'minoredit',
'move',
'nominornewtalk',
+ 'noratelimit',
'patrol',
'protect',
'proxyunbannable',
* @return bool
*/
static function isIP( $name ) {
- return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || User::isIPv6($name);
- /*return preg_match("/^
- (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
- (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
- (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))\.
- (?:[01]?\d{1,2}|2(:?[0-4]\d|5[0-5]))
- $/x", $name);*/
- }
-
- /**
- * Check if $name is an IPv6 IP.
- */
- static function isIPv6($name) {
- /*
- * if it has any non-valid characters, it can't be a valid IPv6
- * address.
- */
- if (preg_match("/[^:a-fA-F0-9]/", $name))
- return false;
-
- $parts = explode(":", $name);
- if (count($parts) < 3)
- return false;
- foreach ($parts as $part) {
- if (!preg_match("/^[0-9a-fA-F]{0,4}$/", $part))
- return false;
- }
- return true;
+ return preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/',$name) || IP::isIPv6($name);
}
/**
$this->mRegistration = wfTimestamp( TS_MW );
$this->mGroups = array();
+ wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );
+
wfProfileOut( __METHOD__ );
}
*
* @param string $opt
* @return string
- * @static
- * @public
*/
- function getDefaultOption( $opt ) {
- $defOpts = User::getDefaultOptions();
+ public static function getDefaultOption( $opt ) {
+ $defOpts = self::getDefaultOptions();
if( isset( $defOpts[$opt] ) ) {
return $defOpts[$opt];
} else {
# Proxy blocking
if ( !$this->isAllowed('proxyunbannable') && !in_array( $ip, $wgProxyWhitelist ) ) {
-
# Local list
if ( wfIsLocallyBlockedProxy( $ip ) ) {
$this->mBlockedby = wfMsg( 'proxyblocker' );
*/
public function isPingLimitable() {
global $wgRateLimitsExcludedGroups;
- return array_intersect($this->getEffectiveGroups(), $wgRateLimitsExcludedGroups) == array();
+ if( array_intersect( $this->getEffectiveGroups(), $wgRateLimitsExcludedGroups ) ) {
+ // Deprecated, but kept for backwards-compatibility config
+ return false;
+ }
+ return !$this->isAllowed('noratelimit');
}
/**
$keys = array();
$id = $this->getId();
$ip = wfGetIP();
+ $userLimit = false;
if( isset( $limits['anon'] ) && $id == 0 ) {
$keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
}
if( isset( $limits['user'] ) && $id != 0 ) {
- $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['user'];
+ $userLimit = $limits['user'];
}
if( $this->isNewbie() ) {
if( isset( $limits['newbie'] ) && $id != 0 ) {
$keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
}
}
+ // Check for group-specific permissions
+ // If more than one group applies, use the group with the highest limit
+ foreach ( $this->getGroups() as $group ) {
+ if ( isset( $limits[$group] ) ) {
+ if ( $userLimit === false || $limits[$group] > $userLimit ) {
+ $userLimit = $limits[$group];
+ }
+ }
+ }
+ // Set the user limit key
+ if ( $userLimit !== false ) {
+ wfDebug( __METHOD__.": effective user limit: $userLimit\n" );
+ $keys[ wfMemcKey( 'limiter', $action, 'user', $id ) ] = $userLimit;
+ }
$triggered = false;
foreach( $keys as $key => $limit ) {
/**
* Get the user ID. Returns 0 if the user is anonymous or nonexistent.
*/
- function getID() {
+ function getId() {
if( $this->mId === null and $this->mName !== null
and User::isIP( $this->mName ) ) {
// Special case, we know the user is anonymous
/**
* Set the user and reload all fields according to that ID
*/
- function setID( $v ) {
+ function setId( $v ) {
$this->mId = $v;
$this->clearInstanceCache( 'id' );
}
return ($timestamp >= $this->mTouched);
}
- /**
- * Encrypt a password.
- * It can eventually salt a password.
- * @see User::addSalt()
- * @param string $p clear Password.
- * @return string Encrypted password.
- */
- function encryptPassword( $p ) {
- $this->load();
- return wfEncryptPassword( $this->mId, $p );
- }
-
/**
* Set the password and reset the random token
* Calls through to authentication plugin if necessary;
if( !$this->isValidPassword( $str ) ) {
global $wgMinimalPasswordLength;
- throw new PasswordError( wfMsg( 'passwordtooshort',
+ throw new PasswordError( wfMsgExt( 'passwordtooshort', array( 'parsemag' ),
$wgMinimalPasswordLength ) );
}
}
// Save an invalid hash...
$this->mPassword = '';
} else {
- $this->mPassword = $this->encryptPassword( $str );
+ $this->mPassword = self::crypt( $str );
}
$this->mNewpassword = '';
$this->mNewpassTime = null;
}
+
+ function getToken() {
+ $this->load();
+ return $this->mToken;
+ }
+
/**
* Set the random token (used for persistent authentication)
* Called from loadDefaults() among other places.
*/
function setNewpassword( $str, $throttle = true ) {
$this->load();
- $this->mNewpassword = $this->encryptPassword( $str );
+ $this->mNewpassword = self::crypt( $str );
if ( $throttle ) {
$this->mNewpassTime = wfTimestampNow();
}
}
// Filter out any newlines that may have passed through input validation.
// Newlines are used to separate items in the options blob.
- $val = str_replace( "\r\n", "\n", $val );
- $val = str_replace( "\r", "\n", $val );
- $val = str_replace( "\n", " ", $val );
+ if( $val ) {
+ $val = str_replace( "\r\n", "\n", $val );
+ $val = str_replace( "\r", "\n", $val );
+ $val = str_replace( "\n", " ", $val );
+ }
+ // Explicitly NULL values should refer to defaults
+ global $wgDefaultUserOptions;
+ if( is_null($val) && isset($wgDefaultUserOptions[$oname]) ) {
+ $val = $wgDefaultUserOptions[$oname];
+ }
$this->mOptions[$oname] = $val;
}
* the next change of the page if it's watched etc.
*/
function clearNotification( &$title ) {
- global $wgUser, $wgUseEnotif;
+ global $wgUser, $wgUseEnotif, $wgShowUpdatedMarker;
# Do nothing if the database is locked to writes
if( wfReadOnly() ) {
$this->setNewtalk( false );
}
- if( !$wgUseEnotif ) {
+ if( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
return;
}
$title->getText() == $wgUser->getName())
{
$watched = true;
- } elseif ( $this->getID() == $wgUser->getID() ) {
+ } elseif ( $this->getId() == $wgUser->getId() ) {
$watched = $title->userIsWatching();
} else {
$watched = true;
function setCookies() {
$this->load();
if ( 0 == $this->mId ) return;
-
- $_SESSION['wsUserID'] = $this->mId;
-
- $this->setCookie( 'UserID', $this->mId );
- $this->setCookie( 'UserName', $this->getName() );
-
- $_SESSION['wsUserName'] = $this->getName();
-
- $_SESSION['wsToken'] = $this->mToken;
+ $session = array(
+ 'wsUserID' => $this->mId,
+ 'wsToken' => $this->mToken,
+ 'wsUserName' => $this->getName()
+ );
+ $cookies = array(
+ 'UserID' => $this->mId,
+ 'UserName' => $this->getName(),
+ );
if ( 1 == $this->getOption( 'rememberpassword' ) ) {
- $this->setCookie( 'Token', $this->mToken );
+ $cookies['Token'] = $this->mToken;
} else {
- $this->clearCookie( 'Token' );
+ $cookies['Token'] = false;
+ }
+
+ wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );
+ $_SESSION = $session + $_SESSION;
+ foreach ( $cookies as $name => $value ) {
+ if ( $value === false ) {
+ $this->clearCookie( $name );
+ } else {
+ $this->setCookie( $name, $value );
+ }
}
}
function isNewbie() {
return !$this->isAllowed( 'autoconfirmed' );
}
+
+ /**
+ * Is the user active? We check to see if they've made at least
+ * X number of edits in the last Y days.
+ *
+ * @return bool true if the user is active, false if not
+ */
+ public function isActiveEditor() {
+ global $wgActiveUserEditCount, $wgActiveUserDays;
+ $dbr = wfGetDB( DB_SLAVE );
+
+ // Stolen without shame from RC
+ $cutoff_unixtime = time() - ( $wgActiveUserDays * 86400 );
+ $cutoff_unixtime = $cutoff_unixtime - ( $cutoff_unixtime % 86400 );
+ $oldTime = $dbr->addQuotes( $dbr->timestamp( $cutoff_unixtime ) );
+
+ $res = $dbr->select( 'revision', '1',
+ array( 'rev_user_text' => $this->getName(), "rev_timestamp > $oldTime"),
+ __METHOD__,
+ array('LIMIT' => $wgActiveUserEditCount ) );
+
+ $count = $dbr->numRows($res);
+ $dbr->freeResult($res);
+
+ return $count == $wgActiveUserEditCount;
+ }
/**
* Check to see if the given clear-text password is one of the accepted passwords
/* Auth plugin doesn't allow local authentication for this user name */
return false;
}
- $ep = $this->encryptPassword( $password );
- if ( 0 == strcmp( $ep, $this->mPassword ) ) {
+ if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
return true;
} elseif ( function_exists( 'iconv' ) ) {
# Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
# Check for this with iconv
- $cp1252hash = $this->encryptPassword( iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password ) );
- if ( 0 == strcmp( $cp1252hash, $this->mPassword ) ) {
+ $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
+ if ( self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId ) ) {
return true;
}
}
* @return bool
*/
function checkTemporaryPassword( $plaintext ) {
- $hash = $this->encryptPassword( $plaintext );
- return $hash === $this->mNewpassword;
+ return self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() );
}
/**
* @private
*/
function confirmationTokenUrl( $token ) {
- $title = SpecialPage::getTitleFor( 'Confirmemail', $token );
- return $title->getFullUrl();
+ return $this->getTokenUrl( 'ConfirmEmail', $token );
}
/**
* Return a URL the user can use to invalidate their email address.
* @return string
* @private
*/
- function invalidationTokenUrl( $token ) {
- $title = SpecialPage::getTitleFor( 'Invalidateemail', $token );
- return $title->getFullUrl();
+ function invalidationTokenUrl( $token ) {
+ return $this->getTokenUrl( 'Invalidateemail', $token );
+ }
+
+ /**
+ * Internal function to format the e-mail validation/invalidation URLs.
+ * This uses $wgArticlePath directly as a quickie hack to use the
+ * hardcoded English names of the Special: pages, for ASCII safety.
+ *
+ * Since these URLs get dropped directly into emails, using the
+ * short English names avoids insanely long URL-encoded links, which
+ * also sometimes can get corrupted in some browsers/mailers
+ * (bug 6957 with Gmail and Internet Explorer).
+ */
+ protected function getTokenUrl( $page, $token ) {
+ global $wgArticlePath;
+ return wfExpandUrl(
+ str_replace(
+ '$1',
+ "Special:$page/$token",
+ $wgArticlePath ) );
}
/**
? $right
: $name;
}
+
+ /**
+ * Make an old-style password hash
+ *
+ * @param string $password Plain-text password
+ * @param string $userId User ID
+ */
+ static function oldCrypt( $password, $userId ) {
+ global $wgPasswordSalt;
+ if ( $wgPasswordSalt ) {
+ return md5( $userId . '-' . md5( $password ) );
+ } else {
+ return md5( $password );
+ }
+ }
+
+ /**
+ * Make a new-style password hash
+ *
+ * @param string $password Plain-text password
+ * @param string $salt Salt, may be random or the user ID. False to generate a salt.
+ */
+ static function crypt( $password, $salt = false ) {
+ global $wgPasswordSalt;
+
+ if($wgPasswordSalt) {
+ if ( $salt === false ) {
+ $salt = substr( wfGenerateToken(), 0, 8 );
+ }
+ return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
+ } else {
+ return ':A:' . md5( $password);
+ }
+ }
+
+ /**
+ * Compare a password hash with a plain-text password. Requires the user
+ * ID if there's a chance that the hash is an old-style hash.
+ *
+ * @param string $hash Password hash
+ * @param string $password Plain-text password to compare
+ * @param string $userId User ID for old-style password salt
+ */
+ static function comparePasswords( $hash, $password, $userId = false ) {
+ $m = false;
+ $type = substr( $hash, 0, 3 );
+ if ( $type == ':A:' ) {
+ # Unsalted
+ return md5( $password ) === substr( $hash, 3 );
+ } elseif ( $type == ':B:' ) {
+ # Salted
+ list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
+ return md5( $salt.'-'.md5( $password ) ) == $realHash;
+ } else {
+ # Old-style
+ return self::oldCrypt( $password, $userId ) === $hash;
+ }
+ }
}
dépôts / lhc / web / wiklou.git / blobdiff