MediaWiki  1.28.0
User Class Reference

The User object encapsulates all of the user-specific settings (user_id, name, rights, email address, options, last login time). More...

Inheritance diagram for User:
Collaboration diagram for User:

Public Member Functions

 __construct ()
 Lightweight constructor for an anonymous user. More...
 __toString ()
 addAutopromoteOnceGroups ($event)
 Add the user to the group if he/she meets given criteria. More...
 addGroup ($group)
 Add the user to the given group. More...
 addNewUserLogEntry ($action=false, $reason= '')
 Add a newuser log entry for this user. More...
 addNewUserLogEntryAutoCreate ()
 Add an autocreate newuser log entry for this user Used by things like CentralAuth and perhaps other authplugins. More...
 addToDatabase ()
 Add this existing user object to the database. More...
 addWatch ($title, $checkRights=self::CHECK_USER_RIGHTS)
 Watch an article. More...
 blockedBy ()
 If user is blocked, return the name of the user who placed the block. More...
 blockedFor ()
 If user is blocked, return the specified reason for the block. More...
 canReceiveEmail ()
 Is this user allowed to receive e-mails within limits of current site configuration? More...
 canSendEmail ()
 Is this user allowed to send e-mails within limits of current site configuration? More...
 changeableGroups ()
 Returns an array of groups that this user can add and remove. More...
 changeAuthenticationData (array $data)
 Changes credentials of the user. More...
 checkPassword ($password)
 Check to see if the given clear-text password is one of the accepted passwords. More...
 checkPasswordValidity ($password, $purpose= 'login')
 Check if this is a valid password for this user. More...
 checkTemporaryPassword ($plaintext)
 Check if the given clear-text password matches the temporary password sent by e-mail for password reset operations. More...
 clearAllNotifications ()
 Resets all of the given user's page-change notification timestamps. More...
 clearInstanceCache ($reloadFrom=false)
 Clear various cached data stored in this object. More...
 clearNotification (&$title, $oldid=0)
 Clear the user's notification timestamp for the given title. More...
 clearSharedCache ($mode= 'changed')
 Clear user data from memcached. More...
 confirmEmail ()
 Mark the e-mail address confirmed. More...
 doLogout ()
 Clear the user's session, and reset the instance cache. More...
 equals (User $user)
 Checks if two user objects point to the same user. More...
 getAutomaticGroups ($recache=false)
 Get the list of implicit group memberships this user has. More...
 getBlock ($bFromSlave=true)
 Get the block affecting the user, or null if the user is not blocked. More...
 getBlockId ()
 If user is blocked, return the ID for the block. More...
 getBoolOption ($oname)
 Get the user's current setting for a given option, as a boolean value. More...
 getDatePreference ()
 Get the user's preferred date format. More...
 getDBTouched ()
 Get the user_touched timestamp field (time of last DB updates) More...
 getEditCount ()
 Get the user's edit count. More...
 getEditToken ($salt= '', $request=null)
 Initialize (if necessary) and return a session token value which can be used in edit forms to show that the user's login credentials aren't being hijacked with a foreign form submission. More...
 getEditTokenObject ($salt= '', $request=null)
 Initialize (if necessary) and return a session token value which can be used in edit forms to show that the user's login credentials aren't being hijacked with a foreign form submission. More...
 getEffectiveGroups ($recache=false)
 Get the list of implicit group memberships this user has. More...
 getEmail ()
 Get the user's e-mail address. More...
 getEmailAuthenticationTimestamp ()
 Get the timestamp of the user's e-mail authentication. More...
 getFirstEditTimestamp ()
 Get the timestamp of the first edit. More...
 getFormerGroups ()
 Returns the groups the user has belonged to. More...
 getGlobalBlock ($ip= '')
 Check if user is blocked on all wikis. More...
 getGroups ()
 Get the list of explicit group memberships this user has. More...
 getId ()
 Get the user's ID. More...
 getInstanceForUpdate ()
 Get a new instance of this user that was loaded from the master via a locking read. More...
 getIntOption ($oname, $defaultOverride=0)
 Get the user's current setting for a given option, as an integer value. More...
 getName ()
 Get the user name, or the IP of an anonymous user. More...
 getNewMessageLinks ()
 Return the data needed to construct links for new talk page message alerts. More...
 getNewMessageRevisionId ()
 Get the revision ID for the last talk page revision viewed by the talk page owner. More...
 getNewtalk ()
 Check if the user has new messages. More...
 getOption ($oname, $defaultOverride=null, $ignoreHidden=false)
 Get the user's current setting for a given option. More...
 getOptionKinds (IContextSource $context, $options=null)
 Return an associative array mapping preferences keys to the kind of a preference they're used for. More...
 getOptions ($flags=0)
 Get all user's options. More...
 getPassword ()
 getPasswordValidity ($password)
 Given unvalidated password input, return error message on failure. More...
 getRealName ()
 Get the user's real name. More...
 getRegistration ()
 Get the timestamp of account creation. More...
 getRequest ()
 Get the WebRequest object to use with this object. More...
 getRights ()
 Get the permissions this user has. More...
 getStubThreshold ()
 Get the user preferred stub threshold. More...
 getTalkPage ()
 Get this user's talk page title. More...
 getTemporaryPassword ()
 getTitleKey ()
 Get the user's name escaped by underscores. More...
 getToken ($forceCreation=true)
 Get the user's current token. More...
 getTokenFromOption ($oname)
 Get a token stored in the preferences (like the watchlist one), resetting it if it's empty (and saving changes). More...
 getTouched ()
 Get the user touched timestamp. More...
 getUserPage ()
 Get this user's personal page title. More...
 idForName ($flags=0)
 If only this user's username is known, and it exists, return the user ID. More...
 incEditCount ()
 Deferred version of incEditCountImmediate() More...
 incEditCountImmediate ()
 Increment the user's edit-count field. More...
 inDnsBlacklist ($ip, $bases)
 Whether the given IP is in a given DNS blacklist. More...
 invalidateCache ()
 Immediately touch the user data cache for this account. More...
 invalidateEmail ()
 Invalidate the user's e-mail confirmation, and unauthenticate the e-mail address if it was already confirmed. More...
 isAllowed ($action= '')
 Internal mechanics of testing a permission. More...
 isAllowedAll ()
 isAllowedAny ()
 Check if user is allowed to access a feature / make an action. More...
 isAllowedToCreateAccount ()
 Get whether the user is allowed to create an account. More...
 isAnon ()
 Get whether the user is anonymous. More...
 isBlocked ($bFromSlave=true)
 Check if user is blocked. More...
 isBlockedFrom ($title, $bFromSlave=false)
 Check if user is blocked from editing a particular article. More...
 isBlockedFromCreateAccount ()
 Get whether the user is explicitly blocked from account creation. More...
 isBlockedFromEmailuser ()
 Get whether the user is blocked from using Special:Emailuser. More...
 isBlockedGlobally ($ip= '')
 Check if user is blocked on all wikis. More...
 isBot ()
 isDnsBlacklisted ($ip, $checkWhitelist=false)
 Whether the given IP is in a DNS blacklist. More...
 isEmailConfirmationPending ()
 Check whether there is an outstanding request for e-mail confirmation. More...
 isEmailConfirmed ()
 Is this user's e-mail address valid-looking and confirmed within limits of the current site configuration? More...
 isHidden ()
 Check if user account is hidden. More...
 isItemLoaded ($item, $all= 'all')
 Return whether an item has been loaded. More...
 isLocked ()
 Check if user account is locked. More...
 isLoggedIn ()
 Get whether the user is logged in. More...
 isNewbie ()
 Determine whether the user is a newbie. More...
 isPasswordReminderThrottled ()
 Has password reminder email been sent within the last $wgPasswordReminderResendTime hours? More...
 isPingLimitable ()
 Is this user subject to rate limiting? More...
 isSafeToLoad ()
 Test if it's safe to load this User object. More...
 isValidPassword ($password)
 Is the input a valid password for this user? More...
 isWatched ($title, $checkRights=self::CHECK_USER_RIGHTS)
 Check the watched status of an article. More...
 load ($flags=self::READ_NORMAL)
 Load the user table data for this object from the source given by mFrom. More...
 loadDefaults ($name=false)
 Set cached properties to default. More...
 loadFromDatabase ($flags=self::READ_LATEST)
 Load user and user_group data from the database. More...
 loadFromId ($flags=self::READ_NORMAL)
 Load user table data, given mId has already been set. More...
 logout ()
 Log this user out. More...
 matchEditToken ($val, $salt= '', $request=null, $maxage=null)
 Check given value against the token value stored in the session. More...
 matchEditTokenNoSuffix ($val, $salt= '', $request=null, $maxage=null)
 Check given value against the token value stored in the session, ignoring the suffix. More...
 pingLimiter ($action= 'edit', $incrBy=1)
 Primitive rate limits: enforce maximum actions per time period to put a brake on flooding. More...
 removeGroup ($group)
 Remove the user from the given group. More...
 removeWatch ($title, $checkRights=self::CHECK_USER_RIGHTS)
 Stop watching an article. More...
 requiresHTTPS ()
 Determine based on the wiki configuration and the user's options, whether this user must be over HTTPS no matter what. More...
 resetOptions ($resetKinds=[ 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused'], IContextSource $context=null)
 Reset certain (or all) options to the site defaults. More...
 resetTokenFromOption ($oname)
 Reset a token stored in the preferences (like the watchlist one). More...
 saveSettings ()
 Save this user's settings into the database. More...
 sendConfirmationMail ($type= 'created')
 Generate a new e-mail confirmation token and send a confirmation/invalidation mail to the user's given address. More...
 sendMail ($subject, $body, $from=null, $replyto=null)
 Send an e-mail to this user's account. More...
 setCookies ($request=null, $secure=null, $rememberMe=false)
 Persist this user's session (e.g. More...
 setEmail ($str)
 Set the user's e-mail address. More...
 setEmailAuthenticationTimestamp ($timestamp)
 Set the e-mail authentication timestamp. More...
 setEmailWithConfirmation ($str)
 Set the user's e-mail address and a confirmation mail if needed. More...
 setId ($v)
 Set the user and reload all fields according to a given ID. More...
 setInternalPassword ($str)
 Set the password and reset the random token unconditionally. More...
 setName ($str)
 Set the user name. More...
 setNewpassword ($str, $throttle=true)
 Set the password for a password reminder or new account email. More...
 setNewtalk ($val, $curRev=null)
 Update the 'You have new messages!' status. More...
 setOption ($oname, $val)
 Set the given option for a user. More...
 setPassword ($str)
 Set the password and reset the random token. More...
 setRealName ($str)
 Set the user's real name. More...
 setToken ($token=false)
 Set the random token (used for persistent authentication) Called from loadDefaults() among other places. More...
 spreadAnyEditBlock ()
 If this user is logged-in and blocked, block any IP address they've successfully logged in from. More...
 touch ()
 Update the "touched" timestamp for the user. More...
 useFilePatrol ()
 Check whether to enable new files patrol features for this user. More...
 useNPPatrol ()
 Check whether to enable new pages patrol features for this user. More...
 useRCPatrol ()
 Check whether to enable recent changes patrol features for this user. More...
 validateCache ($timestamp)
 Validate the cache for this account. More...

Static Public Member Functions

static changeableByGroup ($group)
 Returns an array of the groups that a particular group can add/remove. More...
static comparePasswords ($hash, $password, $userId=false)
 Compare a password hash with a plain-text password. More...
static createNew ($name, $params=[])
 Add a user to the database, return the user object. More...
static crypt ($password, $salt=false)
 Make a new-style password hash. More...
static edits ($uid)
 Count the number of edits of a user. More...
static findUsersByGroup ($groups, $limit=5000, $after=null)
 Return the users who are members of the given group(s). More...
static getAllGroups ()
 Return the set of defined explicit groups. More...
static getAllRights ()
 Get a list of all available permissions. More...
static getCanonicalName ($name, $validate= 'valid')
 Given unvalidated user input, return a canonical username, or false if the username is invalid. More...
static getDefaultOption ($opt)
 Get a given default option value. More...
static getDefaultOptions ()
 Combine the language default options with any site-specific options and add the default language variants. More...
static getEditTokenTimestamp ($val)
 Get the embedded timestamp from a token. More...
static getGroupMember ($group, $username= '#')
 Get the localized descriptive name for a member of a group, if it exists. More...
static getGroupName ($group)
 Get the localized descriptive name for a group, if it exists. More...
static getGroupPage ($group)
 Get the title of a page describing a particular group. More...
static getGroupPermissions ($groups)
 Get the permissions associated with a given list of groups. More...
static getGroupsWithPermission ($role)
 Get all the groups who have a given permission. More...
static getImplicitGroups ()
 Get a list of implicit groups. More...
static getPasswordFactory ()
 Lazily instantiate and return a factory object for making passwords. More...
static getRightDescription ($right)
 Get the description of a given right. More...
static groupHasPermission ($group, $role)
 Check, if the given group has the given permission. More...
static idFromName ($name, $flags=self::READ_NORMAL)
 Get database id given a user name. More...
static isCreatableName ($name)
 Usernames which fail to pass this function will be blocked from new account registrations, but may be used internally either by batch processes or by user accounts which have already been created. More...
static isEveryoneAllowed ($right)
 Check if all users may be assumed to have the given permission. More...
static isIP ($name)
 Does the string match an anonymous IP address? More...
static isLocallyBlockedProxy ($ip)
 Check if an IP address is in the local proxy list. More...
static isUsableName ($name)
 Usernames which fail to pass this function will be blocked from user login and new account registrations, but may be used internally by batch processes. More...
static isValidUserName ($name)
 Is the input a valid username? More...
static listOptionKinds ()
 Return a list of the types of user options currently returned by User::getOptionKinds(). More...
static makeGroupLinkHTML ($group, $text= '')
 Create a link to the group in HTML, if available; else return the group name. More...
static makeGroupLinkWiki ($group, $text= '')
 Create a link to the group in Wikitext, if available; else return the group name. More...
static newFatalPermissionDeniedStatus ($permission)
 Factory function for fatal permission-denied errors. More...
static passwordChangeInputAttribs ()
 Provide an array of HTML5 attributes to put on an input element intended for the user to enter a new password. More...
static purge ($wikiId, $userId)
static randomPassword ()
 Return a random password. More...
static resetIdByNameCache ()
 Reset the cache used in idFromName(). More...
static selectFields ()
 Return the list of user fields that should be selected to create a new user object. More...
static whoIs ($id)
 Get the username corresponding to a given user ID. More...
static whoIsReal ($id)
 Get the real name of a user given their user ID. More...
newFrom*() static factory methods
static newFromName ($name, $validate= 'valid')
 Static factory method for creation from username. More...
static newFromId ($id)
 Static factory method for creation from a given user ID. More...
static newFromConfirmationCode ($code, $flags=0)
 Factory method to fetch whichever user has a given email confirmation code. More...
static newFromSession (WebRequest $request=null)
 Create a new user object using data from session. More...
static newFromRow ($row, $data=null)
 Create a new user object from a user row. More...
static newSystemUser ($name, $options=[])
 Static factory method for creation of a "system" user from username. More...

Public Attributes

Block $mBlock
string $mBlockedby
 String Initialization data source if mLoadedItems!==true. More...
bool $mHideName
array $mOptions
array $mRights
const CHECK_USER_RIGHTS = true
 Global constant made accessible as class constants so that autoloader magic can be used. More...
 Exclude user options that are set to their default value. More...
const IGNORE_USER_RIGHTS = false
const INVALID_TOKEN = '*** INVALID ***'
 string An invalid value for user_token More...
const TOKEN_LENGTH = 32
 int Number of characters in user_token field. More...
const VERSION = 10
 int Serialized record version. More...
- Public Attributes inherited from IDBAccessObject
const READ_LOCKING = 3
 Constants for object loading bitfield flags (higher => higher QoS) More...
const READ_NONE = -1

Static Public Attributes

static $idCacheByName = []

Protected Member Functions

 checkAndSetTouched ()
 Bump user_touched if it didn't change since this object was loaded. More...
 checkNewtalk ($field, $id)
 Internal uncached check for new messages. More...
 clearCookie ($name, $secure=null, $params=[])
 Clear a cookie on the user's client. More...
 confirmationToken (&$expiration)
 Generate, store, and return a new e-mail confirmation code. More...
 confirmationTokenUrl ($token)
 Return a URL the user can use to confirm their email address. More...
 deleteNewtalk ($field, $id)
 Clear the new messages flag for the given user. More...
 getCacheKey (WANObjectCache $cache)
 getTokenUrl ($page, $token)
 Internal function to format the e-mail validation/invalidation URLs. More...
 initEditCount ($add=0)
 Initialize user_editcount from data out of the revision table. More...
 invalidationTokenUrl ($token)
 Return a URL the user can use to invalidate their email address. More...
 loadFromCache ()
 Load user data from shared cache, given mId has already been set. More...
 loadFromRow ($row, $data=null)
 Initialize this object from a row from the user table. More...
 loadFromUserObject ($user)
 Load the data for this user object from another user object. More...
 loadOptions ($data=null)
 Load the user options either from cache, the database or an array. More...
 makeUpdateConditions (Database $db, array $conditions)
 Builds update conditions. More...
 saveOptions ()
 Saves the non-default options for this user, as previously set e.g. More...
 setCookie ($name, $value, $exp=0, $secure=null, $params=[], $request=null)
 Set a cookie on the user's client. More...
 setExtendedLoginCookie ($name, $value, $secure)
 Set an extended login cookie on the user's client. More...
 setItemLoaded ($item)
 Set that an item has been loaded. More...
 spreadBlock ()
 If this (non-anonymous) user is blocked, block the IP address they've successfully logged in from. More...
 updateNewtalk ($field, $id, $curRev=null)
 Add or update the new messages flag. More...

Protected Attributes

bool $mAllowUsertalk
string $mBlockreason
string $mDatePreference
array $mEffectiveGroups
array $mFormerGroups
Block $mGlobalBlock
string $mHash
array $mImplicitGroups
bool $mLocked
 Lazy-initialized variables, invalidated with clearInstanceCache. More...
integer $queryFlagsUsed = self::READ_NORMAL
 User::READ_* constant bitfield used to load data. More...

Static Protected Attributes

static $mAllRights = false
 String Cached results of getAllRights() More...
static $mCacheVars
 Array of Strings List of member variables which are saved to the shared cache (memcached). More...
static $mCoreRights
 Array of Strings Core rights. More...

Private Member Functions

 getBlockedStatus ($bFromSlave=true)
 Get blocking information. More...
 loadFromSession ()
 Load user data from the session. More...
 loadGroups ()
 Load the groups from the database if they aren't already loaded. More...
 newTouchedTimestamp ()
 Generate a current or new-future timestamp to be stored in the user_touched field when we update things. More...
 setPasswordInternal ($str)
 Actually set the password and such. More...

Private Attributes

Block $mBlockedFromCreateAccount = false
WebRequest $mRequest
int $mId
 Cache variables. More...
string $mName
 Cache variables. More...
string $mRealName
 Cache variables. More...
string $mEmail
 Cache variables. More...
string $mTouched
 TS_MW timestamp from the DB. More...
string $mEmailAuthenticated
 Cache variables. More...
array $mGroups
 Cache variables. More...
string $mQuickTouched
 TS_MW timestamp from cache. More...
string $mToken
 Cache variables. More...
string $mEmailToken
 Cache variables. More...
string $mEmailTokenExpires
 Cache variables. More...
string $mRegistration
 Cache variables. More...
int $mEditCount
 Cache variables. More...
array $mOptionOverrides
 Cache variables. More...
 Bool Whether the cache variables have been loaded. More...
 $mLoadedItems = []
 Array with already loaded items or true if all items have been loaded. More...

Detailed Description

The User object encapsulates all of the user-specific settings (user_id, name, rights, email address, options, last login time).

Client classes use the getXXX() functions to access these fields. These functions do all the work of determining whether the user is logged in, whether the requested option can be satisfied from cookies or whether a database query is needed. Most of the settings needed for rendering normal pages are set in the cookie to minimize use of the database.

Definition at line 48 of file User.php.

Constructor & Destructor Documentation

User::__construct ( )

Lightweight constructor for an anonymous user.

Use the User::newFrom* factory functions for other kinds of users.

See also

Definition at line 316 of file User.php.

References clearInstanceCache().

Member Function Documentation

User::__toString ( )

Definition at line 323 of file User.php.

References getName().

User::addAutopromoteOnceGroups (   $event)

Add the user to the group if he/she meets given criteria.

Contrary to autopromotion by \ref $wgAutopromote, the group will be possible to remove manually via Special:UserRights. In such case it will not be re-added automatically. The user will also not lose the group if they no longer meet the criteria.

string$eventKey in $wgAutopromoteOnce (each one has groups/criteria)
array Array of groups the user has been promoted to.
See also

Definition at line 1392 of file User.php.

References addGroup(), as, checkAndSetTouched(), Autopromote\getAutopromoteOnceGroups(), getGroups(), getId(), getUserPage(), global, Hooks\run(), and wfReadOnly().

User::addGroup (   $group)

Add the user to the given group.

This takes immediate effect.

string$groupName of the group to add

Definition at line 3300 of file User.php.

References DB_MASTER, getEffectiveGroups(), getId(), invalidateCache(), load(), loadGroups(), Hooks\run(), and wfGetDB().

Referenced by addAutopromoteOnceGroups(), and UserTest\testUserGetRightsHooks().

User::addNewUserLogEntry (   $action = false,
  $reason = '' 

Add a newuser log entry for this user.

Before 1.19 the return value was always true.

since 1.27, AuthManager handles logging
string | bool$actionAccount creation type.
  • String, one of the following values:
    • 'create' for an anonymous user creating an account for himself. This will force the action's performer to be the created user itself, no matter the value of $wgUser
    • 'create2' for a logged in user creating an account for someone else
    • 'byemail' when the created user will receive its password by e-mail
    • 'autocreate' when the user is automatically created (such as by CentralAuth).
  • Boolean means whether the account was created by e-mail (deprecated):
    • true will be converted to 'byemail'
    • false will be converted to 'create' if this object is the same as $wgUser and to 'create2' otherwise
string$reasonUser supplied reason
bool true

Definition at line 5099 of file User.php.

Referenced by addNewUserLogEntryAutoCreate().

User::addNewUserLogEntryAutoCreate ( )

Add an autocreate newuser log entry for this user Used by things like CentralAuth and perhaps other authplugins.

Consider calling addNewUserLogEntry() directly instead.

since 1.27, AuthManager handles logging

Definition at line 5111 of file User.php.

References addNewUserLogEntry().

User::addToDatabase ( )

Add this existing user object to the database.

If the user already exists, a fatal status object is returned, and the user object is initialised with the data from the database.

Previously, this function generated a DB error due to a key conflict if the user already existed. Many extension callers use this function in code along the lines of:

$user = User::newFromName( $name ); if ( !$user->isLoggedIn() ) { $user->addToDatabase(); } // do something with $user...

However, this was vulnerable to a race condition (bug 16020). By initialising the user object if the user exists, we aim to support this calling sequence as far as possible.

Note that if the user exists, this function will acquire a write lock, so it is still advisable to make the call conditional on isLoggedIn(), and to commit the transaction after calling.


Definition at line 4015 of file User.php.

References $mId, $mName, $mRealName, clearInstanceCache(), DB_MASTER, load(), loadFromDatabase(), StatusValue\newFatal(), StatusValue\newGood(), PasswordFactory\newInvalidPassword(), newTouchedTimestamp(), saveOptions(), setToken(), and wfGetDB().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser().

User::addWatch (   $title,
  $checkRights = self::CHECK_USER_RIGHTS 

Watch an article.

1.22 $checkRights parameter added
Title$titleTitle of the article to look at
bool$checkRightsWhether to check 'viewmywatchlist'/'editmywatchlist' rights. Pass User::CHECK_USER_RIGHTS or User::IGNORE_USER_RIGHTS.

Definition at line 3521 of file User.php.

References $title, invalidateCache(), and isAllowed().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), and WatchAction\doWatch().

User::blockedBy ( )

If user is blocked, return the name of the user who placed the block.

string Name of blocker

Definition at line 1977 of file User.php.

References $mBlockedby, and getBlockedStatus().

Referenced by SpecialBlock\checkUnblockSelf().

User::blockedFor ( )

If user is blocked, return the specified reason for the block.

string Blocking reason

Definition at line 1986 of file User.php.

References $mBlockreason, and getBlockedStatus().

User::canReceiveEmail ( )

Is this user allowed to receive e-mails within limits of current site configuration?


Definition at line 4486 of file User.php.

References getOption(), and isEmailConfirmed().

User::canSendEmail ( )

Is this user allowed to send e-mails within limits of current site configuration?


Definition at line 4471 of file User.php.

References $wgEnableEmail, $wgEnableUserEmail, global, isAllowed(), isEmailConfirmed(), and Hooks\run().

static User::changeableByGroup (   $group)

Returns an array of the groups that a particular group can add/remove.

string$groupThe group to check for whether it can add/remove
array Array( 'add' => array( addablegroups ), 'remove' => array( removablegroups ), 'add-self' => array( addablegroups to self), 'remove-self' => array( removable groups from self) )

Definition at line 4823 of file User.php.

References $value, as, getAllGroups(), and global.

Referenced by changeableGroups().

User::changeableGroups ( )

Returns an array of groups that this user can add and remove.

array Array( 'add' => array( addablegroups ), 'remove' => array( removablegroups ), 'add-self' => array( addablegroups to self), 'remove-self' => array( removable groups from self) )

Definition at line 4896 of file User.php.

References as, changeableByGroup(), getAllGroups(), getEffectiveGroups(), and isAllowed().

User::changeAuthenticationData ( array  $data)

Changes credentials of the user.

This is a convenience wrapper around AuthManager::changeAuthenticationData. Note that this can return a status that isOK() but not isGood() on certain types of failures, e.g. when no provider handled the change.

array$dataA set of authentication data in fieldname => value format. This is the same data you would pass the changeauthenticationdata API - 'username', 'password' etc.

Definition at line 2544 of file User.php.

References $req, $status, as, StatusValue\newGood(), and true.

Referenced by setPasswordInternal().

User::checkAndSetTouched ( )

Bump user_touched if it didn't change since this object was loaded.

On success, the mTouched field is updated. The user serialization cache is always cleared.

bool Whether user_touched was actually updated

Definition at line 1460 of file User.php.

References $success, clearSharedCache(), DB_MASTER, load(), makeUpdateConditions(), newTouchedTimestamp(), and wfGetDB().

Referenced by addAutopromoteOnceGroups(), and UserTest\testCheckAndSetTouched().

User::checkNewtalk (   $field,

Internal uncached check for new messages.

See also
string$field'user_ip' for anonymous users, 'user_id' otherwise
string | int$idUser's IP address for anonymous users, User ID otherwise
bool True if the user has new messages

Definition at line 2240 of file User.php.

References $dbr, DB_REPLICA, and wfGetDB().

Referenced by getNewtalk().

User::checkPassword (   $password)

Check to see if the given clear-text password is one of the accepted passwords.

since 1.27, use AuthManager instead
string$passwordUser password
bool True if the given password is correct, otherwise False

Definition at line 4180 of file User.php.

References $res, MediaWiki\Logger\LoggerFactory\getInstance(), and getName().

Referenced by checkTemporaryPassword().

User::checkPasswordValidity (   $password,
  $purpose = 'login' 

Check if this is a valid password for this user.

Create a Status object based on the password's validity. The Status should be set to fatal if the user should not be allowed to log in, and should have any errors that would block changing the password.

If the return value of this is not OK, the password should not be checked. If the return value is not Good, the password can be checked, but the user should not be able to set their password to this.

string$passwordDesired password
string$purposeone of 'login', 'create', 'reset'

Definition at line 1006 of file User.php.

References $status, global, StatusValue\newGood(), and Hooks\run().

Referenced by getPasswordValidity(), and UserTest\testCheckPasswordValidity().

User::checkTemporaryPassword (   $plaintext)

Check if the given clear-text password matches the temporary password sent by e-mail for password reset operations.

since 1.27, use AuthManager instead
bool True if matches, false otherwise

Definition at line 4213 of file User.php.

References checkPassword().

User::clearAllNotifications ( )

Resets all of the given user's page-change notification timestamps.

If e-notif e-mails are on, they will receive notification mails on the next change of any watched page.

If the user doesn't have 'editmywatchlist', this will do nothing.

Definition at line 3621 of file User.php.

References $lbFactory, $wgUseEnotif, DeferredUpdates\addUpdate(), as, DB_MASTER, getId(), global, isAllowed(), setNewtalk(), use, wfGetDB(), and wfReadOnly().

User::clearCookie (   $name,
  $secure = null,
  $params = [] 

Clear a cookie on the user's client.

since 1.27
string$nameName of the cookie to clear
bool$securetrue: Force setting the secure attribute when setting the cookie false: Force NOT setting the secure attribute when setting the cookie null (default): Use the default ($wgCookieSecure) to set the secure attribute
array$paramsArray of options sent passed to WebResponse::setcookie()

Definition at line 3724 of file User.php.

References $name, $params, setCookie(), and wfDeprecated().

User::clearInstanceCache (   $reloadFrom = false)

Clear various cached data stored in this object.

The cache of the user table data (i.e. self::$mCacheVars) is not cleared unless $reloadFrom is given.

bool | string$reloadFromReload user and user_groups table data from a given source. May be "name", "id", "defaults", "session", or false for no reload.

Definition at line 1498 of file User.php.

Referenced by __construct(), addToDatabase(), doLogout(), and setId().

User::clearNotification ( $title,
  $oldid = 0 

Clear the user's notification timestamp for the given title.

If e-notif e-mails are on, they will receive notification mails on the next change of the page if it's watched etc.

If the user doesn't have 'editmywatchlist', this will do nothing.
Title$titleTitle of the article to look at
int$oldidThe revision id being viewed. If not given or 0, latest revision is assumed.

Definition at line 3555 of file User.php.

References $title, $wgUseEnotif, DeferredUpdates\addCallableUpdate(), Title\GAID_FOR_UPDATE, getName(), getNewtalk(), global, isAllowed(), isAnon(), Revision\newFromId(), NS_USER_TALK, Hooks\run(), setNewtalk(), use, and wfReadOnly().

Referenced by WikiPage\doViewUpdates().

User::clearSharedCache (   $mode = 'changed')

Clear user data from memcached.

Use after applying updates to the database; caller's responsibility to update user_touched if appropriate.

Called implicitly from invalidateCache() and saveSettings().

string$modeUse 'refresh' to clear now; otherwise before DB commit

Definition at line 2353 of file User.php.

References $cache, DB_MASTER, getCacheKey(), getId(), ObjectCache\getMainWANInstance(), use, and wfGetDB().

Referenced by checkAndSetTouched(), invalidateCache(), and saveSettings().

static User::comparePasswords (   $hash,
  $userId = false 

Compare a password hash with a plain-text password.

Requires the user ID if there's a chance that the hash is an old-style hash.

string$hashPassword hash
string$passwordPlain-text password to compare
string | bool$userIdUser ID for old-style password salt
since 1.24, use Password class

Definition at line 5059 of file User.php.

References RequestContext\getMain(), global, and wfDeprecated().

User::confirmationToken ( $expiration)

Generate, store, and return a new e-mail confirmation code.

A hash (unsalted, since it's used as a key) is stored.

Call saveSettings() after calling this function to commit this change to the database.
string&$expirationAccepts the expiration time
string New token

Definition at line 4371 of file User.php.

References $wgUserEmailConfirmationTokenExpiry, MWCryptRand\generateHex(), global, load(), TS_MW, and wfTimestamp().

Referenced by sendConfirmationMail().

User::confirmationTokenUrl (   $token)

Return a URL the user can use to confirm their email address.

string$tokenAccepts the email confirmation token
string New token URL

Definition at line 4389 of file User.php.

References getTokenUrl().

Referenced by sendConfirmationMail().

User::confirmEmail ( )

Mark the e-mail address confirmed.

Call saveSettings() after calling this function to commit the change.

Definition at line 4429 of file User.php.

References isEmailConfirmed(), Hooks\run(), setEmailAuthenticationTimestamp(), and wfTimestampNow().

static User::createNew (   $name,
  $params = [] 

Add a user to the database, return the user object.

string$nameUsername to add
array$paramsArray of Strings Non-default parameters to save to the database as user_* fields:
  • email: The user's email address.
  • email_authenticated: The email authentication timestamp.
  • real_name: The user's real name.
  • options: An associative array of non-default options.
  • token: Random authentication token. Do not set.
  • registration: Registration timestamp. Do not set.
User|null User object, or null if the username already exists.

Definition at line 3944 of file User.php.

References $name, $params, $user, $value, array(), as, DB_MASTER, newFromId(), PasswordFactory\newInvalidPassword(), User, wfDeprecated(), and wfGetDB().

Referenced by UserWrapper\__construct(), TestUser\__construct(), TitlePermissionTest\setUp(), ParserTestRunner\setupUploads(), and RevisionStorageTest\testUserWasLastToEdit().

static User::crypt (   $password,
  $salt = false 

Make a new-style password hash.

string$passwordPlain-text password
bool | string$saltOptional salt, may be random or the user ID. If unspecified or false, will generate one automatically
string Password hash
since 1.24, use Password class

Definition at line 5040 of file User.php.

References RequestContext\getMain(), and wfDeprecated().

User::deleteNewtalk (   $field,

Clear the new messages flag for the given user.

string$field'user_ip' for anonymous users, 'user_id' otherwise
string | int$idUser's IP address for anonymous users, User ID otherwise
bool True if successful, false otherwise

Definition at line 2280 of file User.php.

References DB_MASTER, wfDebug(), and wfGetDB().

Referenced by setNewtalk().

User::doLogout ( )

Clear the user's session, and reset the instance cache.

See also

Definition at line 3811 of file User.php.

References clearInstanceCache(), MediaWiki\Logger\LoggerFactory\getInstance(), and getRequest().

Referenced by logout().

static User::edits (   $uid)

Count the number of edits of a user.

int$uidUser ID to check
int The user's edit count
since 1.21 in favour of User::getEditCount

Definition at line 1105 of file User.php.

References $user, and wfDeprecated().

User::equals ( User  $user)

Checks if two user objects point to the same user.


Definition at line 5392 of file User.php.

References getName().

Referenced by UserTest\testFindUsersByGroup().

static User::findUsersByGroup (   $groups,
  $limit = 5000,
  $after = null 

Return the users who are members of the given group(s).

In case of multiple groups, users who are members of at least one of them are returned.

string | array$groupsA single group name or an array of group names
int$limitMax number of users to return. The actual limit will never exceed 5000 records; larger values are ignored.
int$afterID the user to start after

Definition at line 888 of file User.php.

References $dbr, $limit, array(), DB_REPLICA, UserArray\newFromIDs(), and wfGetDB().

Referenced by UserTest\testFindUsersByGroup().

static User::getAllGroups ( )

Return the set of defined explicit groups.

The implicit groups (by default *, 'user' and 'autoconfirmed') are not included, as they are defined automatically, not in the database.

array Array of internal group names

Definition at line 4717 of file User.php.

References global.

Referenced by UsersPager\__construct(), ApiQuerySiteinfo\appendUserGroups(), changeableByGroup(), changeableGroups(), CreateAndPromote\execute(), SpecialListGroupRights\formatPermissions(), ApiUserrights\getAllGroups(), UsersPager\getAllGroups(), UserrightsPage\getAllGroups(), ApiQueryContributors\getAllowedParams(), ApiQueryAllUsers\getAllowedParams(), and SpecialListUsers\getSubpagesForPrefixSearch().

static User::getAllRights ( )

Get a list of all available permissions.

string[] Array of permission names

Definition at line 4729 of file User.php.

References global, and Hooks\run().

Referenced by ApiQueryContributors\getAllowedParams(), ApiQueryAllUsers\getAllowedParams(), AvailableRightsTest\getAllVisibleRights(), UserTest\testAllRightsWithMessage(), and AvailableRightsTest\testAvailableRights().

User::getAutomaticGroups (   $recache = false)

Get the list of implicit group memberships this user has.

This includes 'user' if logged in, '*' for all accounts, and autopromoted groups

bool$recacheWhether to avoid the cache
array Array of String internal group names

Definition at line 3217 of file User.php.

References $mImplicitGroups, Autopromote\getAutopromoteGroups(), and getId().

Referenced by getEffectiveGroups().

User::getBlock (   $bFromSlave = true)

Get the block affecting the user, or null if the user is not blocked.

bool$bFromSlaveWhether to check the replica DB instead of the master

Definition at line 1944 of file User.php.

References getBlockedStatus().

Referenced by Action\checkCanExecute(), FormSpecialPage\checkExecutePermissions(), and isBlocked().

User::getBlockedStatus (   $bFromSlave = true)

Get blocking information.

bool$bFromSlaveWhether to check the replica DB first. To improve performance, non-critical checks are done against replica DBs. Check when actually saving should be done against master.

Definition at line 1578 of file User.php.

References $wgUser, Block\chooseBlock(), Block\getBlocksForIPList(), getName(), getRequest(), global, isAllowed(), isAnon(), isDnsBlacklisted(), load(), Block\newFromTarget(), Hooks\run(), IP\sanitizeIP(), Block\setBlocker(), text, wfDebug(), and wfMessage().

Referenced by blockedBy(), blockedFor(), getBlock(), getBlockId(), isBlockedFromCreateAccount(), isBlockedFromEmailuser(), and isHidden().

User::getBlockId ( )

If user is blocked, return the ID for the block.

int Block ID

Definition at line 1995 of file User.php.

References false, and getBlockedStatus().

User::getBoolOption (   $oname)

Get the user's current setting for a given option, as a boolean value.

string$onameThe option to check
bool User's current value for the option
See also

Definition at line 2825 of file User.php.

References getOption().

Referenced by requiresHTTPS().

User::getCacheKey ( WANObjectCache  $cache)

Definition at line 462 of file User.php.

References WANObjectCache\makeGlobalKey(), and wfWikiID().

Referenced by clearSharedCache(), and loadFromCache().

static User::getCanonicalName (   $name,
  $validate = 'valid' 

Given unvalidated user input, return a canonical username, or false if the username is invalid.

string$nameUser input
string | bool$validateType of validation to use:
  • false No validation
  • 'valid' Valid for batch processes
  • 'usable' Valid for batch processes and login
  • 'creatable' Valid for batch processes, login and account creation

Definition at line 1046 of file User.php.

References $name, $t, $wgContLang, false, global, isCreatableName(), isUsableName(), isValidUserName(), Title\makeTitle(), Title\newFromText(), and NS_USER.

Referenced by MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\beginPrimaryAccountCreation(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\beginPrimaryAuthentication(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\beginPrimaryAuthentication(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\beginPrimaryAuthentication(), LoginForm\clearLoginThrottle(), ApiQueryContributions\execute(), RollbackEdits\execute(), UserrightsPage\execute(), ApiQueryUsers\execute(), UserrightsPage\fetchUser(), ApiRollback\getRbUser(), LoginForm\incrementLoginThrottle(), ApiQueryBlocks\prepareUsername(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\providerAllowsAuthenticationDataChange(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\providerAllowsAuthenticationDataChange(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\providerAllowsAuthenticationDataChange(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\providerChangeAuthenticationData(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\providerChangeAuthenticationData(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\providerChangeAuthenticationData(), MediaWiki\Auth\AbstractPrimaryAuthenticationProvider\providerNormalizeUsername(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\providerRevokeAccessForUser(), WebInstallerName\submit(), MediaWiki\Session\CookieSessionProvider\suggestLoginUsername(), UserTest\testGetCanonicalName(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\testUserCanAuthenticate(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\testUserCanAuthenticate(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\testUserCanAuthenticate(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\testUserExists(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\testUserExists(), and MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\testUserExists().

User::getDatePreference ( )

Get the user's preferred date format.

string User's preferred date format

Definition at line 3088 of file User.php.

References $mDatePreference, $value, $wgLang, getOption(), and global.

Referenced by Language\getHumanTimestampInternal(), and Language\internalUserTimeAndDate().

User::getDBTouched ( )

Get the user_touched timestamp field (time of last DB updates)

string TS_MW Timestamp

Definition at line 2442 of file User.php.

References $mTouched, and load().

Referenced by UserTest\testCheckAndSetTouched().

static User::getDefaultOption (   $opt)

Get a given default option value.

string$optName of option to retrieve
string Default option value

Definition at line 1563 of file User.php.

Referenced by ConvertUserOptions\convertOptionBatch(), Language\dateFormat(), CoreParserFunctions\gender(), GenderCache\getDefault(), ImagePage\getImageLimitsFromOption(), and Linker\makeImageLink().

static User::getDefaultOptions ( )

Combine the language default options with any site-specific options and add the default language variants.

array Array of String options

Definition at line 1523 of file User.php.

References LanguageConverter\$languagesWithVariants, $wgContLang, $wgDefaultSkin, $wgDefaultUserOptions, as, boolean(), global, Skin\normalizeKey(), and Hooks\run().

Referenced by ApiQuerySiteinfo\appendDefaultOptions(), UserOptions\getDefaultOptionsNames(), ResourceLoaderUserDefaultsModule\getScript(), UserOptions\LISTER(), Preferences\loadPreferenceValues(), and UserOptions\USAGER().

User::getEditToken (   $salt = '',
  $request = null 

Initialize (if necessary) and return a session token value which can be used in edit forms to show that the user's login credentials aren't being hijacked with a foreign form submission.

The $salt for 'edit' and 'csrf' tokens is the default (empty string).

string | array$saltArray of Strings Optional function-specific data for hashing
WebRequest | null$requestWebRequest object to use or null to use $wgRequest
string The new edit token

Definition at line 4253 of file User.php.

References $request, and getEditTokenObject().

Referenced by WatchAction\getWatchToken().

User::getEditTokenObject (   $salt = '',
  $request = null 

Initialize (if necessary) and return a session token value which can be used in edit forms to show that the user's login credentials aren't being hijacked with a foreign form submission.

string | array$saltArray of Strings Optional function-specific data for hashing
WebRequest | null$requestWebRequest object to use or null to use $wgRequest
MediaWiki\Session\Token The new edit token

Definition at line 4229 of file User.php.

References $request, getRequest(), and isAnon().

Referenced by getEditToken(), ApiQueryTokens\getToken(), and matchEditToken().

static User::getEditTokenTimestamp (   $val)

Get the embedded timestamp from a token.

since 1.27, use \MediaWiki\Session\Token::getTimestamp instead.
string$valInput token

Definition at line 4263 of file User.php.

References MediaWiki\Session\Token\getTimestamp(), and wfDeprecated().

User::getEffectiveGroups (   $recache = false)

Get the list of implicit group memberships this user has.

This includes all explicit groups, plus 'user' if logged in, '*' for all accounts, and autopromoted groups

bool$recacheWhether to avoid the cache
array Array of String internal group names

Definition at line 3196 of file User.php.

References $mEffectiveGroups, getAutomaticGroups(), getGroups(), and Hooks\run().

Referenced by addGroup(), changeableGroups(), UserPasswordPolicy\getPoliciesForUser(), getRights(), and removeGroup().

User::getEmail ( )

Get the user's e-mail address.

string User's email address

Definition at line 2647 of file User.php.

References $mEmail, load(), and Hooks\run().

Referenced by SpecialChangeEmail\attemptChange(), Autopromote\checkCondition(), MailAddress\newFromUser(), and setEmailWithConfirmation().

User::getEmailAuthenticationTimestamp ( )

Get the timestamp of the user's e-mail authentication.

string TS_MW timestamp

Definition at line 2657 of file User.php.

References $mEmailAuthenticated, load(), and Hooks\run().

Referenced by Autopromote\checkCondition(), and isEmailConfirmed().

User::getFirstEditTimestamp ( )

Get the timestamp of the first edit.

string|bool Timestamp of first edit, or false for non-existent/anonymous user accounts.

Definition at line 4553 of file User.php.

References $dbr, $time, DB_REPLICA, getId(), TS_MW, wfGetDB(), and wfTimestamp().

Referenced by Autopromote\checkCondition().

User::getFormerGroups ( )

Returns the groups the user has belonged to.

The user may still belong to the returned groups. Compare with getGroups().

The function will not return groups the user had belonged to before MW 1.17

array Names of the groups the user has belonged to.

Definition at line 3246 of file User.php.

References $mFormerGroups, $res, as, DB_MASTER, DB_REPLICA, load(), and wfGetDB().

Referenced by Autopromote\getAutopromoteOnceGroups().

User::getGlobalBlock (   $ip = '')

Check if user is blocked on all wikis.

Do not use for actual edit permission checks! This is intended for quick UI checks.

string$ipIP address, uses current client if none given
Block|null Block object if blocked, null otherwise

Definition at line 2022 of file User.php.

References getName(), getRequest(), IP\isIPAddress(), Hooks\run(), and Block\setTarget().

Referenced by isBlockedGlobally().

static User::getGroupMember (   $group,
  $username = '#' 

Get the localized descriptive name for a member of a group, if it exists.

string$groupInternal group name
string$usernameUsername for gender (since 1.19)
string Localized name for group member

Definition at line 4706 of file User.php.

References $username, and wfMessage().

Referenced by UsersPager\buildGroupLink(), UserrightsPage\buildGroupMemberLink(), RightsLogFormatter\getMessageParameters(), UserrightsPage\groupCheckboxes(), and Preferences\profilePreferences().

static User::getGroupName (   $group)

Get the localized descriptive name for a group, if it exists.

string$groupInternal group name
string Localized descriptive group name

Definition at line 4694 of file User.php.

References wfMessage().

Referenced by UserrightsPage\buildGroupLink(), UsersPager\getAllGroups(), and Preferences\profilePreferences().

static User::getGroupPage (   $group)

Get the title of a page describing a particular group.

string$groupInternal group name
Title|bool Title of the page if it exists, false otherwise

Definition at line 4762 of file User.php.

References $title, Title\newFromText(), and wfMessage().

Referenced by UsersPager\doBatchLookups().

static User::getGroupPermissions (   $groups)

Get the permissions associated with a given list of groups.

array$groupsArray of Strings List of internal group names
array Array of Strings List of permission key names for given groups combined

Definition at line 4575 of file User.php.

References as, and global.

Referenced by Autopromote\checkCondition(), ApiQueryAllUsers\execute(), UserTest\testGroupPermissions(), UserTest\testRevokePermissions(), and wfStreamThumb().

User::getGroups ( )

Get the list of explicit group memberships this user has.

The implicit * and user groups are not included.

array Array of String internal group names

Definition at line 3183 of file User.php.

References $mGroups, load(), and loadGroups().

Referenced by addAutopromoteOnceGroups(), Autopromote\checkCondition(), Autopromote\getAutopromoteOnceGroups(), getEffectiveGroups(), isBot(), and pingLimiter().

static User::getGroupsWithPermission (   $role)

Get all the groups who have a given permission.

string$roleRole to check
array Array of Strings List of internal group names with the given permission

Definition at line 4602 of file User.php.

References as, and global.

Referenced by PermissionsError\__construct(), ApiQueryAllUsers\execute(), ApiQueryContributors\execute(), NewFilesPager\getQueryInfo(), MWNamespace\getRestrictionLevels(), ContribsPager\getUserCond(), Title\missingPermissionError(), ApiMain\modifyHelp(), newFatalPermissionDeniedStatus(), RebuildRecentchanges\rebuildRecentChangesTablePass4(), ApiQueryAllImages\run(), and UserTest\testGetGroupsWithPermission().

User::getId ( )

Get the user's ID.

int The user's ID; 0 if the user is anonymous or nonexistent

Definition at line 2083 of file User.php.

References $mId, isIP(), isItemLoaded(), and load().

Referenced by UploadFromChunks\__construct(), addAutopromoteOnceGroups(), addGroup(), WatchedItemStore\addWatchBatchForUser(), MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAccountCreation(), MediaWiki\Auth\AuthManager\beginAccountLink(), EmailNotification\canSendUserTalkEmail(), SpecialBlock\checkUnblockSelf(), clearAllNotifications(), clearSharedCache(), WatchedItemStore\countUnreadNotifications(), WatchedItemStore\countWatchedItems(), WatchedItemStore\dbCond(), WikiPage\doCreate(), WikiPage\doModify(), WikiPage\doUpdateRestrictions(), getAutomaticGroups(), Block\getBy(), WatchedItemStore\getCacheKey(), getEditCount(), getFirstEditTimestamp(), getInstanceForUpdate(), getNewMessageLinks(), WatchedItemStore\getNotificationTimestampsBatch(), UploadBase\getSessionStatus(), ApiStashEdit\getStashKey(), getTokenFromOption(), WatchedItemStore\getWatchedItemsForUser(), WatchedItemQueryService\getWatchedItemsForUserQueryConds(), WatchedItemQueryService\getWatchlistOwnerId(), RequestContext\importScopedSession(), incEditCountImmediate(), initEditCount(), LocalIdLookup\isAttached(), isLoggedIn(), loadFromSession(), loadOptions(), TestRecentChangesHelper\makeCategorizationRecentChange(), TestRecentChangesHelper\makeDeletedEditRecentChange(), TestRecentChangesHelper\makeEditRecentChange(), TestRecentChangesHelper\makeLogRecentChange(), TestRecentChangesHelper\makeNewBotEditRecentChange(), LogFormatter\makeUserLink(), MovePage\moveToInternal(), EmailNotification\notifyOnPageChange(), pingLimiter(), removeGroup(), WatchedItemStore\removeWatch(), WatchedItemStore\resetNotificationTimestamp(), saveOptions(), setNewtalk(), WatchedItemStore\setNotificationTimestampsForUser(), TestUser\setPasswordForUser(), UploadBase\setSessionStatus(), UserTest\testGetId(), UserTest\testIncEditCount(), touch(), WatchedItemStore\uncache(), WatchedItemStore\uncacheUser(), and WatchedItemStore\updateNotificationTimestamp().

static User::getImplicitGroups ( )

Get a list of implicit groups.

array Array of Strings Array of internal group names

Definition at line 4746 of file User.php.

References global, and Hooks\run().

Referenced by UsersPager\getGroups().

User::getInstanceForUpdate ( )

Get a new instance of this user that was loaded from the master via a locking read.

Use this instead of the main context User when updating that user. This avoids races where that user was loaded from a replica DB or even the master but without proper locks.

User|null Returns null if the user was not found in the DB

Definition at line 5372 of file User.php.

References $user, and getId().

User::getIntOption (   $oname,
  $defaultOverride = 0 

Get the user's current setting for a given option, as an integer value.

string$onameThe option to check
int$defaultOverrideA default value returned if the option does not exist
int User's current value for the option
See also

Definition at line 2837 of file User.php.

References getOption().

Referenced by getStubThreshold().

User::getName ( )

Get the user name, or the IP of an anonymous user.

string User's name or IP address

Definition at line 2108 of file User.php.

References $mName, getRequest(), isItemLoaded(), load(), and IP\sanitizeIP().

Referenced by __toString(), EmailNotification\actuallyNotifyOnPageChange(), MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAccountCreation(), MediaWiki\Auth\AuthManager\beginAccountLink(), CentralIdLookup\centralIdFromLocalUser(), checkPassword(), PasswordPolicyChecks\checkPasswordCannotMatchBlacklist(), PasswordPolicyChecks\checkPasswordCannotMatchUsername(), SpecialBlock\checkUnblockSelf(), clearNotification(), WikiPage\doCreate(), RecentChange\doMarkPatrolled(), WikiPage\doModify(), equals(), PasswordReset\execute(), getBlockedStatus(), Block\getByName(), ApiQueryUserInfo\getCentralUserInfo(), getGlobalBlock(), getNewMessageLinks(), getNewtalk(), UploadBase\getSessionStatus(), ApiStashEdit\getStashKey(), getTitleKey(), getUserPage(), idForName(), PasswordReset\isAllowed(), isBlockedFrom(), ApiStashEdit\lastEditTime(), CreditsAction\link(), loadFromSession(), TestRecentChangesHelper\makeCategorizationRecentChange(), TestRecentChangesHelper\makeDeletedEditRecentChange(), TestRecentChangesHelper\makeEditRecentChange(), TestRecentChangesHelper\makeLogRecentChange(), TestRecentChangesHelper\makeNewBotEditRecentChange(), LogFormatter\makeUserLink(), MovePage\moveToInternal(), MailAddress\newFromUser(), EmailNotification\notifyOnPageChange(), sendConfirmationMail(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\sendNewAccountEmail(), setEmailWithConfirmation(), setNewtalk(), setPasswordInternal(), UploadBase\setSessionStatus(), spreadBlock(), UserTest\testCheckPasswordValidity(), UserTest\testOptions(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider\tryReset(), and CreditsAction\userLink().

User::getNewMessageLinks ( )

Return the data needed to construct links for new talk page message alerts.

If there are new messages, this will return an associative array with the following data: wiki: The database name of the wiki link: Root-relative link to the user's talk page rev: The last talk page revision that the user has seen or null. This is useful for building diff links. If there are no new messages, it returns an empty array.

This function was designed to accomodate multiple talk pages, but currently only returns a single link and revision.

Definition at line 2190 of file User.php.

References $dbr, $rev, $timestamp, DB_REPLICA, getId(), getName(), getNewtalk(), getTalkPage(), isAnon(), Revision\loadFromTimestamp(), Hooks\run(), wfGetDB(), and wfWikiID().

Referenced by getNewMessageRevisionId().

User::getNewMessageRevisionId ( )

Get the revision ID for the last talk page revision viewed by the talk page owner.

int|null Revision ID or null

Definition at line 2213 of file User.php.

References getNewMessageLinks(), and wfWikiID().

User::getNewtalk ( )

Check if the user has new messages.

bool True if the user has new messages

Definition at line 2152 of file User.php.

References $mNewtalk, checkNewtalk(), getName(), global, load(), and page.

Referenced by clearNotification(), and getNewMessageLinks().

User::getOption (   $oname,
  $defaultOverride = null,
  $ignoreHidden = false 

Get the user's current setting for a given option.

string$onameThe option to check
string$defaultOverrideA default value returned if the option does not exist
bool$ignoreHiddenWhether to ignore the effects of $wgHiddenPrefs
string User's current value for the option
See also

Definition at line 2766 of file User.php.

References global, and loadOptions().

Referenced by canReceiveEmail(), getBoolOption(), getDatePreference(), getIntOption(), RequestContext\getLanguage(), getTokenFromOption(), Language\internalUserTimeAndDate(), MWTimestamp\offsetForUser(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\sendNewAccountEmail(), and UserTest\testOptions().

User::getOptionKinds ( IContextSource  $context,
  $options = null 

Return an associative array mapping preferences keys to the kind of a preference they're used for.

Different kinds are handled differently when setting or reading preferences.

See User::listOptionKinds for the list of valid option types that can be provided.

See also
array$optionsAssoc. array with options keys to check as keys. Defaults to $this->mOptions.
array The key => kind mapping data

Definition at line 2959 of file User.php.

References $mOptions, $name, $options, $value, as, HTMLFormField\flattenOptions(), Preferences\getPreferences(), Preferences\getSaveBlacklist(), and loadOptions().

Referenced by resetOptions().

User::getOptions (   $flags = 0)

Get all user's options.

int$flagsBitwise combination of: User::GETOPTIONS_EXCLUDE_DEFAULTS Exclude user options that are set to the default value. (Since 1.25)

Definition at line 2794 of file User.php.

References $flags, $mOptions, $options, as, global, and loadOptions().

User::getPassword ( )
Removed in 1.27.

Definition at line 2453 of file User.php.

static User::getPasswordFactory ( )

Lazily instantiate and return a factory object for making passwords.

since 1.27, create a PasswordFactory directly instead

Definition at line 5254 of file User.php.

References $ret, RequestContext\getMain(), and wfDeprecated().

User::getPasswordValidity (   $password)

Given unvalidated password input, return error message on failure.

string$passwordDesired password
bool|string|array True on success, string or array of error message on failure

Definition at line 969 of file User.php.

References $messages, as, and checkPasswordValidity().

Referenced by isValidPassword(), and UserTest\testCheckPasswordValidity().

User::getRealName ( )

Get the user's real name.

string User's real name

Definition at line 2739 of file User.php.

References $mRealName, isItemLoaded(), and load().

Referenced by CreditsAction\link(), MailAddress\newFromUser(), and CreditsAction\userLink().

User::getRegistration ( )

Get the timestamp of account creation.

string|bool|null Timestamp of account creation, false for non-existent/anonymous user accounts, or null if existing account but information is not in database.

Definition at line 4539 of file User.php.

References $mRegistration, isAnon(), and load().

Referenced by Autopromote\checkCondition().

static User::getRightDescription (   $right)

Get the description of a given right.

string$rightRight to query
string Localized description of the right

Definition at line 5025 of file User.php.

References wfMessage().

Referenced by SpecialListGrants\execute(), SpecialListGroupRights\formatPermissions(), and SpecialListGroupRights\outputNamespaceProtectionInfo().

User::getRights ( )

Get the permissions this user has.

array Array of String permission names

Definition at line 3142 of file User.php.

References $mRights, getEffectiveGroups(), RequestContext\getMain(), getRequest(), isBlocked(), isLoggedIn(), Hooks\run(), and User.

Referenced by isAllowed(), and UserTest\testUserGetRightsHooks().

User::getStubThreshold ( )

Get the user preferred stub threshold.


Definition at line 3127 of file User.php.

References $wgMaxArticleSize, article, getIntOption(), global, and in.

Referenced by MediaWiki\Linker\LinkRendererFactory\createForUser().

User::getTalkPage ( )

Get this user's talk page title.

Title User's talk page title

Definition at line 4160 of file User.php.

References $title, and getUserPage().

Referenced by getNewMessageLinks().

User::getTemporaryPassword ( )
Removed in 1.27.

Definition at line 2462 of file User.php.

User::getTitleKey ( )

Get the user's name escaped by underscores.

string Username escaped by underscores.

Definition at line 2144 of file User.php.

References getName().

Referenced by WikiPage\doEditUpdates().

User::getToken (   $forceCreation = true)

Get the user's current token.

bool$forceCreationForce the generation of a new token if the user doesn't have one (default=true for backwards compatibility).
string|null Token

Definition at line 2571 of file User.php.

References $mToken, $ret, MWCryptRand\generateHex(), global, MWCryptHash\hmac(), load(), and setToken().

Referenced by getTokenFromOption(), and loadFromSession().

User::getTokenFromOption (   $oname)

Get a token stored in the preferences (like the watchlist one), resetting it if it's empty (and saving changes).

string$onameThe option name to retrieve the token from
string|bool User's current value for the option, or false if this option is disabled.
See also
since 1.26 Applications should use the OAuth extension

Definition at line 2874 of file User.php.

References getId(), getOption(), getToken(), and global.

User::getTokenUrl (   $page,

Internal function to format the e-mail validation/invalidation URLs.

This uses a quickie hack to use the hardcoded English names of the Special: pages, for ASCII safety.

Since these URLs get dropped directly into emails, using the short English names avoids insanely long URL-encoded links, which also sometimes can get corrupted in some browsers/mailers (bug 6957 with Gmail and Internet Explorer).
string$pageSpecial page
string Formatted URL

Definition at line 4416 of file User.php.

References $title, Title\makeTitle(), and NS_MAIN.

Referenced by confirmationTokenUrl(), and invalidationTokenUrl().

User::getTouched ( )

Get the user touched timestamp.

Use this value only to validate caches via inequalities such as in the case of HTTP If-Modified-Since response logic

string TS_MW Timestamp

Definition at line 2420 of file User.php.

References $cache, $mTouched, ObjectCache\getMainWANInstance(), load(), TS_MW, wfMemcKey(), and wfTimestamp().

Referenced by validateCache().

User::getUserPage ( )

Get this user's personal page title.

Title User's personal page title

Definition at line 4151 of file User.php.

References getName(), Title\makeTitle(), and NS_USER.

Referenced by addAutopromoteOnceGroups(), MediaWiki\Auth\AuthManager\autoCreateUser(), Block\getPermissionsError(), getTalkPage(), CreditsAction\link(), and saveSettings().

static User::groupHasPermission (   $group,

Check, if the given group has the given permission.

If you're wanting to check whether all users have a permission, use User::isEveryoneAllowed() instead. That properly checks if it's revoked from anyone.

string$groupGroup to check
string$roleRole to check

Definition at line 4625 of file User.php.

References global.

Referenced by SkinTemplate\buildPersonalUrls(), Title\checkQuickPermissions(), SpecialNewpages\filterLinks(), NewPagesPager\getQueryInfo(), SpecialCreateAccount\isRestricted(), SpecialPage\isRestricted(), and OutputPage\showPermissionsErrorPage().

User::idForName (   $flags = 0)

If only this user's username is known, and it exists, return the user ID.

int$flagsBitfield of User:READ_* constants; useful for existence checks

Definition at line 3909 of file User.php.

References $flags, $options, $s, DB_MASTER, DB_REPLICA, getName(), and wfGetDB().

static User::idFromName (   $name,
  $flags = self::READ_NORMAL 
User::incEditCountImmediate ( )

Increment the user's edit-count field.

Will have no effect for anonymous users.


Definition at line 4949 of file User.php.

References $dbr, DB_MASTER, DB_REPLICA, getEditCount(), getId(), initEditCount(), invalidateCache(), isAnon(), and wfGetDB().

Referenced by incEditCount().

User::inDnsBlacklist (   $ip,

Whether the given IP is in a given DNS blacklist.

string$ipIP to check
string | array$basesArray of Strings: URL of the DNS blacklist
bool True if blacklisted.

Definition at line 1692 of file User.php.

References $base, array(), as, IP\isIPv4(), and wfDebugLog().

Referenced by isDnsBlacklisted().

User::initEditCount (   $add = 0)

Initialize user_editcount from data out of the revision table.

int$addEdits to add to the count from the revision table
int Number of edits

Definition at line 4996 of file User.php.

References $count, $dbr, DB_MASTER, DB_REPLICA, getId(), and wfGetDB().

Referenced by getEditCount(), and incEditCountImmediate().

User::invalidateCache ( )

Immediately touch the user data cache for this account.

Calls touch() and removes account data from memcached

Definition at line 2377 of file User.php.

References clearSharedCache(), and touch().

Referenced by addGroup(), addWatch(), incEditCountImmediate(), removeGroup(), removeWatch(), and setNewtalk().

User::invalidateEmail ( )

Invalidate the user's e-mail confirmation, and unauthenticate the e-mail address if it was already confirmed.

Call saveSettings() after calling this function to commit the change.
bool Returns true

Definition at line 4446 of file User.php.

References load(), Hooks\run(), and setEmailAuthenticationTimestamp().

Referenced by setEmail().

User::invalidationTokenUrl (   $token)

Return a URL the user can use to invalidate their email address.

string$tokenAccepts the email confirmation token
string New token URL

Definition at line 4398 of file User.php.

References getTokenUrl().

Referenced by sendConfirmationMail().

User::isAllowedAll ( )
string... Permissions to test
bool True if the user is allowed to perform all of the given actions

Definition at line 3428 of file User.php.

References as, and isAllowed().

User::isAllowedAny ( )

Check if user is allowed to access a feature / make an action.

string... Permissions to test
bool True if user is allowed to perform any of the given actions

Definition at line 3413 of file User.php.

References as, and isAllowed().

Referenced by WikiPage\commitRollback(), WatchedItemQueryService\getExtraDeletedPageLogEntryRelatedCond(), WatchedItemQueryService\getUserRelatedConds(), useFilePatrol(), useNPPatrol(), and useRCPatrol().

User::isAllowedToCreateAccount ( )

Get whether the user is allowed to create an account.


Definition at line 4142 of file User.php.

References isAllowed(), and isBlockedFromCreateAccount().

User::isBlocked (   $bFromSlave = true)

Check if user is blocked.

bool$bFromSlaveWhether to check the replica DB instead of the master. Hacked from false due to horrible probs on site.
bool True if blocked, false otherwise

Definition at line 1934 of file User.php.

References getBlock().

Referenced by Action\checkCanExecute(), Autopromote\checkCondition(), FormSpecialPage\checkExecutePermissions(), SpecialBlock\checkUnblockSelf(), getRights(), PasswordReset\isAllowed(), isBlockedFrom(), and spreadAnyEditBlock().

User::isBlockedFrom (   $title,
  $bFromSlave = false 

Check if user is blocked from editing a particular article.

Title$titleTitle to check
bool$bFromSlaveWhether to check the replica DB instead of the master

Definition at line 1956 of file User.php.

References $title, false, getName(), global, isBlocked(), NS_USER_TALK, Hooks\run(), and wfDebug().

User::isBlockedFromCreateAccount ( )

Get whether the user is explicitly blocked from account creation.


Definition at line 4111 of file User.php.

References $mBlock, getBlockedStatus(), getRequest(), isAllowed(), Block\newFromTarget(), and Block\prevents().

Referenced by MediaWiki\Auth\AuthManager\checkAccountCreatePermissions(), and isAllowedToCreateAccount().

User::isBlockedFromEmailuser ( )

Get whether the user is blocked from using Special:Emailuser.


Definition at line 4133 of file User.php.

References getBlockedStatus().

User::isBlockedGlobally (   $ip = '')

Check if user is blocked on all wikis.

Do not use for actual edit permission checks! This is intended for quick UI checks.

string$ipIP address, uses current client if none given
bool True if blocked, false otherwise

Definition at line 2008 of file User.php.

References getGlobalBlock().

User::isBot ( )
bool Whether this user is flagged as being a bot role account

Definition at line 3396 of file User.php.

References getGroups(), isAllowed(), and Hooks\run().

Referenced by ApiStashEdit\checkCache().

static User::isCreatableName (   $name)

Usernames which fail to pass this function will be blocked from new account registrations, but may be used internally either by batch processes or by user accounts which have already been created.

Additional blacklisting may be added here rather than in isValidUserName() to avoid disrupting existing accounts.

string$nameString to match

Definition at line 928 of file User.php.

References $name, global, and wfDebugLog().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), and getCanonicalName().

User::isDnsBlacklisted (   $ip,
  $checkWhitelist = false 

Whether the given IP is in a DNS blacklist.

string$ipIP to check
bool$checkWhitelistWhether to check the whitelist first
bool True if blacklisted.

Definition at line 1671 of file User.php.

References global, and inDnsBlacklist().

Referenced by MediaWiki\Auth\AuthManager\checkAccountCreatePermissions(), and getBlockedStatus().

User::isEmailConfirmationPending ( )

Check whether there is an outstanding request for e-mail confirmation.


Definition at line 4524 of file User.php.

References $wgEmailAuthentication, global, isEmailConfirmed(), and wfTimestamp().

User::isEmailConfirmed ( )

Is this user's e-mail address valid-looking and confirmed within limits of the current site configuration?

If $wgEmailAuthentication is on, this may require the user to have confirmed their address by returning a code or using a password sent to the address from the wiki.

Definition at line 4500 of file User.php.

References $wgEmailAuthentication, getEmailAuthenticationTimestamp(), global, isAnon(), load(), Hooks\run(), and Sanitizer\validateEmail().

Referenced by canReceiveEmail(), canSendEmail(), confirmEmail(), and isEmailConfirmationPending().

static User::isEveryoneAllowed (   $right)

Check if all users may be assumed to have the given permission.

We generally assume so if the right is granted to '*' and isn't revoked on any group. It doesn't attempt to take grants or other extension limitations on rights into account in the general case, though, as that would require it to always return false and defeat the purpose. Specifically, session-based rights restrictions (such as OAuth or bot passwords) are applied based on the current session.

string$rightRight to check

Definition at line 4645 of file User.php.

References $cache, as, global, and Hooks\run().

Referenced by ApiMain\checkExecutePermissions(), Title\checkReadPermissions(), RawAction\onView(), AjaxDispatcher\performAction(), and ApiMain\setCacheMode().

User::isHidden ( )

Check if user account is hidden.

bool True if hidden, false otherwise

Definition at line 2066 of file User.php.

References $mHideName, getBlockedStatus(), and Hooks\run().

static User::isIP (   $name)

Does the string match an anonymous IP address?

This function exists for username validation, in order to reject usernames which are similar in form to IP addresses. Strings such as 300.300.300.300 will return true because it looks like an IP address, despite not being strictly valid.

We match "\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.xxx" as an anonymous IP address because the usemod software would "cloak" anonymous IP addresses like this, if we allowed accounts like this to be created new users could get the old edits of these anonymous users.

string$nameName to match

Definition at line 788 of file User.php.

References $name, and IP\isIPv6().

Referenced by ImageListPager\__construct(), SpecialContributions\contributionsSub(), WikiPage\doEditUpdates(), ApiQueryContributions\execute(), RollbackEdits\execute(), getId(), SearchNearMatcher\getNearMatchInternal(), ApiRollback\getRbUser(), Skin\getRelevantUser(), ReassignEdits\initialiseUser(), isValidUserName(), ApiQueryBlocks\prepareUsername(), EditPage\showIntro(), Article\showMissingArticle(), and HTMLUserTextField\validate().

User::isItemLoaded (   $item,
  $all = 'all' 

Return whether an item has been loaded.

string$itemItem to check. Current possibilities:
  • id
  • name
  • realname
string$all'all' to check if the whole object has been loaded or any other string to check if only the item is available (e.g. for optimisation)

Definition at line 1168 of file User.php.

References true.

Referenced by getId(), getName(), and getRealName().

static User::isLocallyBlockedProxy (   $ip)

Check if an IP address is in the local proxy list.


Definition at line 1739 of file User.php.

References $ret, file, and global.

User::isLocked ( )

Check if user account is locked.

bool True if locked, false otherwise

Definition at line 2051 of file User.php.

References $mLocked, and Hooks\run().

User::isLoggedIn ( )

Get whether the user is logged in.


Definition at line 3380 of file User.php.

References getId().

Referenced by WatchAction\doWatchOrUnwatch(), getRights(), isAnon(), spreadAnyEditBlock(), UserTest\testCheckAndSetTouched(), and UserTest\testLoggedIn().

User::isNewbie ( )

Determine whether the user is a newbie.

Newbies are either anonymous IPs, or the most recently created accounts.


Definition at line 4170 of file User.php.

References isAllowed().

Referenced by pingLimiter().

User::isPasswordReminderThrottled ( )

Has password reminder email been sent within the last $wgPasswordReminderResendTime hours?

Removed in 1.27. See above.

Definition at line 2639 of file User.php.

User::isPingLimitable ( )

Is this user subject to rate limiting?

bool True if rate limited

Definition at line 1769 of file User.php.

References getRequest(), global, and isAllowed().

Referenced by pingLimiter().

User::isSafeToLoad ( )

Test if it's safe to load this User object.

You should typically check this before using $wgUser or RequestContext::getUser in a method that might be called before the system has been fully initialized. If the object is unsafe, you should use an anonymous user: \code $user = $wgUser->isSafeToLoad() ? $wgUser : new User; \endcode


Definition at line 341 of file User.php.

References $wgFullyInitialised, and global.

static User::isUsableName (   $name)

Usernames which fail to pass this function will be blocked from user login and new account registrations, but may be used internally by batch processes.

If an account already exists in this form, login will be blocked by a failure to pass this function.

string$nameName to match

Definition at line 853 of file User.php.

References $name, as, global, Hooks\run(), and wfMessage().

Referenced by MediaWiki\Session\UserInfo\__construct(), MediaWiki\Auth\AuthManager\beginAccountLink(), ApiBlock\execute(), and getCanonicalName().

User::isValidPassword (   $password)

Is the input a valid password for this user?

string$passwordDesired password

Definition at line 958 of file User.php.

References getPasswordValidity().

Referenced by UserTest\testCheckPasswordValidity().

static User::isValidUserName (   $name)

Is the input a valid username?

Checks if the input is a valid username, we don't want an empty string, an IP address, anything that contains slashes (would mess up subpages), is longer than the maximum allowed username size or doesn't begin with a capital letter.

string$nameName to match

Definition at line 804 of file User.php.

References $name, $wgContLang, and(), global, isIP(), Title\newFromText(), and use.

Referenced by GenderCache\doQuery(), CheckUsernames\execute(), getCanonicalName(), and MediaWiki\Session\SessionBackend\save().

User::isWatched (   $title,
  $checkRights = self::CHECK_USER_RIGHTS 

Check the watched status of an article.

1.22 $checkRights parameter added
Title$titleTitle of the article to look at
bool$checkRightsWhether to check 'viewmywatchlist'/'editmywatchlist' rights. Pass User::CHECK_USER_RIGHTS or User::IGNORE_USER_RIGHTS.

Definition at line 3507 of file User.php.

References $title, and isAllowed().

Referenced by WatchAction\doWatchOrUnwatch().

static User::listOptionKinds ( )

Return a list of the types of user options currently returned by User::getOptionKinds().

Currently, the option kinds are:

  • 'registered' - preferences which are registered in core MediaWiki or by extensions using the UserGetDefaultOptions hook.
  • 'registered-multiselect' - as above, using the 'multiselect' type.
  • 'registered-checkmatrix' - as above, using the 'checkmatrix' type.
  • 'userjs' - preferences with names starting with 'userjs-', intended to be used by user scripts.
  • 'special' - "preferences" that are not accessible via User::getOptions or User::setOptions.
  • 'unused' - preferences about which MediaWiki doesn't know anything. These are usually legacy options, removed in newer versions.

The API (and possibly others) use this function to determine the possible option types for validation purposes, so make sure to update this when a new option kind is added.

See also
array Option kinds

Definition at line 2936 of file User.php.

Referenced by ApiOptions\getAllowedParams().

User::loadDefaults (   $name = false)

Set cached properties to default.

This no longer clears uncached lazy-initialised properties; the constructor does that instead.
string | bool$name

Definition at line 1130 of file User.php.

References $name, pages, Hooks\run(), TS_MW, and wfTimestamp().

Referenced by PPFuzzUser\load(), load(), loadFromDatabase(), and loadFromId().

User::loadFromCache ( )

Load user data from shared cache, given mId has already been set.

bool True

Definition at line 472 of file User.php.

References $cache, $name, array(), as, DB_REPLICA, getCacheKey(), Database\getCacheSetOptions(), ObjectCache\getMainWANInstance(), loadFromDatabase(), loadGroups(), loadOptions(), TS_UNIX, use, wfDebug(), wfGetDB(), and wfTimestamp().

Referenced by loadFromId().

User::loadFromDatabase (   $flags = self::READ_LATEST)

Load user and user_group data from the database.

$this->mId must be set, this is how the user is identified.

integer$flagsUser::READ_* constant bitfield
bool True if the user exists, false if the user is anonymous

Definition at line 1220 of file User.php.

References $flags, $options, $s, DBAccessObjectUtils\getDBOptions(), getEditCount(), list, loadDefaults(), loadFromRow(), Hooks\run(), and wfGetDB().

Referenced by addToDatabase(), loadFromCache(), and loadFromId().

User::loadFromId (   $flags = self::READ_NORMAL)

Load user table data, given mId has already been set.

integer$flagsUser::READ_* constant bitfield
bool False if the ID does not exist, true otherwise

Definition at line 421 of file User.php.

References $flags, DBAccessObjectUtils\hasFlags(), loadDefaults(), loadFromCache(), and loadFromDatabase().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), and load().

User::loadFromRow (   $row,
  $data = null 

Initialize this object from a row from the user table.

stdClass$rowRow from the user table to load.
array$dataFurther user data to load into the object

user_groups Array with groups out of the user_groups table user_properties Array with properties out of the user_properties table

Definition at line 1267 of file User.php.

References loadOptions(), setItemLoaded(), TS_MW, wfTimestamp(), and wfTimestampOrNull().

Referenced by loadFromDatabase().

User::loadFromSession ( )

Load user data from the session.

bool True if the user is logged in, false otherwise.

Definition at line 1189 of file User.php.

References $user, getId(), getName(), getRequest(), getToken(), loadFromUserObject(), and Hooks\run().

Referenced by load().

User::loadFromUserObject (   $user)

Load the data for this user object from another user object.


Definition at line 1352 of file User.php.

References $user, and as.

Referenced by loadFromSession().

User::loadGroups ( )

Load the groups from the database if they aren't already loaded.

Definition at line 1362 of file User.php.

References $res, as, DB_MASTER, DB_REPLICA, and wfGetDB().

Referenced by addGroup(), getGroups(), loadFromCache(), and removeGroup().

User::loadOptions (   $data = null)

Load the user options either from cache, the database or an array.

array$dataRows for the current user out of the user_properties table

Definition at line 5122 of file User.php.

References $dbr, $property, $res, $value, $wgContLang, as, DB_MASTER, DB_REPLICA, getId(), global, load(), Hooks\run(), wfDebug(), and wfGetDB().

Referenced by getOption(), getOptionKinds(), getOptions(), loadFromCache(), loadFromRow(), saveOptions(), and setOption().

User::logout ( )

Log this user out.

Definition at line 3801 of file User.php.

References doLogout(), and Hooks\run().

static User::makeGroupLinkHTML (   $group,
  $text = '' 

Create a link to the group in HTML, if available; else return the group name.

string$groupInternal name of the group
string$textThe text of the link
string HTML link to the group

Definition at line 4781 of file User.php.

References $title, and Linker\link().

Referenced by UsersPager\buildGroupLink(), UserrightsPage\buildGroupLink(), UserrightsPage\buildGroupMemberLink(), and Preferences\profilePreferences().

static User::makeGroupLinkWiki (   $group,
  $text = '' 

Create a link to the group in Wikitext, if available; else return the group name.

string$groupInternal name of the group
string$textThe text of the link
string Wikilink to the group

Definition at line 4801 of file User.php.

References $page, and $title.

User::makeUpdateConditions ( Database  $db,
array  $conditions 

Builds update conditions.

Additional conditions may be added to $conditions to protected against race conditions using a compare-and-set (CAS) mechanism based on comparing $this->mTouched with the user_touched field.

array$conditionsWHERE conditions for use with Database::update
array WHERE conditions for use with Database::update

Definition at line 1442 of file User.php.

References Database\timestamp().

Referenced by checkAndSetTouched(), and saveSettings().

User::matchEditToken (   $val,
  $salt = '',
  $request = null,
  $maxage = null 

Check given value against the token value stored in the session.

A match should confirm that the form was submitted from the user's own login session, not a form submission from a third-party site.

string$valInput value to compare
string$saltOptional function-specific data for hashing
WebRequest | null$requestObject to use or null to use $wgRequest
int$maxageFail tokens older than this, in seconds
bool Whether the token matches

Definition at line 4280 of file User.php.

References $request, and getEditTokenObject().

Referenced by WikiPage\doRollback(), and matchEditTokenNoSuffix().

User::matchEditTokenNoSuffix (   $val,
  $salt = '',
  $request = null,
  $maxage = null 

Check given value against the token value stored in the session, ignoring the suffix.

string$valInput value to compare
string$saltOptional function-specific data for hashing
WebRequest | null$requestObject to use or null to use $wgRequest
int$maxageFail tokens older than this, in seconds
bool Whether the token matches

Definition at line 4294 of file User.php.

References $request, and matchEditToken().

static User::newFatalPermissionDeniedStatus (   $permission)

Factory function for fatal permission-denied errors.

string$permissionUser right required

Definition at line 5348 of file User.php.

References $wgLang, getGroupsWithPermission(), global, and StatusValue\newFatal().

Referenced by WatchAction\doUnwatch(), and WatchAction\doWatch().

static User::newFromConfirmationCode (   $code,
  $flags = 0 

Factory method to fetch whichever user has a given email confirmation code.

This code is generated when an account is created or its e-mail address has changed.

If the code is invalid or has expired, returns NULL.

string$codeConfirmation code
int$flagsUser::READ_* bitfield

Definition at line 567 of file User.php.

References $code, $flags, DB_MASTER, DB_REPLICA, newFromId(), and wfGetDB().

Referenced by EmailConfirmation\attemptConfirm(), and EmailInvalidation\attemptInvalidate().

static User::newFromId (   $id)

Static factory method for creation from a given user ID.

int$idValid user ID
User The corresponding User object

Definition at line 548 of file User.php.

References User.

Referenced by Block\__construct(), Installer\__construct(), CategoryMembershipChangeTest\addDBDataOnce(), LogPage\addEntry(), UserOptions\CHANGER(), SpecialBlock\checkUnblockSelf(), MediaWiki\Auth\AuthManager\continueAccountCreation(), createNew(), SpecialRedirect\dispatchUser(), ApiQueryWatchlistIntegrationTest\doAnonPageEdit(), RemoveInvalidEmails\execute(), FixUserRegistration\execute(), MigrateUserGroup\execute(), RemoveUnusedAccounts\execute(), WrapOldPasswords\execute(), ChangePassword\execute(), ResetUserEmail\execute(), ApiQueryAllUsers\execute(), NewFilesPager\formatRow(), ActiveUsersPager\formatRow(), UsersPager\getGroups(), NewUsersLogFormatter\getMessageParameters(), RecentChange\getPerformer(), DatabaseLogEntry\getPerformer(), RCDatabaseLogEntry\getPerformer(), CategoryMembershipChange\getUser(), RequestContext\importScopedSession(), Block\initFromRow(), EnhancedChangesListTest\newEnhancedChangesList(), newFromConfirmationCode(), MediaWiki\Session\UserInfo\newFromId(), SpecialSearchTest\newUserWithSearchNS(), EnotifNotifyJob\run(), RefreshLinksJob\runForTitle(), TitlePermissionTest\setUp(), Skin\showEmailUser(), UserTest\testEquals(), LanguageConverterTest\testGetPreferredVariantHeaderUserVsUrl(), UserTest\testIncEditCount(), SpecialPageTest\testRequireLoginAnon(), ApiQueryWatchlistIntegrationTest\testUserPropParameter(), ResetUserTokens\updateUser(), UserOptions\USAGER(), and Linker\userToolLinks().

static User::newFromName (   $name,
  $validate = 'valid' 

Static factory method for creation from username.

This is slightly less efficient than newFromId(), so use newFromId() if you have both an ID and a name handy.

string$nameUsername, validated by Title::newFromText()
string | bool$validateValidate username. Takes the same parameters as User::getCanonicalName(), except that true is accepted as an alias for 'valid', for BC.
User|bool User object, or false if the username is invalid (e.g. if it contains illegal characters or is an IP address). If the username is not present in the database, the result will be a user object with a name, zero user ID and default settings.

Definition at line 525 of file User.php.

References $name, and User.

Referenced by UserWrapper\__construct(), TestUser\__construct(), ImageListPager\__construct(), EmailNotification\actuallyNotifyOnPageChange(), BlockTest\addDBData(), BackupDumperLoggerTest\addDBData(), SpecialMyLanguageTest\addDBDataOnce(), ApiBlockTest\addDBDataOnce(), BlockTest\addXffBlocks(), EditPageTest\assertEdit(), MediaWiki\Auth\AuthManager\beginAccountCreation(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\beginPrimaryAuthentication(), Parser\braceSubstitution(), MediaWiki\Auth\AuthManager\canCreateAccount(), EmailNotification\canSendUserTalkEmail(), ApiMain\checkAsserts(), SpecialBlock\checkUnblockSelf(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), MediaWiki\Auth\AuthManager\continueAuthentication(), Installer\createMainpage(), Installer\createSysop(), WikiPage\doEditUpdates(), Undelete\execute(), SpecialLog\execute(), SpecialContributions\execute(), DeleteDefaultMessages\execute(), MakeTestEdits\execute(), DeletedContributionsPage\execute(), ApiBlock\execute(), ImportSiteScripts\execute(), ChangePassword\execute(), Protect\execute(), ResetUserEmail\execute(), EditCLI\execute(), InvalidateUserSesssions\execute(), ImportTextFiles\execute(), TableCleanup\execute(), DeleteBatch\execute(), MoveBatch\execute(), CreateAndPromote\execute(), PasswordReset\execute(), LoginSignupSpecialPage\execute(), UserrightsPage\fetchUser(), LogFormatter\formatParameterValue(), LogFormatter\formatParameterValueForApi(), CoreParserFunctions\gender(), WatchedItemStoreUnitTest\getAnonUser(), CreditsAction\getAuthor(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\getBlockedUser(), WikiPage\getCreator(), LogEventsList\getExtraInputs(), BlockLogFormatter\getMessageParameters(), NewUsersLogFormatter\getMessageParameters(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getNewPasswordExpiry(), RecentChange\getPerformer(), DatabaseLogEntry\getPerformer(), RCDatabaseLogEntry\getPerformer(), Skin\getRelevantUser(), SpecialEmailUser\getTarget(), CategoryMembershipChange\getUser(), DoubleRedirectJob\getUser(), ResourceLoaderContext\getUserObj(), ApiBase\getWatchlistUser(), WikiRevision\importLogItem(), WikiRevision\importOldRevision(), RequestContext\importScopedSession(), WikiRevision\importUpload(), ReassignEdits\initialiseUser(), CentralIdLookup\localUserFromCentralId(), BotPassword\login(), RequestContext\newExtraneousContext(), MediaWiki\Session\UserInfo\newFromName(), WikiPage\onArticleDelete(), InfoAction\pageInfo(), Block\parseTarget(), SpecialListFiles\prefixSearchSubpages(), SpecialUnblock\prefixSearchSubpages(), SpecialEmailUser\prefixSearchSubpages(), SpecialContributions\prefixSearchSubpages(), UserrightsPage\prefixSearchSubpages(), SpecialBlock\prefixSearchSubpages(), MediaWiki\Auth\AuthManagerTest\provideAuthentication(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\providerAllowsAuthenticationDataChange(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\providerChangeAuthenticationData(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\providerRevokeAccessForUser(), EnotifNotifyJob\run(), ApiQueryRevisions\run(), RefreshLinksJob\runForTitle(), UserNamePrefixSearch\search(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\sendPasswordResetEmail(), RecentChangeTest\setUp(), TitlePermissionTest\setUp(), LogFormatterTest\setUp(), SpecialLog\show(), EditPage\showIntro(), Article\showMissingArticle(), WebInstallerName\submit(), MediaWiki\Auth\AbstractPreAuthenticationProviderTest\testAbstractPreAuthenticationProvider(), MediaWiki\Auth\AbstractPrimaryAuthenticationProviderTest\testAbstractPrimaryAuthenticationProvider(), MediaWiki\Auth\AbstractSecondaryAuthenticationProviderTest\testAbstractSecondaryAuthenticationProvider(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\AuthManagerTest\testAccountCreation(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testAccountCreationEmail(), MediaWiki\Auth\AuthManagerTest\testAccountCreationLogging(), MediaWiki\Auth\AuthManagerTest\testAccountLink(), MediaWiki\Auth\AuthManagerTest\testAuthentication(), MediaWiki\Auth\AuthManagerTest\testAutoAccountCreation(), MediaWiki\Auth\AuthManagerTest\testAutoCreateFailOnLogin(), MediaWiki\Auth\AuthManagerTest\testAutoCreateOnLogin(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\testBasics(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testBasics(), MediaWiki\Auth\AuthManagerTest\testBeginAccountCreation(), MediaWiki\Auth\AuthManagerTest\testBeginAccountLink(), MediaWiki\Auth\AuthManagerTest\testBeginAuthentication(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\testBeginLinkAttempt(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\testBeginSecondaryAccountCreation(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\testBeginSecondaryAuthentication(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\testBeginSecondaryAuthentication(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testBeginSecondaryAuthentication(), BlockTest\testBlockedUserCanNotCreateAccount(), CentralIdLookupTest\testCentralIdFromLocalUser(), MediaWiki\Auth\AuthManagerTest\testCheckAccountCreatePermissions(), PasswordPolicyChecksTest\testCheckMaximalPasswordLength(), PasswordPolicyChecksTest\testCheckMinimalPasswordLength(), PasswordPolicyChecksTest\testCheckMinimumPasswordLengthToLogin(), PasswordPolicyChecksTest\testCheckPasswordCannotMatchBlacklist(), PasswordPolicyChecksTest\testCheckPasswordCannotMatchUsername(), UserTest\testCheckPasswordValidity(), UserPasswordPolicyTest\testCheckUserPassword(), MediaWiki\Auth\AuthManagerTest\testContinueAccountCreation(), MediaWiki\Auth\AuthManagerTest\testContinueAccountLink(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\testContinueLinkAttempt(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\testContinueSecondaryAccountCreation(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\testContinueSecondaryAuthentication(), BlockTest\testCrappyCrossWikiBlocks(), MediaWiki\Auth\AuthManagerTest\testCreateFromLogin(), BlockTest\testDeprecatedConstructor(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testDisabled(), UserTest\testEquals(), MediaWiki\Auth\LegacyHookPreAuthenticationProvider\testForAuthentication(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests(), UserTest\testGetEditCountForAnons(), UserPasswordPolicyTest\testGetPoliciesForUser(), RequestContextTest\testImportScopedSession(), MediaWiki\Session\SessionManagerTest\testInvalidateSessionsForUser(), LocalIdLookupTest\testIsAttached(), UserTest\testLoggedIn(), LocalIdLookupTest\testLookupCentralIds(), LocalIdLookupTest\testLookupUserNames(), ApiBlockTest\testMakeNormalBlock(), MediaWiki\Session\UserInfoTest\testNewFromId(), MediaWiki\Session\UserInfoTest\testNewFromName(), MediaWiki\Session\UserInfoTest\testNewFromUser(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testOnLocalUserCreated(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testOnUserGroupsChanged(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testOnUserLoggedIn(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testOnUserSaveSettings(), UserTest\testOptions(), MediaWiki\Session\ImmutableSessionProviderWithCookieTest\testPersistSession(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testPostAuthentication(), MediaWiki\Auth\AbstractPrimaryAuthenticationProviderTest\testPrimaryAccountLink(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testRangeBlock(), SpecialPageTest\testRequireLoginNotAnon(), MediaWiki\Session\SessionBackendTest\testResetId(), MediaWiki\Session\SessionBackendTest\testResetIdOfGlobalSession(), MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus(), MediaWiki\Auth\AuthManagerTest\testSetDefaultUserOptions(), MediaWiki\Session\SessionBackendTest\testTakeOverGlobalSession(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testTestForAccountCreation(), MediaWiki\Auth\LegacyHookPreAuthenticationProviderTest\testTestForAccountCreation(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testTestForAccountCreation(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testTestForAccountCreation(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testTestForAccountCreation(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testTestForAuthentication(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testTestUserForCreation(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\testTryReset(), MediaWiki\Session\SessionBackendTest\testUnpersistOfGlobalSession(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\testUserCanAuthenticate(), RevisionStorageTest\testUserWasLastToEdit(), PageArchive\undeleteRevisions(), MediaWiki\Auth\AuthManagerTest\usernameForCreation(), and HTMLUserTextField\validate().

static User::newFromRow (   $row,
  $data = null 

Create a new user object from a user row.

The row should have the following fields from the user table in it:

  • either user_name or user_id to load further data if needed (or both)
  • user_real_name
  • all other fields (email, etc.) It is useless to provide the remaining fields if either user_id, user_name and user_real_name are not provided because the whole row will be loaded once more from the database when accessing them.
stdClass$rowA row from the user table
array$dataFurther data to load into the object (see User::loadFromRow for valid keys)

Definition at line 612 of file User.php.

References $user, and User.

Referenced by ApiQueryUsers\execute(), DatabaseLogEntry\getPerformer(), PasswordReset\getUsersByEmail(), and UserArrayFromResult\setCurrent().

static User::newFromSession ( WebRequest  $request = null)

Create a new user object using data from session.

If the login credentials are invalid, the result is an anonymous user.

WebRequest | null$requestObject to use; $wgRequest will be used if omitted.

Definition at line 591 of file User.php.

References $request, $user, and User.

Referenced by RequestContext\getUser().

static User::newSystemUser (   $name,
  $options = [] 

Static factory method for creation of a "system" user from username.

A "system" user is an account that's used to attribute logged actions taken by MediaWiki itself, as opposed to a bot or human user. Examples might include the 'Maintenance script' or 'Conversion script' accounts used by various scripts in the maintenance/ directory or accounts such as 'MediaWiki message delivery' used by the MassMessage extension.

This can optionally create the user if it doesn't exist, and "steal" the account if it does exist.

"Stealing" an existing user is intended to make it impossible for normal authentication processes to use the account, effectively disabling the account for normal use:

  • Email is invalidated, to prevent account recovery by emailing a temporary password and to disassociate the account from the existing human.
  • The token is set to a magic invalid value, to kill existing sessions and to prevent $this->setToken() calls from resetting the token to a valid value.
  • SessionManager is instructed to prevent new sessions for the user, to do things like deauthorizing OAuth consumers.
  • AuthManager is instructed to revoke access, to invalidate or remove passwords and other credentials.
array$optionsOptions are:
  • validate: As for User::getCanonicalName(), default 'valid'
  • create: Whether to create the user if it doesn't already exist, default true
  • steal: Whether to "disable" the account for normal use if it already exists, default false

Definition at line 653 of file User.php.

References $name, $options, $user, DB_MASTER, and wfGetDB().

Referenced by Undelete\execute(), ImportSiteScripts\execute(), Protect\execute(), CleanupSpam\execute(), EditCLI\execute(), RollbackEdits\execute(), ImportTextFiles\execute(), DeleteBatch\execute(), TableCleanup\execute(), CapsCleanup\execute(), MoveBatch\execute(), and DeleteEqualMessages\execute().

User::newTouchedTimestamp ( )

Generate a current or new-future timestamp to be stored in the user_touched field when we update things.

string Timestamp in TS_MW format

Definition at line 2332 of file User.php.

References $time, $wgClockSkewFudge, global, TS_MW, TS_UNIX, and wfTimestamp().

Referenced by addToDatabase(), checkAndSetTouched(), and saveSettings().

static User::passwordChangeInputAttribs ( )

Provide an array of HTML5 attributes to put on an input element intended for the user to enter a new password.

This may include required, title, and/or pattern, depending on $wgMinimalPasswordLength.

Do not use this when asking the user to enter his current password! Regardless of configuration, users may have invalid passwords for whatever reason (e.g., they were set before requirements were tightened up). Only use it when asking for a new password, like on account creation or ResetPass.

Obviously, you still need to do server-side checking.

NOTE: A combination of bugs in various browsers means that this function actually just returns array() unconditionally at the moment. May as well keep it around for when the browser bugs get fixed, though.

FIXME: This does not belong here; put it in Html or Linker or somewhere
since 1.27
array Array of HTML attributes suitable for feeding to Html::element(), directly or indirectly. (Don't feed to Xml::*()! That will get confused by the boolean attribute syntax used.)

Definition at line 5285 of file User.php.

References $ret, and global.

User::pingLimiter (   $action = 'edit',
  $incrBy = 1 

Primitive rate limits: enforce maximum actions per time period to put a brake on flooding.

The method generates both a generic profiling point and a per action one (suffix being "-$action".

When using a shared cache like memcached, IP-address last-hit counters will be shared across wikis.
string$actionAction to enforce; 'edit' if unspecified
int$incrByPositive amount to increment counter by [defaults to 1]
bool True if a rate limiter was tripped

Definition at line 1794 of file User.php.

References $cache, $count, $incrBy, $keys, $limit, $summary, as, getGroups(), getId(), ObjectCache\getLocalClusterInstance(), getRequest(), IP\getSubnet(), global, isNewbie(), isPingLimitable(), list, Hooks\run(), wfDebug(), wfDebugLog(), and wfMemcKey().

Referenced by WikiPage\doRollback(), PasswordReset\execute(), and ChangeTags\updateTagsWithChecks().

static User::purge (   $wikiId,

Definition at line 451 of file User.php.

References $cache, and ObjectCache\getMainWANInstance().

Referenced by UserRightsProxy\invalidateCache().

static User::randomPassword ( )

Return a random password.

since 1.27, use PasswordFactory::generateRandomPasswordString()
string New random password

Definition at line 1117 of file User.php.

References PasswordFactory\generateRandomPasswordString(), and global.

User::removeGroup (   $group)

Remove the user from the given group.

This takes immediate effect.

string$groupName of the group to remove

Definition at line 3340 of file User.php.

References DB_MASTER, getEffectiveGroups(), getId(), invalidateCache(), load(), loadGroups(), Hooks\run(), and wfGetDB().

User::removeWatch (   $title,
  $checkRights = self::CHECK_USER_RIGHTS 

Stop watching an article.

1.22 $checkRights parameter added
Title$titleTitle of the article to look at
bool$checkRightsWhether to check 'viewmywatchlist'/'editmywatchlist' rights. Pass User::CHECK_USER_RIGHTS or User::IGNORE_USER_RIGHTS.

Definition at line 3538 of file User.php.

References $title, invalidateCache(), and isAllowed().

Referenced by WatchAction\doUnwatch().

User::requiresHTTPS ( )

Determine based on the wiki configuration and the user's options, whether this user must be over HTTPS no matter what.


Definition at line 3108 of file User.php.

References getBoolOption(), getRequest(), global, Hooks\run(), and wfCanIPUseHTTPS().

static User::resetIdByNameCache ( )

Reset the cache used in idFromName().

For use in tests.

Definition at line 768 of file User.php.

Referenced by MediaWikiTestCase\addCoreDBData().

User::resetOptions (   $resetKinds = [ 'registered',
'registered-multiselect'  ,
'registered-checkmatrix'  ,
'unused']  ,
IContextSource  $context = null 

Reset certain (or all) options to the site defaults.

The optional parameter determines which kinds of preferences will be reset. Supported values are everything that can be reported by getOptionKinds() and 'all', which forces a reset of all preferences and overrides everything else.

array | string$resetKindsWhich kinds of preferences to reset. Defaults to array( 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' ) for backwards-compatibility.
IContextSource | null$contextContext source used when $resetKinds does not contain 'all', passed to getOptionKinds(). Defaults to RequestContext::getMain() when null.

Definition at line 3043 of file User.php.

References $context, $value, as, RequestContext\getMain(), getOptionKinds(), load(), and Hooks\run().

User::resetTokenFromOption (   $oname)

Reset a token stored in the preferences (like the watchlist one).

Does not save user's preferences (similarly to setOption()).

string$onameThe option name to reset the token in
string|bool New token value, or false if this option is disabled.
See also

Definition at line 2902 of file User.php.

References MWCryptRand\generateHex(), global, and setOption().

User::saveOptions ( )

Saves the non-default options for this user, as previously set e.g.

via setOption(), in the database's "user_properties" (preferences) table. Usually used via saveSettings().

Definition at line 5188 of file User.php.

References $mOptions, $res, $value, as, DB_MASTER, getId(), loadOptions(), Hooks\run(), and wfGetDB().

Referenced by addToDatabase(), and saveSettings().

static User::selectFields ( )

Return the list of user fields that should be selected to create a new user object.


Definition at line 5325 of file User.php.

Referenced by ApiQueryUsers\execute(), PasswordReset\getUsersByEmail(), UserArray\newFromIDs(), and UserArray\newFromNames().

User::sendConfirmationMail (   $type = 'created')

Generate a new e-mail confirmation token and send a confirmation/invalidation mail to the user's given address.

string$typeMessage to send, either "created", "changed" or "set"

Definition at line 4306 of file User.php.

References $type, $wgLang, confirmationToken(), confirmationTokenUrl(), getName(), getRequest(), global, invalidationTokenUrl(), saveSettings(), sendMail(), text, and wfMessage().

Referenced by setEmailWithConfirmation().

User::sendMail (   $subject,
  $from = null,
  $replyto = null 

Send an e-mail to this user's account.

Does not check for confirmed status or validity.

string$subjectMessage subject
string$bodyMessage body
User | null$fromOptional sending user; if unspecified, default $wgPasswordSender will be used.
string$replytoReply-To address

Definition at line 4345 of file User.php.

References $from, $wgPasswordSender, global, MailAddress\newFromUser(), UserMailer\send(), text, and wfMessage().

Referenced by sendConfirmationMail(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\sendNewAccountEmail(), and setEmailWithConfirmation().

User::setCookie (   $name,
  $exp = 0,
  $secure = null,
  $params = [],
  $request = null 

Set a cookie on the user's client.

Wrapper for WebResponse::setCookie

since 1.27
string$nameName of the cookie to set
string$valueValue to set
int$expExpiration time, as a UNIX time value; if 0 or not specified, use the default $wgCookieExpiration
bool$securetrue: Force setting the secure attribute when setting the cookie false: Force NOT setting the secure attribute when setting the cookie null (default): Use the default ($wgCookieSecure) to set the secure attribute
array$paramsArray of options sent passed to WebResponse::setcookie()
WebRequest | null$requestWebRequest object to use; $wgRequest will be used if null is passed.

Definition at line 3703 of file User.php.

References $name, $params, $request, $value, getRequest(), and wfDeprecated().

Referenced by clearCookie(), and setExtendedLoginCookie().

User::setCookies (   $request = null,
  $secure = null,
  $rememberMe = false 

Persist this user's session (e.g.

set cookies)

WebRequest | null$requestWebRequest object to use; $wgRequest will be used if null is passed.
bool$secureWhether to force secure/insecure cookies or use default
bool$rememberMeWhether to add a Token cookie for elongated sessions

Definition at line 3765 of file User.php.

References $request, MediaWiki\Logger\LoggerFactory\getInstance(), ContextSource\getRequest(), getRequest(), and load().

User::setEmail (   $str)

Set the user's e-mail address.

string$strNew e-mail address

Definition at line 2667 of file User.php.

References invalidateEmail(), load(), and Hooks\run().

Referenced by setEmailWithConfirmation().

User::setEmailAuthenticationTimestamp (   $timestamp)

Set the e-mail authentication timestamp.

string$timestampTS_MW timestamp

Definition at line 4460 of file User.php.

References $timestamp, load(), and Hooks\run().

Referenced by confirmEmail(), and invalidateEmail().

User::setEmailWithConfirmation (   $str)

Set the user's e-mail address and a confirmation mail if needed.

string$strNew e-mail address

Definition at line 2684 of file User.php.

References $type, $wgEmailAuthentication, $wgEnableEmail, getEmail(), getName(), getRequest(), global, StatusValue\newFatal(), StatusValue\newGood(), sendConfirmationMail(), sendMail(), setEmail(), text, and wfMessage().

Referenced by SpecialChangeEmail\attemptChange().

User::setExtendedLoginCookie (   $name,

Set an extended login cookie on the user's client.

The expiry of the cookie is controlled by the $wgExtendedLoginCookieExpiration configuration variable.

See also
since 1.27
string$nameName of the cookie to set
string$valueValue to set
bool$securetrue: Force setting the secure attribute when setting the cookie false: Force NOT setting the secure attribute when setting the cookie null (default): Use the default ($wgCookieSecure) to set the secure attribute

Definition at line 3744 of file User.php.

References $name, $value, global, setCookie(), and wfDeprecated().

User::setId (   $v)

Set the user and reload all fields according to a given ID.

int$vUser ID to reload

Definition at line 2099 of file User.php.

References clearInstanceCache().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser().

User::setInternalPassword (   $str)

Set the password and reset the random token unconditionally.

since 1.27, use AuthManager instead
string | null$strNew password to set or null to set an invalid password hash meaning that the user will not be able to log in through the web interface.

Definition at line 2494 of file User.php.

References setPasswordInternal().

User::setItemLoaded (   $item)

Set that an item has been loaded.


Definition at line 1178 of file User.php.

Referenced by loadFromRow().

User::setName (   $str)

Set the user name.

This does not reload fields from the database according to the given name. Rather, it is used to create a temporary "nonexistent user" for later addition to the database. It can also be used to set the IP address for an anonymous user to something other than the current remote IP.

User::newFromName() has roughly the same function, when the named user does not exist.
string$strNew user name to set

Definition at line 2135 of file User.php.

References load().

User::setNewpassword (   $str,
  $throttle = true 

Set the password for a password reminder or new account email.

Removed in 1.27. Use PasswordReset instead.
string$strNew password to set or null to set an invalid password hash meaning that the user will not be able to use it
bool$throttleIf true, reset the throttle timestamp to the present

Definition at line 2629 of file User.php.

User::setNewtalk (   $val,
  $curRev = null 

Update the 'You have new messages!' status.

bool$valWhether the user has new messages
Revision$curRevNew, as yet unseen revision of the user talk page. Ignored if null or !$val.

Definition at line 2300 of file User.php.

References deleteNewtalk(), getId(), getName(), invalidateCache(), isAnon(), load(), updateNewtalk(), and wfReadOnly().

Referenced by clearAllNotifications(), and clearNotification().

User::setOption (   $oname,

Set the given option for a user.

You need to call saveSettings() to actually write to the database.

string$onameThe option to set
mixed$valNew value to set

Definition at line 2853 of file User.php.

References loadOptions().

Referenced by resetTokenFromOption(), MediaWiki\Auth\AuthManager\setDefaultUserOptions(), setPasswordInternal(), and UserTest\testOptions().

User::setPassword (   $str)

Set the password and reset the random token.

Calls through to authentication plugin if necessary; will have no effect if the auth plugin refuses to pass the change through or if the legal password checks fail.

As a special case, setting the password to null wipes it, so the account cannot be logged in until a new password is set, for instance via e-mail.

since 1.27, use AuthManager instead
string$strNew password to set
PasswordErrorOn failure

Definition at line 2482 of file User.php.

References setPasswordInternal().

User::setPasswordInternal (   $str)

Actually set the password and such.

1.27 cannot set a password for a user not in the database
string | null$strNew password to set or null to set an invalid password hash meaning that the user will not be able to log in through the web interface.
bool Success

Definition at line 2506 of file User.php.

References $status, changeAuthenticationData(), MediaWiki\Logger\LoggerFactory\getInstance(), getName(), and setOption().

Referenced by setInternalPassword(), and setPassword().

User::setRealName (   $str)

Set the user's real name.

string$strNew real name

Definition at line 2751 of file User.php.

References load().

User::setToken (   $token = false)

Set the random token (used for persistent authentication) Called from loadDefaults() among other places.

string | bool$tokenIf specified, set the token to this value

Definition at line 2609 of file User.php.

References MWCryptRand\generateHex(), MediaWiki\Logger\LoggerFactory\getInstance(), and load().

Referenced by addToDatabase(), getToken(), MediaWiki\Session\SessionManager\invalidateSessionsForUser(), and MediaWiki\Auth\AuthManager\setDefaultUserOptions().

User::spreadAnyEditBlock ( )

If this user is logged-in and blocked, block any IP address they've successfully logged in from.

bool A block was spread

Definition at line 4079 of file User.php.

References isBlocked(), isLoggedIn(), and spreadBlock().

User::spreadBlock ( )

If this (non-anonymous) user is blocked, block the IP address they've successfully logged in from.

bool A block was spread

Definition at line 4092 of file User.php.

References getName(), getRequest(), load(), Block\newFromTarget(), and wfDebug().

Referenced by spreadAnyEditBlock().

User::touch ( )

Update the "touched" timestamp for the user.

This is useful on various login/logout events when making sure that a browser or proxy that has multiple tenants does not suffer cache pollution where the new user sees the old users content. The value of getTouched() is checked when determining 304 vs 200 responses. Unlike invalidateCache(), this preserves the User object cache and avoids database writes.


Definition at line 2394 of file User.php.

References getId(), ObjectCache\getMainWANInstance(), and wfMemcKey().

Referenced by invalidateCache().

User::updateNewtalk (   $field,
  $curRev = null 

Add or update the new messages flag.

string$field'user_ip' for anonymous users, 'user_id' otherwise
string | int$idUser's IP address for anonymous users, User ID otherwise
Revision | null$curRevNew, as yet unseen revision of the user talk page. Ignored if null.
bool True if successful, false otherwise

Definition at line 2255 of file User.php.

References DB_MASTER, wfDebug(), and wfGetDB().

Referenced by setNewtalk().

User::useFilePatrol ( )

Check whether to enable new files patrol features for this user.

bool True or false

Definition at line 3477 of file User.php.

References global, and isAllowedAny().

Referenced by ChangesList\isUnpatrolled().

User::useNPPatrol ( )

Check whether to enable new pages patrol features for this user.

bool True or false

Definition at line 3465 of file User.php.

References global, and isAllowedAny().

Referenced by WatchedItemQueryService\getWatchedItemsWithRCInfoQueryFilterConds(), and ChangesList\isUnpatrolled().

User::useRCPatrol ( )

Check whether to enable recent changes patrol features for this user.

bool True or false

Definition at line 3456 of file User.php.

References global, and isAllowedAny().

Referenced by WatchedItemQueryService\getWatchedItemsWithRCInfoQueryFilterConds(), and ChangesList\isUnpatrolled().

User::validateCache (   $timestamp)

Validate the cache for this account.

string$timestampA timestamp in TS_MW format

Definition at line 2408 of file User.php.

References $timestamp, and getTouched().

static User::whoIs (   $id)

Get the username corresponding to a given user ID.

int$idUser ID
string|bool The corresponding username

Definition at line 708 of file User.php.

References UserCache\singleton().

Referenced by Title\checkActionPermissions(), UserrightsPage\fetchUser(), ImageListPager\formatValue(), and Revision\getUserText().

static User::whoIsReal (   $id)

Get the real name of a user given their user ID.

int$idUser ID
string|bool The corresponding user's real name

Definition at line 718 of file User.php.

References UserCache\singleton().

Member Data Documentation

User::$idCacheByName = []

Definition at line 304 of file User.php.

bool User::$mAllowUsertalk

Definition at line 296 of file User.php.

User::$mAllRights = false

String Cached results of getAllRights()

Definition at line 200 of file User.php.

Block User::$mBlock

Definition at line 293 of file User.php.

Referenced by isBlockedFromCreateAccount().

string User::$mBlockedby

Definition at line 265 of file User.php.

Referenced by blockedBy().

Block User::$mBlockedFromCreateAccount = false

Definition at line 299 of file User.php.

string User::$mBlockreason

Definition at line 271 of file User.php.

Referenced by blockedFor().

Initial value:
= [

Array of Strings List of member variables which are saved to the shared cache (memcached).

Any operation which changes the corresponding database fields must call a cache-clearing function.

Definition at line 93 of file User.php.

Initial value:
= [
'editusercssjs', # deprecated

Array of Strings Core rights.

Each of these should have a corresponding message of the form "right-$right".

Definition at line 118 of file User.php.

string User::$mDatePreference

Definition at line 263 of file User.php.

Referenced by getDatePreference().

int User::$mEditCount

Cache variables.

Definition at line 228 of file User.php.

Referenced by getEditCount().

array User::$mEffectiveGroups

Definition at line 273 of file User.php.

Referenced by getEffectiveGroups().

string User::$mEmail

Cache variables.

Definition at line 212 of file User.php.

Referenced by getEmail().

string User::$mEmailAuthenticated

Cache variables.

Definition at line 220 of file User.php.

Referenced by getEmailAuthenticationTimestamp().

string User::$mEmailToken

Cache variables.

Definition at line 222 of file User.php.

Referenced by saveSettings().

string User::$mEmailTokenExpires

Cache variables.

Definition at line 224 of file User.php.

array User::$mFormerGroups

Definition at line 277 of file User.php.

Referenced by getFormerGroups().


String Initialization data source if mLoadedItems!==true.

May be one of:

  • 'defaults' anonymous user initialised from class defaults
  • 'name' initialise from mName
  • 'id' initialise from mId
  • 'session' log in from session if possible

Use the User::newFrom*() family of functions to set this.

Definition at line 256 of file User.php.

Block User::$mGlobalBlock

Definition at line 279 of file User.php.

array User::$mGroups

Cache variables.

Definition at line 230 of file User.php.

Referenced by getGroups().

string User::$mHash

Definition at line 267 of file User.php.

bool User::$mHideName

Definition at line 283 of file User.php.

Referenced by isHidden().

int User::$mId

Cache variables.

Definition at line 205 of file User.php.

Referenced by addToDatabase(), and getId().

array User::$mImplicitGroups

Definition at line 275 of file User.php.

Referenced by getAutomaticGroups().

User::$mLoadedItems = []

Array with already loaded items or true if all items have been loaded.

Definition at line 244 of file User.php.

Referenced by load().

bool User::$mLocked

Definition at line 281 of file User.php.

Referenced by isLocked().

string User::$mName

Cache variables.

Definition at line 207 of file User.php.

Referenced by addToDatabase(), and getName().


Lazy-initialized variables, invalidated with clearInstanceCache.

Definition at line 261 of file User.php.

Referenced by getNewtalk().

array User::$mOptionOverrides

Cache variables.

Definition at line 232 of file User.php.

array User::$mOptions

Definition at line 285 of file User.php.

Referenced by getOptionKinds(), getOptions(), and saveOptions().


Bool Whether the cache variables have been loaded.

Definition at line 239 of file User.php.

string User::$mQuickTouched

TS_MW timestamp from cache.

Definition at line 216 of file User.php.

string User::$mRealName

Cache variables.

Definition at line 209 of file User.php.

Referenced by addToDatabase(), and getRealName().

string User::$mRegistration

Cache variables.

Definition at line 226 of file User.php.

Referenced by getRegistration().

WebRequest User::$mRequest

Definition at line 290 of file User.php.

Referenced by getRequest().

array User::$mRights

Definition at line 269 of file User.php.

Referenced by getRights().

string User::$mToken

Cache variables.

Definition at line 218 of file User.php.

Referenced by getToken().

string User::$mTouched

TS_MW timestamp from the DB.

Definition at line 214 of file User.php.

Referenced by getDBTouched(), and getTouched().

integer User::$queryFlagsUsed = self::READ_NORMAL

User::READ_* constant bitfield used to load data.

Definition at line 302 of file User.php.

const User::CHECK_USER_RIGHTS = true

Definition at line 80 of file User.php.


Global constant made accessible as class constants so that autoloader magic can be used.

since 1.27, use \MediaWiki\Session\Token::SUFFIX

Definition at line 64 of file User.php.


Exclude user options that are set to their default value.


Definition at line 75 of file User.php.

Referenced by ResourceLoaderUserOptionsModule\getScript().

const User::INVALID_TOKEN = '*** INVALID ***'

string An invalid value for user_token

Definition at line 57 of file User.php.

const User::TOKEN_LENGTH = 32

int Number of characters in user_token field.

Definition at line 52 of file User.php.

Referenced by BotPassword\save().

const User::VERSION = 10

int Serialized record version.

Definition at line 69 of file User.php.

The documentation for this class was generated from the following file: