
* @return array
- * @static
*/
static function getAllGroups() {
global $wgGroupPermissions;
);
}
+ /**
+ * Get a list of all available permissions
+ */
+ static function getAllRights() {
+ if ( self::$mAllRights === false ) {
+ global $wgAvailableRights;
+ if ( count( $wgAvailableRights ) ) {
+ self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
+ } else {
+ self::$mAllRights = self::$mCoreRights;
+ }
+ wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
+ }
+ return self::$mAllRights;
+ }
+
/**
* Get a list of implicit groups
*
// edit count in user cache too
$this->invalidateCache();
}
+
+ static function getRightDescription( $right ) {
+ global $wgMessageCache;
+ $wgMessageCache->loadAllMessages();
+ $key = "right-$right";
+ $name = wfMsg( $key );
+ return $name == '' || wfEmptyMsg( $key, $name )
+ ? $right
+ : $name;
+ }
+
+ /**
+ * Make an old-style password hash
+ *
+ * @param string $password Plain-text password
+ * @param string $userId User ID
+ */
+ static function oldCrypt( $password, $userId ) {
+ global $wgPasswordSalt;
+ if ( $wgPasswordSalt ) {
+ return md5( $userId . '-' . md5( $password ) );
+ } else {
+ return md5( $password );
+ }
+ }
+
+ /**
+ * Make a new-style password hash
+ *
+ * @param string $password Plain-text password
+ * @param string $salt Salt, may be random or the user ID. False to generate a salt.
+ */
+ static function crypt( $password, $salt = false ) {
+ global $wgPasswordSalt;
+
+ if($wgPasswordSalt) {
+ if ( $salt === false ) {
+ $salt = substr( wfGenerateToken(), 0, 8 );
+ }
+ return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
+ } else {
+ return ':A:' . md5( $password);
+ }
+ }
+
+ /**
+ * Compare a password hash with a plain-text password. Requires the user
+ * ID if there's a chance that the hash is an old-style hash.
+ *
+ * @param string $hash Password hash
+ * @param string $password Plain-text password to compare
+ * @param string $userId User ID for old-style password salt
+ */
+ static function comparePasswords( $hash, $password, $userId = false ) {
+ $m = false;
+ $type = substr( $hash, 0, 3 );
+ if ( $type == ':A:' ) {
+ # Unsalted
+ return md5( $password ) === substr( $hash, 3 );
+ } elseif ( $type == ':B:' ) {
+ # Salted
+ list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
+ return md5( $salt.'-'.md5( $password ) ) == $realHash;
+ } else {
+ # Old-style
+ return self::oldCrypt( $password, $userId ) === $hash;
+ }
+ }
}
dépôts / lhc / web / wiklou.git / blobdiff