# Number of characters in user_token field
define( 'USER_TOKEN_LENGTH', 32 );
+# Serialized record version
+define( 'MW_USER_VERSION', 2 );
+
/**
*
* @package MediaWiki
var $mRealName;
var $mHash;
var $mGroups;
+ var $mVersion; // serialized version
/** Construct using User:loadDefaults() */
function User() {
$this->loadDefaults();
+ $this->mVersion = MW_USER_VERSION;
}
/**
function newFromName( $name ) {
$u = new User();
+ # Force usernames to capital
+ global $wgContLang;
+ $name = $wgContLang->ucfirst( $name );
+
# Clean up name according to title rules
-
$t = Title::newFromText( $name );
if( is_null( $t ) ) {
- return NULL;
- } else {
- $u->setName( $t->getText() );
- $u->setId( $u->idFromName( $t->getText() ) );
- return $u;
+ return null;
}
+
+ # Reject various classes of invalid names
+ $canonicalName = $t->getText();
+ if( !User::isValidUserName( $canonicalName ) ) {
+ return null;
+ }
+
+ $u->setName( $canonicalName );
+ $u->setId( $u->idFromName( $t->getText() ) );
+ return $u;
}
/**
}
/**
+ * Is the input a valid username?
+ *
+ * Checks if the input is a valid username, we don't want an empty string,
+ * an IP address, anything that containins slashes (would mess up subpages),
+ * is longer than the maximum allowed username size or doesn't begin with
+ * a capital letter.
+ *
+ * @param string $name
+ * @return bool
+ * @static
+ */
+ function isValidUserName( $name ) {
+ global $wgContLang, $wgMaxNameChars;
+
+ if ( $name == ''
+ || User::isIP( $name )
+ || strpos( $name, '/' ) !== false
+ || strlen( $name ) > $wgMaxNameChars
+ || $name != $wgContLang->ucfirst( $name ) )
+ return false;
+ else
+ return true;
+ }
+
+ /**
+ * Is the input a valid password?
+ *
+ * @param string $password
+ * @return bool
+ * @static
+ */
+ function isValidPassword( $password ) {
+ global $wgMinimalPasswordLength;
+ return strlen( $password ) >= $wgMinimalPasswordLength;
+ }
+
+ /**
* does the string match roughly an email address ?
*
+ * @todo Check for RFC 2822 compilance
* @bug 959
*
* @param string $addr email address
$passwordCorrect = FALSE;
$user = $wgMemc->get( $key = "$wgDBname:user:id:$sId" );
+ if( !is_object( $user ) || $user->mVersion < MW_USER_VERSION ) {
+ # Expire old serialized objects; they may be corrupt.
+ $user = false;
+ }
if($makenew = !$user) {
wfDebug( "User::loadFromSession() unable to load from memcached\n" );
$user = new User();
$fname = 'User::saveNewtalk';
+ $changed = false;
+
if ( wfReadOnly() ) { return ; }
$dbr =& wfGetDB( DB_SLAVE );
$dbw =& wfGetDB( DB_MASTER );
+ $changed = false;
if ( $wgUseEnotif ) {
if ( ! $this->getNewtalk() ) {
# Delete the watchlist entry for user_talk page X watched by user X