X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2FUser.php;h=772672ecccde83ab67c2f7a25c2c64a12fe11f50;hb=b7100af7e8c9910b9b521aa5c1c7fb8770230d86;hp=45c60a2cc27c88ab8d1b253cc6a71e5349742f4d;hpb=a96bcaf80d3fb8e1480b7ce1fbd27ca52dbfc9da;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/User.php b/includes/User.php index 45c60a2cc2..772672eccc 100644 --- a/includes/User.php +++ b/includes/User.php @@ -1,6 +1,8 @@ -getText() ) . "'"; - $res = wfQuery( $sql, "User::idFromName" ); + $res = wfQuery( $sql, DB_READ, "User::idFromName" ); if ( 0 == wfNumRows( $res ) ) { return 0; } else { @@ -53,8 +55,6 @@ class User { } - - /* static */ function randomPassword() { $pwchars = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz"; @@ -70,10 +70,11 @@ class User { function loadDefaults() { - global $wgLang ; + global $wgLang, $wgIP; + global $wgNamespacesToBeSearchedDefault; $this->mId = $this->mNewtalk = 0; - $this->mName = getenv( "REMOTE_ADDR" ); + $this->mName = $wgIP; $this->mEmail = ""; $this->mPassword = $this->mNewpassword = ""; $this->mRights = array(); @@ -81,6 +82,9 @@ class User { foreach ( $defOpt as $oname => $val ) { $this->mOptions[$oname] = $val; } + foreach ($wgNamespacesToBeSearchedDefault as $nsnum => $val) { + $this->mOptions["searchNs".$nsnum] = $val; + } unset( $this->mSkin ); $this->mDataLoaded = false; $this->mBlockedby = -1; # Unset @@ -90,24 +94,29 @@ class User { /* private */ function getBlockedStatus() { - if ( -1 != $this->mBlockedby ) { return; } + global $wgIP, $wgBlockCache; - $remaddr = getenv( "REMOTE_ADDR" ); - if ( 0 == $this->mId ) { - $sql = "SELECT ipb_by,ipb_reason FROM ipblocks WHERE " . - "ipb_address='$remaddr'"; - } else { - $sql = "SELECT ipb_by,ipb_reason FROM ipblocks WHERE " . - "(ipb_address='$remaddr' OR ipb_user={$this->mId})"; + if ( -1 != $this->mBlockedby ) { return; } + + $this->mBlockedby = 0; + + # User blocking + if ( $this->mId ) { + $block = new Block(); + if ( $block->load( $wgIP , $this->mId ) ) { + $this->mBlockedby = $block->mBy; + $this->mBlockreason = $block->mReason; + } } - $res = wfQuery( $sql, "User::getBlockedStatus" ); - if ( 0 == wfNumRows( $res ) ) { - $this->mBlockedby = 0; - return; + + # IP/range blocking + if ( !$this->mBlockedby ) { + $block = $wgBlockCache->get( $wgIP ); + if ( $block !== false ) { + $this->mBlockedby = $block->mBy; + $this->mBlockreason = $block->mReason; + } } - $s = wfFetchObject( $res ); - $this->mBlockedby = $s->ipb_by; - $this->mBlockreason = $s->ipb_reason; } function isBlocked() @@ -127,76 +136,110 @@ class User { return $this->mBlockreason; } - function loadFromSession() + function SetupSession() { + global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain; + if( $wgSessionsInMemcached ) { + include_once( "MemcachedSessions.php" ); + } + session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain ); + session_cache_limiter( "private, must-revalidate" ); + session_start(); + } + + /* static */ function loadFromSession() { - global $HTTP_COOKIE_VARS, $wsUserID, $wsUserName, $wsUserPassword; + global $wgMemc, $wgDBname; - if ( isset( $wsUserID ) ) { - if ( 0 != $wsUserID ) { - $sId = $wsUserID; + if ( isset( $_SESSION['wsUserID'] ) ) { + if ( 0 != $_SESSION['wsUserID'] ) { + $sId = $_SESSION['wsUserID']; } else { - $this->mId = 0; - return; + return new User(); } - } else if ( isset( $HTTP_COOKIE_VARS["wcUserID"] ) ) { - $sId = $HTTP_COOKIE_VARS["wcUserID"]; - $wsUserID = $sId; + } else if ( isset( $_COOKIE["{$wgDBname}UserID"] ) ) { + $sId = IntVal( $_COOKIE["{$wgDBname}UserID"] ); + $_SESSION['wsUserID'] = $sId; } else { - $this->mId = 0; - return; + return new User(); } - if ( isset( $wsUserName ) ) { - $sName = $wsUserName; - } else if ( isset( $HTTP_COOKIE_VARS["wcUserName"] ) ) { - $sName = $HTTP_COOKIE_VARS["wcUserName"]; - $wsUserName = $sName; + if ( isset( $_SESSION['wsUserName'] ) ) { + $sName = $_SESSION['wsUserName']; + } else if ( isset( $_COOKIE["{$wgDBname}UserName"] ) ) { + $sName = $_COOKIE["{$wgDBname}UserName"]; + $_SESSION['wsUserName'] = $sName; } else { - $this->mId = 0; - return; + return new User(); } $passwordCorrect = FALSE; - $this->mId = $sId; - $this->loadFromDatabase(); + $user = $wgMemc->get( $key = "$wgDBname:user:id:$sId" ); + if($makenew = !$user) { + wfDebug( "User::loadFromSession() unable to load from memcached\n" ); + $user = new User(); + $user->mId = $sId; + $user->loadFromDatabase(); + } else { + wfDebug( "User::loadFromSession() got from cache!\n" ); + } - if ( isset( $wsUserPassword ) ) { - $passwordCorrect = $wsUserPassword == $this->mPassword; - } else if ( isset( $HTTP_COOKIE_VARS["wcUserPassword"] ) ) { - $this->mCookiePassword = $HTTP_COOKIE_VARS["wcUserPassword"]; - $wsUserPassword = $this->addSalt($this->mCookiePassword); - $passwordCorrect = $wsUserPassword == $this->mPassword; + if ( isset( $_SESSION['wsUserPassword'] ) ) { + $passwordCorrect = $_SESSION['wsUserPassword'] == $user->mPassword; + } else if ( isset( $_COOKIE["{$wgDBname}Password"] ) ) { + $user->mCookiePassword = $_COOKIE["{$wgDBname}Password"]; + $_SESSION['wsUserPassword'] = $user->addSalt( $user->mCookiePassword ); + $passwordCorrect = $_SESSION['wsUserPassword'] == $user->mPassword; } else { - $this->mId = 0; - return; + return new User(); # Can't log in from session } - if ( ( $sName == $this->mName ) && $passwordCorrect ) { - return; + if ( ( $sName == $user->mName ) && $passwordCorrect ) { + if($makenew) { + if($wgMemc->set( $key, $user )) + wfDebug( "User::loadFromSession() successfully saved user\n" ); + else + wfDebug( "User::loadFromSession() unable to save to memcached\n" ); + } + $user->spreadBlock(); + return $user; } - $this->loadDefaults(); # Can't log in from session + return new User(); # Can't log in from session } function loadFromDatabase() { - if ( $this->mDataLoaded ) { return; } + global $wgCommandLineMode; + if ( $this->mDataLoaded || $wgCommandLineMode ) { + return; + } + + # Paranoia + $this->mId = IntVal( $this->mId ); + # check in separate table if there are changes to the talk page $this->mNewtalk=0; # reset talk page status if($this->mId) { $sql = "SELECT 1 FROM user_newtalk WHERE user_id={$this->mId}"; - $res = wfQuery ($sql, "User::loadFromDatabase" ); + $res = wfQuery ($sql, DB_READ, "User::loadFromDatabase" ); if (wfNumRows($res)>0) { $this->mNewtalk= 1; } wfFreeResult( $res ); } else { - $sql = "SELECT 1 FROM user_newtalk WHERE user_ip='{$this->mName}'"; - $res = wfQuery ($sql, "User::loadFromDatabase" ); + global $wgDBname, $wgMemc; + $key = "$wgDBname:newtalk:ip:{$this->mName}"; + $newtalk = $wgMemc->get( $key ); + if( ! is_integer( $newtalk ) ){ + $sql = "SELECT 1 FROM user_newtalk WHERE user_ip='{$this->mName}'"; + $res = wfQuery ($sql, DB_READ, "User::loadFromDatabase" ); - if (wfNumRows($res)>0) { - $this->mNewtalk= 1; + $this->mNewtalk = (wfNumRows($res)>0) ? 1 : 0; + wfFreeResult( $res ); + + $wgMemc->set( $key, $this->mNewtalk, time() ); // + 1800 ); + } else { + $this->mNewtalk = $newtalk ? 1 : 0; } - wfFreeResult( $res ); } if(!$this->mId) { $this->mDataLoaded = true; @@ -206,7 +249,7 @@ class User { $sql = "SELECT user_name,user_password,user_newpassword,user_email," . "user_options,user_rights,user_touched FROM user WHERE user_id=" . "{$this->mId}"; - $res = wfQuery( $sql, "User::loadFromDatabase" ); + $res = wfQuery( $sql, DB_READ, "User::loadFromDatabase" ); if ( wfNumRows( $res ) > 0 ) { $s = wfFetchObject( $res ); @@ -279,7 +322,11 @@ class User { function addSalt( $p ) { - return md5( "wikipedia{$this->mId}-{$p}" ); + global $wgPasswordSalt; + if($wgPasswordSalt) + return md5( "{$this->mId}-{$p}" ); + else + return $p; } function encryptPassword( $p ) @@ -342,6 +389,13 @@ class User { return $this->mRights; } + function addRight( $rname ) + { + $this->loadFromDatabase(); + array_push( $this->mRights, $rname ); + $this->invalidateCache(); + } + function isSysop() { $this->loadFromDatabase(); @@ -358,11 +412,21 @@ class User { return in_array( "developer", $this->mRights ); } - function isBot() + function isBureaucrat() { $this->loadFromDatabase(); if ( 0 == $this->mId ) { return false; } + return in_array( "bureaucrat", $this->mRights ); + } + + function isBot() + { + $this->loadFromDatabase(); + + # Why was this here? I need a UID=0 conversion script [TS] + # if ( 0 == $this->mId ) { return false; } + return in_array( "bot", $this->mRights ); } @@ -371,54 +435,41 @@ class User { if ( ! isset( $this->mSkin ) ) { $skinNames = Skin::getSkinNames(); $s = $this->getOption( "skin" ); - if ( "" == $s ) { $s = 0; } - - if ( $s >= count( $skinNames ) ) { $sn = "SkinStandard"; } - else $sn = "Skin" . $skinNames[$s]; + if ( "" == $s ) { $s = 'standard'; } + + if ( !isset( $skinNames[$s] ) ) { + $fallback = array( + 'standard' => "Standard", + 'nostalgia' => "Nostalgia", + 'cologneblue' => "Cologne Blue"); + if(is_int($s) && isset( $fallback[$s]) ){ + $sn = $fallback[$s]; + } else { + $sn = "SkinStandard"; + } + } else { + $sn = "Skin" . $skinNames[$s]; + } $this->mSkin = new $sn; } return $this->mSkin; } - function isWatched( $title ) - { - # Note - $title should be a Title _object_ - # Pages and their talk pages are considered equivalent for watching; - # remember that talk namespaces are numbered as page namespace+1. - if( $this->mId ) { - $sql = "SELECT 1 FROM watchlist - WHERE wl_user={$this->mId} AND - wl_namespace = " . ($title->getNamespace() & ~1) . " AND - wl_title='" . wfStrencode( $title->getDBkey() ) . "'"; - $res = wfQuery( $sql ); - return (wfNumRows( $res ) > 0); - } else { - return false; - } + function isWatched( $title ) { + $wl = WatchedItem::fromUserTitle( $this, $title ); + return $wl->isWatched(); } - - function addWatch( $title ) - { - if( $this->mId ) { - # REPLACE instead of INSERT because occasionally someone - # accidentally reloads a watch-add operation. - $sql = "REPLACE INTO watchlist (wl_user, wl_namespace,wl_title) - VALUES ({$this->mId}," . (($title->getNamespace() | 1) - 1) . - ",'" . wfStrencode( $title->getDBkey() ) . "')"; - wfQuery( $sql ); - $this->invalidateCache(); - } + + function addWatch( $title ) { + $wl = WatchedItem::fromUserTitle( $this, $title ); + $wl->addWatch(); + $this->invalidateCache(); } - - function removeWatch( $title ) - { - if( $this->mId ) { - $sql = "DELETE FROM watchlist WHERE wl_user={$this->mId} AND - wl_namespace=" . (($title->getNamespace() | 1) - 1) . - " AND wl_title='" . wfStrencode( $title->getDBkey() ) . "'"; - wfQuery( $sql ); - $this->invalidateCache(); - } + + function removeWatch( $title ) { + $wl = WatchedItem::fromUserTitle( $this, $title ); + $wl->removeWatch(); + $this->invalidateCache(); } @@ -444,55 +495,50 @@ class User { function setCookies() { - global $wsUserID, $wsUserName, $wsUserPassword; - global $wgCookieExpiration; + global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgDBname; if ( 0 == $this->mId ) return; $this->loadFromDatabase(); $exp = time() + $wgCookieExpiration; - $wsUserID = $this->mId; - setcookie( "wcUserID", $this->mId, $exp, "/" ); + $_SESSION['wsUserID'] = $this->mId; + setcookie( "{$wgDBname}UserID", $this->mId, $exp, $wgCookiePath, $wgCookieDomain ); - $wsUserName = $this->mName; - setcookie( "wcUserName", $this->mName, $exp, "/" ); + $_SESSION['wsUserName'] = $this->mName; + setcookie( "{$wgDBname}UserName", $this->mName, $exp, $wgCookiePath, $wgCookieDomain ); - $wsUserPassword = $this->mPassword; + $_SESSION['wsUserPassword'] = $this->mPassword; if ( 1 == $this->getOption( "rememberpassword" ) ) { - setcookie( "wcUserPassword", $this->mCookiePassword, $exp, "/" ); + setcookie( "{$wgDBname}Password", $this->mCookiePassword, $exp, $wgCookiePath, $wgCookieDomain ); } else { - setcookie( "wcUserPassword", "", time() - 3600 ); + setcookie( "{$wgDBname}Password", "", time() - 3600 ); } } function logout() { - global $wsUserID; + global $wgCookiePath, $wgCookieDomain, $wgDBname; $this->mId = 0; - $wsUserID = 0; + $_SESSION['wsUserID'] = 0; - setcookie( "wcUserID", "", time() - 3600 ); - setcookie( "wcUserPassword", "", time() - 3600 ); + setcookie( "{$wgDBname}UserID", "", time() - 3600, $wgCookiePath, $wgCookieDomain ); + setcookie( "{$wgDBname}Password", "", time() - 3600, $wgCookiePath, $wgCookieDomain ); } function saveSettings() { - global $wgUser; - - if(!$this->mNewtalk) { + global $wgMemc, $wgDBname; - if($this->mId) { + if ( ! $this->mNewtalk ) { + if( $this->mId ) { $sql="DELETE FROM user_newtalk WHERE user_id={$this->mId}"; - wfQuery ($sql,"User::saveSettings"); + wfQuery ($sql, DB_WRITE, "User::saveSettings"); } else { - - $sql="DELETE FROM user_newtalk WHERE user_ip='{$this->mName}'"; - wfQuery ($sql,"User::saveSettings"); - + wfQuery ($sql, DB_WRITE, "User::saveSettings"); + $wgMemc->delete( "$wgDBname:newtalk:ip:{$this->mName}" ); } } - if ( 0 == $this->mId ) { return; } $sql = "UPDATE user SET " . @@ -501,11 +547,11 @@ class User { "user_newpassword= '" . wfStrencode( $this->mNewpassword ) . "', " . "user_email= '" . wfStrencode( $this->mEmail ) . "', " . "user_options= '" . $this->encodeOptions() . "', " . - "user_rights= '" . wfStrencode( implode( ",", $this->mRights ) ) . "', " -. + "user_rights= '" . wfStrencode( implode( ",", $this->mRights ) ) . "', " . "user_touched= '" . wfStrencode( $this->mTouched ) . "' WHERE user_id={$this->mId}"; - wfQuery( $sql, "User::saveSettings" ); + wfQuery( $sql, DB_WRITE, "User::saveSettings" ); + $wgMemc->delete( "$wgDBname:user:id:$this->mId" ); } # Checks if a user with the given name exists @@ -518,7 +564,7 @@ class User { $sql = "SELECT user_id FROM user WHERE user_name='" . wfStrencode( $s ) . "'"; - $res = wfQuery( $sql, "User::idForName" ); + $res = wfQuery( $sql, DB_READ, "User::idForName" ); if ( 0 == wfNumRows( $res ) ) { return 0; } $s = wfFetchObject( $res ); @@ -539,9 +585,97 @@ class User { wfStrencode( $this->mEmail ) . "', '" . wfStrencode( implode( ",", $this->mRights ) ) . "', '" . $this->encodeOptions() . "')"; - wfQuery( $sql, "User::addToDatabase" ); + wfQuery( $sql, DB_WRITE, "User::addToDatabase" ); $this->mId = $this->idForName(); } + + function spreadBlock() + { + global $wgIP; + # If the (non-anonymous) user is blocked, this function will block any IP address + # that they successfully log on from. + $fname = "User::spreadBlock"; + + wfDebug( "User:spreadBlock()\n" ); + if ( $this->mId == 0 ) { + return; + } + + $userblock = Block::newFromDB( "", $this->mId ); + if ( !$userblock->isValid() ) { + return; + } + + # Check if this IP address is already blocked + $ipblock = Block::newFromDB( $wgIP ); + if ( $ipblock->isValid() ) { + # Just update the timestamp + $ipblock->updateTimestamp(); + return; + } + + # Make a new block object with the desired properties + wfDebug( "Autoblocking {$this->mUserName}@{$wgIP}\n" ); + $ipblock->mAddress = $wgIP; + $ipblock->mUser = 0; + $ipblock->mBy = $userblock->mBy; + $ipblock->mReason = wfMsg( "autoblocker", $this->getName(), $userblock->mReason ); + $ipblock->mTimestamp = wfTimestampNow(); + $ipblock->mAuto = 1; + $ipblock->mExpiry = Block::getAutoblockExpiry( $ipblock->mTimestamp ); + + # Insert it + $ipblock->insert(); + + } + + function getPageRenderingHash(){ + static $hash = false; + if( $hash ){ + return $hash; + } + + // stubthreshold is only included below for completeness, + // it will always be 0 when this function is called by parsercache. + + $confstr = $this->getOption( "quickbar" ); + $confstr .= "!" . $this->getOption( "underline" ); + $confstr .= "!" . $this->getOption( "hover" ); + $confstr .= "!" . $this->getOption( "skin" ); + $confstr .= "!" . $this->getOption( "math" ); + $confstr .= "!" . $this->getOption( "highlightbroken" ); + $confstr .= "!" . $this->getOption( "stubthreshold" ); + $confstr .= "!" . $this->getOption( "editsection" ); + $confstr .= "!" . $this->getOption( "editsectiononrightclick" ); + $confstr .= "!" . $this->getOption( "showtoc" ); + $confstr .= "!" . $this->getOption( "date" ); + + if(strlen($confstr) > 32) + $hash = md5($confstr); + else + $hash = $confstr; + return $hash; + } + + function isAllowedToCreateAccount() + { + global $wgWhitelistAccount; + $allowed = false; + + if (!$wgWhitelistAccount) { return 1; }; // default behaviour + foreach ($wgWhitelistAccount as $right => $ok) { + $userHasRight = (!strcmp($right, "user") || in_array($right, $this->getRights())); + $allowed |= ($ok && $userHasRight); + } + return $allowed; + } + + # Set mDataLoaded, return previous value + # Use this to prevent DB access in command-line scripts or similar situations + function setLoaded( $loaded ) + { + wfSetVar( $this->mDataLoaded, $loaded ); + } } ?>