MediaWiki  1.31.0
User.php
Go to the documentation of this file.
1 <?php
23 use MediaWiki\MediaWikiServices;
24 use MediaWiki\Session\SessionManager;
25 use MediaWiki\Session\Token;
26 use MediaWiki\Auth\AuthManager;
27 use MediaWiki\Auth\AuthenticationResponse;
28 use MediaWiki\Auth\AuthenticationRequest;
29 use MediaWiki\User\UserIdentity;
30 use Wikimedia\IPSet;
31 use Wikimedia\ScopedCallback;
32 use Wikimedia\Rdbms\Database;
33 use Wikimedia\Rdbms\DBExpectedError;
34 use Wikimedia\Rdbms\IDatabase;
35 
41 define( 'EDIT_TOKEN_SUFFIX', Token::SUFFIX );
42 
53 class User implements IDBAccessObject, UserIdentity {
57  const TOKEN_LENGTH = 32;
58 
62  const INVALID_TOKEN = '*** INVALID ***';
63 
69  const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
70 
74  const VERSION = 12;
75 
80  const GETOPTIONS_EXCLUDE_DEFAULTS = 1;
81 
85  const CHECK_USER_RIGHTS = true;
86 
90  const IGNORE_USER_RIGHTS = false;
91 
98  protected static $mCacheVars = [
99  // user table
100  'mId',
101  'mName',
102  'mRealName',
103  'mEmail',
104  'mTouched',
105  'mToken',
106  'mEmailAuthenticated',
107  'mEmailToken',
108  'mEmailTokenExpires',
109  'mRegistration',
110  'mEditCount',
111  // user_groups table
112  'mGroupMemberships',
113  // user_properties table
114  'mOptionOverrides',
115  // actor table
116  'mActorId',
117  ];
118 
125  protected static $mCoreRights = [
126  'apihighlimits',
127  'applychangetags',
128  'autoconfirmed',
129  'autocreateaccount',
130  'autopatrol',
131  'bigdelete',
132  'block',
133  'blockemail',
134  'bot',
135  'browsearchive',
136  'changetags',
137  'createaccount',
138  'createpage',
139  'createtalk',
140  'delete',
141  'deletechangetags',
142  'deletedhistory',
143  'deletedtext',
144  'deletelogentry',
145  'deleterevision',
146  'edit',
147  'editcontentmodel',
148  'editinterface',
149  'editprotected',
150  'editmyoptions',
151  'editmyprivateinfo',
152  'editmyusercss',
153  'editmyuserjson',
154  'editmyuserjs',
155  'editmywatchlist',
156  'editsemiprotected',
157  'editusercss',
158  'edituserjson',
159  'edituserjs',
160  'hideuser',
161  'import',
162  'importupload',
163  'ipblock-exempt',
164  'managechangetags',
165  'markbotedits',
166  'mergehistory',
167  'minoredit',
168  'move',
169  'movefile',
170  'move-categorypages',
171  'move-rootuserpages',
172  'move-subpages',
173  'nominornewtalk',
174  'noratelimit',
175  'override-export-depth',
176  'pagelang',
177  'patrol',
178  'patrolmarks',
179  'protect',
180  'purge',
181  'read',
182  'reupload',
183  'reupload-own',
184  'reupload-shared',
185  'rollback',
186  'sendemail',
187  'siteadmin',
188  'suppressionlog',
189  'suppressredirect',
190  'suppressrevision',
191  'unblockself',
192  'undelete',
193  'unwatchedpages',
194  'upload',
195  'upload_by_url',
196  'userrights',
197  'userrights-interwiki',
198  'viewmyprivateinfo',
199  'viewmywatchlist',
200  'viewsuppressed',
201  'writeapi',
202  ];
203 
207  protected static $mAllRights = false;
208 
210  // @{
212  public $mId;
214  public $mName;
216  protected $mActorId;
218  public $mRealName;
219 
221  public $mEmail;
223  public $mTouched;
225  protected $mQuickTouched;
227  protected $mToken;
229  public $mEmailAuthenticated;
231  protected $mEmailToken;
233  protected $mEmailTokenExpires;
235  protected $mRegistration;
237  protected $mEditCount;
239  protected $mGroupMemberships;
241  protected $mOptionOverrides;
242  // @}
243 
247  // @{
248  public $mOptionsLoaded;
249 
253  protected $mLoadedItems = [];
254  // @}
255 
266  public $mFrom;
267 
271  protected $mNewtalk;
273  protected $mDatePreference;
275  public $mBlockedby;
277  protected $mHash;
279  public $mRights;
281  protected $mBlockreason;
283  protected $mEffectiveGroups;
285  protected $mImplicitGroups;
287  protected $mFormerGroups;
289  protected $mGlobalBlock;
291  protected $mLocked;
293  public $mHideName;
295  public $mOptions;
296 
298  private $mRequest;
299 
301  public $mBlock;
302 
304  protected $mAllowUsertalk;
305 
307  private $mBlockedFromCreateAccount = false;
308 
310  protected $queryFlagsUsed = self::READ_NORMAL;
311 
312  public static $idCacheByName = [];
313 
325  public function __construct() {
326  $this->clearInstanceCache( 'defaults' );
327  }
328 
332  public function __toString() {
333  return (string)$this->getName();
334  }
335 
350  public function isSafeToLoad() {
351  global $wgFullyInitialised;
352 
353  // The user is safe to load if:
354  // * MW_NO_SESSION is undefined AND $wgFullyInitialised is true (safe to use session data)
355  // * mLoadedItems === true (already loaded)
356  // * mFrom !== 'session' (sessions not involved at all)
357 
358  return ( !defined( 'MW_NO_SESSION' ) && $wgFullyInitialised ) ||
359  $this->mLoadedItems === true || $this->mFrom !== 'session';
360  }
361 
367  public function load( $flags = self::READ_NORMAL ) {
368  global $wgFullyInitialised;
369 
370  if ( $this->mLoadedItems === true ) {
371  return;
372  }
373 
374  // Set it now to avoid infinite recursion in accessors
375  $oldLoadedItems = $this->mLoadedItems;
376  $this->mLoadedItems = true;
377  $this->queryFlagsUsed = $flags;
378 
379  // If this is called too early, things are likely to break.
380  if ( !$wgFullyInitialised && $this->mFrom === 'session' ) {
381  \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
382  ->warning( 'User::loadFromSession called before the end of Setup.php', [
383  'exception' => new Exception( 'User::loadFromSession called before the end of Setup.php' ),
384  ] );
385  $this->loadDefaults();
386  $this->mLoadedItems = $oldLoadedItems;
387  return;
388  }
389 
390  switch ( $this->mFrom ) {
391  case 'defaults':
392  $this->loadDefaults();
393  break;
394  case 'name':
395  // Make sure this thread sees its own changes
396  $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
397  if ( $lb->hasOrMadeRecentMasterChanges() ) {
398  $flags |= self::READ_LATEST;
399  $this->queryFlagsUsed = $flags;
400  }
401 
402  $this->mId = self::idFromName( $this->mName, $flags );
403  if ( !$this->mId ) {
404  // Nonexistent user placeholder object
405  $this->loadDefaults( $this->mName );
406  } else {
407  $this->loadFromId( $flags );
408  }
409  break;
410  case 'id':
411  // Make sure this thread sees its own changes, if the ID isn't 0
412  if ( $this->mId != 0 ) {
413  $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
414  if ( $lb->hasOrMadeRecentMasterChanges() ) {
415  $flags |= self::READ_LATEST;
416  $this->queryFlagsUsed = $flags;
417  }
418  }
419 
420  $this->loadFromId( $flags );
421  break;
422  case 'actor':
423  // Make sure this thread sees its own changes
424  if ( wfGetLB()->hasOrMadeRecentMasterChanges() ) {
425  $flags |= self::READ_LATEST;
426  $this->queryFlagsUsed = $flags;
427  }
428 
429  list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
430  $row = wfGetDB( $index )->selectRow(
431  'actor',
432  [ 'actor_user', 'actor_name' ],
433  [ 'actor_id' => $this->mActorId ],
434  __METHOD__,
435  $options
436  );
437 
438  if ( !$row ) {
439  // Ugh.
440  $this->loadDefaults();
441  } elseif ( $row->actor_user ) {
442  $this->mId = $row->actor_user;
443  $this->loadFromId( $flags );
444  } else {
445  $this->loadDefaults( $row->actor_name );
446  }
447  break;
448  case 'session':
449  if ( !$this->loadFromSession() ) {
450  // Loading from session failed. Load defaults.
451  $this->loadDefaults();
452  }
453  Hooks::run( 'UserLoadAfterLoadFromSession', [ $this ] );
454  break;
455  default:
456  throw new UnexpectedValueException(
457  "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
458  }
459  }
460 
466  public function loadFromId( $flags = self::READ_NORMAL ) {
467  if ( $this->mId == 0 ) {
468  // Anonymous users are not in the database (don't need cache)
469  $this->loadDefaults();
470  return false;
471  }
472 
473  // Try cache (unless this needs data from the master DB).
474  // NOTE: if this thread called saveSettings(), the cache was cleared.
475  $latest = DBAccessObjectUtils::hasFlags( $flags, self::READ_LATEST );
476  if ( $latest ) {
477  if ( !$this->loadFromDatabase( $flags ) ) {
478  // Can't load from ID
479  return false;
480  }
481  } else {
482  $this->loadFromCache();
483  }
484 
485  $this->mLoadedItems = true;
486  $this->queryFlagsUsed = $flags;
487 
488  return true;
489  }
490 
496  public static function purge( $wikiId, $userId ) {
497  $cache = ObjectCache::getMainWANInstance();
498  $key = $cache->makeGlobalKey( 'user', 'id', $wikiId, $userId );
499  $cache->delete( $key );
500  }
501 
507  protected function getCacheKey( WANObjectCache $cache ) {
508  return $cache->makeGlobalKey( 'user', 'id', wfWikiID(), $this->mId );
509  }
510 
516  public function getMutableCacheKeys( WANObjectCache $cache ) {
517  $id = $this->getId();
518 
519  return $id ? [ $this->getCacheKey( $cache ) ] : [];
520  }
521 
528  protected function loadFromCache() {
529  $cache = ObjectCache::getMainWANInstance();
530  $data = $cache->getWithSetCallback(
531  $this->getCacheKey( $cache ),
532  $cache::TTL_HOUR,
533  function ( $oldValue, &$ttl, array &$setOpts ) use ( $cache ) {
534  $setOpts += Database::getCacheSetOptions( wfGetDB( DB_REPLICA ) );
535  wfDebug( "User: cache miss for user {$this->mId}\n" );
536 
537  $this->loadFromDatabase( self::READ_NORMAL );
538  $this->loadGroups();
539  $this->loadOptions();
540 
541  $data = [];
542  foreach ( self::$mCacheVars as $name ) {
543  $data[$name] = $this->$name;
544  }
545 
546  $ttl = $cache->adaptiveTTL( wfTimestamp( TS_UNIX, $this->mTouched ), $ttl );
547 
548  // if a user group membership is about to expire, the cache needs to
549  // expire at that time (T163691)
550  foreach ( $this->mGroupMemberships as $ugm ) {
551  if ( $ugm->getExpiry() ) {
552  $secondsUntilExpiry = wfTimestamp( TS_UNIX, $ugm->getExpiry() ) - time();
553  if ( $secondsUntilExpiry > 0 && $secondsUntilExpiry < $ttl ) {
554  $ttl = $secondsUntilExpiry;
555  }
556  }
557  }
558 
559  return $data;
560  },
561  [ 'pcTTL' => $cache::TTL_PROC_LONG, 'version' => self::VERSION ]
562  );
563 
564  // Restore from cache
565  foreach ( self::$mCacheVars as $name ) {
566  $this->$name = $data[$name];
567  }
568 
569  return true;
570  }
571 
573  // @{
574 
591  public static function newFromName( $name, $validate = 'valid' ) {
592  if ( $validate === true ) {
593  $validate = 'valid';
594  }
595  $name = self::getCanonicalName( $name, $validate );
596  if ( $name === false ) {
597  return false;
598  } else {
599  // Create unloaded user object
600  $u = new User;
601  $u->mName = $name;
602  $u->mFrom = 'name';
603  $u->setItemLoaded( 'name' );
604  return $u;
605  }
606  }
607 
614  public static function newFromId( $id ) {
615  $u = new User;
616  $u->mId = $id;
617  $u->mFrom = 'id';
618  $u->setItemLoaded( 'id' );
619  return $u;
620  }
621 
629  public static function newFromActorId( $id ) {
630  global $wgActorTableSchemaMigrationStage;
631 
632  if ( $wgActorTableSchemaMigrationStage <= MIGRATION_OLD ) {
633  throw new BadMethodCallException(
634  'Cannot use ' . __METHOD__ . ' when $wgActorTableSchemaMigrationStage is MIGRATION_OLD'
635  );
636  }
637 
638  $u = new User;
639  $u->mActorId = $id;
640  $u->mFrom = 'actor';
641  $u->setItemLoaded( 'actor' );
642  return $u;
643  }
644 
657  public static function newFromAnyId( $userId, $userName, $actorId ) {
658  global $wgActorTableSchemaMigrationStage;
659 
660  $user = new User;
661  $user->mFrom = 'defaults';
662 
663  if ( $wgActorTableSchemaMigrationStage > MIGRATION_OLD && $actorId !== null ) {
664  $user->mActorId = (int)$actorId;
665  if ( $user->mActorId !== 0 ) {
666  $user->mFrom = 'actor';
667  }
668  $user->setItemLoaded( 'actor' );
669  }
670 
671  if ( $userName !== null && $userName !== '' ) {
672  $user->mName = $userName;
673  $user->mFrom = 'name';
674  $user->setItemLoaded( 'name' );
675  }
676 
677  if ( $userId !== null ) {
678  $user->mId = (int)$userId;
679  if ( $user->mId !== 0 ) {
680  $user->mFrom = 'id';
681  }
682  $user->setItemLoaded( 'id' );
683  }
684 
685  if ( $user->mFrom === 'defaults' ) {
686  throw new InvalidArgumentException(
687  'Cannot create a user with no name, no ID, and no actor ID'
688  );
689  }
690 
691  return $user;
692  }
693 
705  public static function newFromConfirmationCode( $code, $flags = 0 ) {
706  $db = ( $flags & self::READ_LATEST ) == self::READ_LATEST
707  ? wfGetDB( DB_MASTER )
708  : wfGetDB( DB_REPLICA );
709 
710  $id = $db->selectField(
711  'user',
712  'user_id',
713  [
714  'user_email_token' => md5( $code ),
715  'user_email_token_expires > ' . $db->addQuotes( $db->timestamp() ),
716  ]
717  );
718 
719  return $id ? self::newFromId( $id ) : null;
720  }
721 
729  public static function newFromSession( WebRequest $request = null ) {
730  $user = new User;
731  $user->mFrom = 'session';
732  $user->mRequest = $request;
733  return $user;
734  }
735 
750  public static function newFromRow( $row, $data = null ) {
751  $user = new User;
752  $user->loadFromRow( $row, $data );
753  return $user;
754  }
755 
791  public static function newSystemUser( $name, $options = [] ) {
792  $options += [
793  'validate' => 'valid',
794  'create' => true,
795  'steal' => false,
796  ];
797 
798  $name = self::getCanonicalName( $name, $options['validate'] );
799  if ( $name === false ) {
800  return null;
801  }
802 
803  $dbr = wfGetDB( DB_REPLICA );
804  $userQuery = self::getQueryInfo();
805  $row = $dbr->selectRow(
806  $userQuery['tables'],
807  $userQuery['fields'],
808  [ 'user_name' => $name ],
809  __METHOD__,
810  [],
811  $userQuery['joins']
812  );
813  if ( !$row ) {
814  // Try the master database...
815  $dbw = wfGetDB( DB_MASTER );
816  $row = $dbw->selectRow(
817  $userQuery['tables'],
818  $userQuery['fields'],
819  [ 'user_name' => $name ],
820  __METHOD__,
821  [],
822  $userQuery['joins']
823  );
824  }
825 
826  if ( !$row ) {
827  // No user. Create it?
828  return $options['create']
829  ? self::createNew( $name, [ 'token' => self::INVALID_TOKEN ] )
830  : null;
831  }
832 
833  $user = self::newFromRow( $row );
834 
835  // A user is considered to exist as a non-system user if it can
836  // authenticate, or has an email set, or has a non-invalid token.
837  if ( $user->mEmail || $user->mToken !== self::INVALID_TOKEN ||
838  AuthManager::singleton()->userCanAuthenticate( $name )
839  ) {
840  // User exists. Steal it?
841  if ( !$options['steal'] ) {
842  return null;
843  }
844 
845  AuthManager::singleton()->revokeAccessForUser( $name );
846 
847  $user->invalidateEmail();
848  $user->mToken = self::INVALID_TOKEN;
849  $user->saveSettings();
850  SessionManager::singleton()->preventSessionsForUser( $user->getName() );
851  }
852 
853  return $user;
854  }
855 
856  // @}
857 
863  public static function whoIs( $id ) {
864  return UserCache::singleton()->getProp( $id, 'name' );
865  }
866 
873  public static function whoIsReal( $id ) {
874  return UserCache::singleton()->getProp( $id, 'real_name' );
875  }
876 
883  public static function idFromName( $name, $flags = self::READ_NORMAL ) {
884  $nt = Title::makeTitleSafe( NS_USER, $name );
885  if ( is_null( $nt ) ) {
886  // Illegal name
887  return null;
888  }
889 
890  if ( !( $flags & self::READ_LATEST ) && array_key_exists( $name, self::$idCacheByName ) ) {
891  return self::$idCacheByName[$name];
892  }
893 
894  list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
895  $db = wfGetDB( $index );
896 
897  $s = $db->selectRow(
898  'user',
899  [ 'user_id' ],
900  [ 'user_name' => $nt->getText() ],
901  __METHOD__,
902  $options
903  );
904 
905  if ( $s === false ) {
906  $result = null;
907  } else {
908  $result = $s->user_id;
909  }
910 
911  self::$idCacheByName[$name] = $result;
912 
913  if ( count( self::$idCacheByName ) > 1000 ) {
914  self::$idCacheByName = [];
915  }
916 
917  return $result;
918  }
919 
923  public static function resetIdByNameCache() {
924  self::$idCacheByName = [];
925  }
926 
943  public static function isIP( $name ) {
944  return preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/', $name )
945  || IP::isIPv6( $name );
946  }
947 
954  public function isIPRange() {
955  return IP::isValidRange( $this->mName );
956  }
957 
969  public static function isValidUserName( $name ) {
970  global $wgContLang, $wgMaxNameChars;
971 
972  if ( $name == ''
973  || self::isIP( $name )
974  || strpos( $name, '/' ) !== false
975  || strlen( $name ) > $wgMaxNameChars
976  || $name != $wgContLang->ucfirst( $name )
977  ) {
978  return false;
979  }
980 
981  // Ensure that the name can't be misresolved as a different title,
982  // such as with extra namespace keys at the start.
983  $parsed = Title::newFromText( $name );
984  if ( is_null( $parsed )
985  || $parsed->getNamespace()
986  || strcmp( $name, $parsed->getPrefixedText() ) ) {
987  return false;
988  }
989 
990  // Check an additional blacklist of troublemaker characters.
991  // Should these be merged into the title char list?
992  $unicodeBlacklist = '/[' .
993  '\x{0080}-\x{009f}' . # iso-8859-1 control chars
994  '\x{00a0}' . # non-breaking space
995  '\x{2000}-\x{200f}' . # various whitespace
996  '\x{2028}-\x{202f}' . # breaks and control chars
997  '\x{3000}' . # ideographic space
998  '\x{e000}-\x{f8ff}' . # private use
999  ']/u';
1000  if ( preg_match( $unicodeBlacklist, $name ) ) {
1001  return false;
1002  }
1003 
1004  return true;
1005  }
1006 
1018  public static function isUsableName( $name ) {
1019  global $wgReservedUsernames;
1020  // Must be a valid username, obviously ;)
1021  if ( !self::isValidUserName( $name ) ) {
1022  return false;
1023  }
1024 
1025  static $reservedUsernames = false;
1026  if ( !$reservedUsernames ) {
1027  $reservedUsernames = $wgReservedUsernames;
1028  Hooks::run( 'UserGetReservedNames', [ &$reservedUsernames ] );
1029  }
1030 
1031  // Certain names may be reserved for batch processes.
1032  foreach ( $reservedUsernames as $reserved ) {
1033  if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
1034  $reserved = wfMessage( substr( $reserved, 4 ) )->inContentLanguage()->text();
1035  }
1036  if ( $reserved == $name ) {
1037  return false;
1038  }
1039  }
1040  return true;
1041  }
1042 
1053  public static function findUsersByGroup( $groups, $limit = 5000, $after = null ) {
1054  if ( $groups === [] ) {
1055  return UserArrayFromResult::newFromIDs( [] );
1056  }
1057 
1058  $groups = array_unique( (array)$groups );
1059  $limit = min( 5000, $limit );
1060 
1061  $conds = [ 'ug_group' => $groups ];
1062  if ( $after !== null ) {
1063  $conds[] = 'ug_user > ' . (int)$after;
1064  }
1065 
1066  $dbr = wfGetDB( DB_REPLICA );
1067  $ids = $dbr->selectFieldValues(
1068  'user_groups',
1069  'ug_user',
1070  $conds,
1071  __METHOD__,
1072  [
1073  'DISTINCT' => true,
1074  'ORDER BY' => 'ug_user',
1075  'LIMIT' => $limit,
1076  ]
1077  ) ?: [];
1078  return UserArray::newFromIDs( $ids );
1079  }
1080 
1093  public static function isCreatableName( $name ) {
1094  global $wgInvalidUsernameCharacters;
1095 
1096  // Ensure that the username isn't longer than 235 bytes, so that
1097  // (at least for the builtin skins) user javascript and css files
1098  // will work. (T25080)
1099  if ( strlen( $name ) > 235 ) {
1100  wfDebugLog( 'username', __METHOD__ .
1101  ": '$name' invalid due to length" );
1102  return false;
1103  }
1104 
1105  // Preg yells if you try to give it an empty string
1106  if ( $wgInvalidUsernameCharacters !== '' ) {
1107  if ( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
1108  wfDebugLog( 'username', __METHOD__ .
1109  ": '$name' invalid due to wgInvalidUsernameCharacters" );
1110  return false;
1111  }
1112  }
1113 
1114  return self::isUsableName( $name );
1115  }
1116 
1123  public function isValidPassword( $password ) {
1124  // simple boolean wrapper for getPasswordValidity
1125  return $this->getPasswordValidity( $password ) === true;
1126  }
1127 
1134  public function getPasswordValidity( $password ) {
1135  $result = $this->checkPasswordValidity( $password );
1136  if ( $result->isGood() ) {
1137  return true;
1138  } else {
1139  $messages = [];
1140  foreach ( $result->getErrorsByType( 'error' ) as $error ) {
1141  $messages[] = $error['message'];
1142  }
1143  foreach ( $result->getErrorsByType( 'warning' ) as $warning ) {
1144  $messages[] = $warning['message'];
1145  }
1146  if ( count( $messages ) === 1 ) {
1147  return $messages[0];
1148  }
1149  return $messages;
1150  }
1151  }
1152 
1170  public function checkPasswordValidity( $password ) {
1171  global $wgPasswordPolicy;
1172 
1173  $upp = new UserPasswordPolicy(
1174  $wgPasswordPolicy['policies'],
1175  $wgPasswordPolicy['checks']
1176  );
1177 
1178  $status = Status::newGood();
1179  $result = false; // init $result to false for the internal checks
1180 
1181  if ( !Hooks::run( 'isValidPassword', [ $password, &$result, $this ] ) ) {
1182  $status->error( $result );
1183  return $status;
1184  }
1185 
1186  if ( $result === false ) {
1187  $status->merge( $upp->checkUserPassword( $this, $password ) );
1188  return $status;
1189  } elseif ( $result === true ) {
1190  return $status;
1191  } else {
1192  $status->error( $result );
1193  return $status; // the isValidPassword hook set a string $result and returned true
1194  }
1195  }
1196 
1210  public static function getCanonicalName( $name, $validate = 'valid' ) {
1211  // Force usernames to capital
1212  global $wgContLang;
1213  $name = $wgContLang->ucfirst( $name );
1214 
1215  # Reject names containing '#'; these will be cleaned up
1216  # with title normalisation, but then it's too late to
1217  # check elsewhere
1218  if ( strpos( $name, '#' ) !== false ) {
1219  return false;
1220  }
1221 
1222  // Clean up name according to title rules,
1223  // but only when validation is requested (T14654)
1224  $t = ( $validate !== false ) ?
1225  Title::newFromText( $name, NS_USER ) : Title::makeTitle( NS_USER, $name );
1226  // Check for invalid titles
1227  if ( is_null( $t ) || $t->getNamespace() !== NS_USER || $t->isExternal() ) {
1228  return false;
1229  }
1230 
1231  // Reject various classes of invalid names
1232  $name = AuthManager::callLegacyAuthPlugin(
1233  'getCanonicalName', [ $t->getText() ], $t->getText()
1234  );
1235 
1236  switch ( $validate ) {
1237  case false:
1238  break;
1239  case 'valid':
1240  if ( !self::isValidUserName( $name ) ) {
1241  $name = false;
1242  }
1243  break;
1244  case 'usable':
1245  if ( !self::isUsableName( $name ) ) {
1246  $name = false;
1247  }
1248  break;
1249  case 'creatable':
1250  if ( !self::isCreatableName( $name ) ) {
1251  $name = false;
1252  }
1253  break;
1254  default:
1255  throw new InvalidArgumentException(
1256  'Invalid parameter value for $validate in ' . __METHOD__ );
1257  }
1258  return $name;
1259  }
1260 
1267  public static function randomPassword() {
1268  global $wgMinimalPasswordLength;
1269  return PasswordFactory::generateRandomPasswordString( $wgMinimalPasswordLength );
1270  }
1271 
1280  public function loadDefaults( $name = false ) {
1281  $this->mId = 0;
1282  $this->mName = $name;
1283  $this->mActorId = null;
1284  $this->mRealName = '';
1285  $this->mEmail = '';
1286  $this->mOptionOverrides = null;
1287  $this->mOptionsLoaded = false;
1288 
1289  $loggedOut = $this->mRequest && !defined( 'MW_NO_SESSION' )
1290  ? $this->mRequest->getSession()->getLoggedOutTimestamp() : 0;
1291  if ( $loggedOut !== 0 ) {
1292  $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
1293  } else {
1294  $this->mTouched = '1'; # Allow any pages to be cached
1295  }
1296 
1297  $this->mToken = null; // Don't run cryptographic functions till we need a token
1298  $this->mEmailAuthenticated = null;
1299  $this->mEmailToken = '';
1300  $this->mEmailTokenExpires = null;
1301  $this->mRegistration = wfTimestamp( TS_MW );
1302  $this->mGroupMemberships = [];
1303 
1304  Hooks::run( 'UserLoadDefaults', [ $this, $name ] );
1305  }
1306 
1319  public function isItemLoaded( $item, $all = 'all' ) {
1320  return ( $this->mLoadedItems === true && $all === 'all' ) ||
1321  ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
1322  }
1323 
1329  protected function setItemLoaded( $item ) {
1330  if ( is_array( $this->mLoadedItems ) ) {
1331  $this->mLoadedItems[$item] = true;
1332  }
1333  }
1334 
1340  private function loadFromSession() {
1341  // Deprecated hook
1342  $result = null;
1343  Hooks::run( 'UserLoadFromSession', [ $this, &$result ], '1.27' );
1344  if ( $result !== null ) {
1345  return $result;
1346  }
1347 
1348  // MediaWiki\Session\Session already did the necessary authentication of the user
1349  // returned here, so just use it if applicable.
1350  $session = $this->getRequest()->getSession();
1351  $user = $session->getUser();
1352  if ( $user->isLoggedIn() ) {
1353  $this->loadFromUserObject( $user );
1354 
1355  // If this user is autoblocked, set a cookie to track the Block. This has to be done on
1356  // every session load, because an autoblocked editor might not edit again from the same
1357  // IP address after being blocked.
1358  $config = RequestContext::getMain()->getConfig();
1359  if ( $config->get( 'CookieSetOnAutoblock' ) === true ) {
1360  $block = $this->getBlock();
1361  $shouldSetCookie = $this->getRequest()->getCookie( 'BlockID' ) === null
1362  && $block
1363  && $block->getType() === Block::TYPE_USER
1364  && $block->isAutoblocking();
1365  if ( $shouldSetCookie ) {
1366  wfDebug( __METHOD__ . ': User is autoblocked, setting cookie to track' );
1367  $block->setCookie( $this->getRequest()->response() );
1368  }
1369  }
1370 
1371  // Other code expects these to be set in the session, so set them.
1372  $session->set( 'wsUserID', $this->getId() );
1373  $session->set( 'wsUserName', $this->getName() );
1374  $session->set( 'wsToken', $this->getToken() );
1375  return true;
1376  }
1377  return false;
1378  }
1379 
1387  public function loadFromDatabase( $flags = self::READ_LATEST ) {
1388  // Paranoia
1389  $this->mId = intval( $this->mId );
1390 
1391  if ( !$this->mId ) {
1392  // Anonymous users are not in the database
1393  $this->loadDefaults();
1394  return false;
1395  }
1396 
1397  list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
1398  $db = wfGetDB( $index );
1399 
1400  $userQuery = self::getQueryInfo();
1401  $s = $db->selectRow(
1402  $userQuery['tables'],
1403  $userQuery['fields'],
1404  [ 'user_id' => $this->mId ],
1405  __METHOD__,
1406  $options,
1407  $userQuery['joins']
1408  );
1409 
1410  $this->queryFlagsUsed = $flags;
1411  Hooks::run( 'UserLoadFromDatabase', [ $this, &$s ] );
1412 
1413  if ( $s !== false ) {
1414  // Initialise user table data
1415  $this->loadFromRow( $s );
1416  $this->mGroupMemberships = null; // deferred
1417  $this->getEditCount(); // revalidation for nulls
1418  return true;
1419  } else {
1420  // Invalid user_id
1421  $this->mId = 0;
1422  $this->loadDefaults();
1423  return false;
1424  }
1425  }
1426 
1439  protected function loadFromRow( $row, $data = null ) {
1440  global $wgActorTableSchemaMigrationStage;
1441 
1442  if ( !is_object( $row ) ) {
1443  throw new InvalidArgumentException( '$row must be an object' );
1444  }
1445 
1446  $all = true;
1447 
1448  $this->mGroupMemberships = null; // deferred
1449 
1450  if ( $wgActorTableSchemaMigrationStage > MIGRATION_OLD ) {
1451  if ( isset( $row->actor_id ) ) {
1452  $this->mActorId = (int)$row->actor_id;
1453  if ( $this->mActorId !== 0 ) {
1454  $this->mFrom = 'actor';
1455  }
1456  $this->setItemLoaded( 'actor' );
1457  } else {
1458  $all = false;
1459  }
1460  }
1461 
1462  if ( isset( $row->user_name ) && $row->user_name !== '' ) {
1463  $this->mName = $row->user_name;
1464  $this->mFrom = 'name';
1465  $this->setItemLoaded( 'name' );
1466  } else {
1467  $all = false;
1468  }
1469 
1470  if ( isset( $row->user_real_name ) ) {
1471  $this->mRealName = $row->user_real_name;
1472  $this->setItemLoaded( 'realname' );
1473  } else {
1474  $all = false;
1475  }
1476 
1477  if ( isset( $row->user_id ) ) {
1478  $this->mId = intval( $row->user_id );
1479  if ( $this->mId !== 0 ) {
1480  $this->mFrom = 'id';
1481  }
1482  $this->setItemLoaded( 'id' );
1483  } else {
1484  $all = false;
1485  }
1486 
1487  if ( isset( $row->user_id ) && isset( $row->user_name ) && $row->user_name !== '' ) {
1488  self::$idCacheByName[$row->user_name] = $row->user_id;
1489  }
1490 
1491  if ( isset( $row->user_editcount ) ) {
1492  $this->mEditCount = $row->user_editcount;
1493  } else {
1494  $all = false;
1495  }
1496 
1497  if ( isset( $row->user_touched ) ) {
1498  $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
1499  } else {
1500  $all = false;
1501  }
1502 
1503  if ( isset( $row->user_token ) ) {
1504  // The definition for the column is binary(32), so trim the NULs
1505  // that appends. The previous definition was char(32), so trim
1506  // spaces too.
1507  $this->mToken = rtrim( $row->user_token, " \0" );
1508  if ( $this->mToken === '' ) {
1509  $this->mToken = null;
1510  }
1511  } else {
1512  $all = false;
1513  }
1514 
1515  if ( isset( $row->user_email ) ) {
1516  $this->mEmail = $row->user_email;
1517  $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1518  $this->mEmailToken = $row->user_email_token;
1519  $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1520  $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1521  } else {
1522  $all = false;
1523  }
1524 
1525  if ( $all ) {
1526  $this->mLoadedItems = true;
1527  }
1528 
1529  if ( is_array( $data ) ) {
1530  if ( isset( $data['user_groups'] ) && is_array( $data['user_groups'] ) ) {
1531  if ( !count( $data['user_groups'] ) ) {
1532  $this->mGroupMemberships = [];
1533  } else {
1534  $firstGroup = reset( $data['user_groups'] );
1535  if ( is_array( $firstGroup ) || is_object( $firstGroup ) ) {
1536  $this->mGroupMemberships = [];
1537  foreach ( $data['user_groups'] as $row ) {
1538  $ugm = UserGroupMembership::newFromRow( (object)$row );
1539  $this->mGroupMemberships[$ugm->getGroup()] = $ugm;
1540  }
1541  }
1542  }
1543  }
1544  if ( isset( $data['user_properties'] ) && is_array( $data['user_properties'] ) ) {
1545  $this->loadOptions( $data['user_properties'] );
1546  }
1547  }
1548  }
1549 
1555  protected function loadFromUserObject( $user ) {
1556  $user->load();
1557  foreach ( self::$mCacheVars as $var ) {
1558  $this->$var = $user->$var;
1559  }
1560  }
1561 
1565  private function loadGroups() {
1566  if ( is_null( $this->mGroupMemberships ) ) {
1567  $db = ( $this->queryFlagsUsed & self::READ_LATEST )
1568  ? wfGetDB( DB_MASTER )
1569  : wfGetDB( DB_REPLICA );
1570  $this->mGroupMemberships = UserGroupMembership::getMembershipsForUser(
1571  $this->mId, $db );
1572  }
1573  }
1574 
1589  public function addAutopromoteOnceGroups( $event ) {
1590  global $wgAutopromoteOnceLogInRC;
1591 
1592  if ( wfReadOnly() || !$this->getId() ) {
1593  return [];
1594  }
1595 
1596  $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1597  if ( !count( $toPromote ) ) {
1598  return [];
1599  }
1600 
1601  if ( !$this->checkAndSetTouched() ) {
1602  return []; // raced out (bug T48834)
1603  }
1604 
1605  $oldGroups = $this->getGroups(); // previous groups
1606  $oldUGMs = $this->getGroupMemberships();
1607  foreach ( $toPromote as $group ) {
1608  $this->addGroup( $group );
1609  }
1610  $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1611  $newUGMs = $this->getGroupMemberships();
1612 
1613  // update groups in external authentication database
1614  Hooks::run( 'UserGroupsChanged', [ $this, $toPromote, [], false, false, $oldUGMs, $newUGMs ] );
1615  AuthManager::callLegacyAuthPlugin( 'updateExternalDBGroups', [ $this, $toPromote ] );
1616 
1617  $logEntry = new ManualLogEntry( 'rights', 'autopromote' );
1618  $logEntry->setPerformer( $this );
1619  $logEntry->setTarget( $this->getUserPage() );
1620  $logEntry->setParameters( [
1621  '4::oldgroups' => $oldGroups,
1622  '5::newgroups' => $newGroups,
1623  ] );
1624  $logid = $logEntry->insert();
1625  if ( $wgAutopromoteOnceLogInRC ) {
1626  $logEntry->publish( $logid );
1627  }
1628 
1629  return $toPromote;
1630  }
1631 
1641  protected function makeUpdateConditions( Database $db, array $conditions ) {
1642  if ( $this->mTouched ) {
1643  // CAS check: only update if the row wasn't changed sicne it was loaded.
1644  $conditions['user_touched'] = $db->timestamp( $this->mTouched );
1645  }
1646 
1647  return $conditions;
1648  }
1649 
1659  protected function checkAndSetTouched() {
1660  $this->load();
1661 
1662  if ( !$this->mId ) {
1663  return false; // anon
1664  }
1665 
1666  // Get a new user_touched that is higher than the old one
1667  $newTouched = $this->newTouchedTimestamp();
1668 
1669  $dbw = wfGetDB( DB_MASTER );
1670  $dbw->update( 'user',
1671  [ 'user_touched' => $dbw->timestamp( $newTouched ) ],
1672  $this->makeUpdateConditions( $dbw, [
1673  'user_id' => $this->mId,
1674  ] ),
1675  __METHOD__
1676  );
1677  $success = ( $dbw->affectedRows() > 0 );
1678 
1679  if ( $success ) {
1680  $this->mTouched = $newTouched;
1681  $this->clearSharedCache();
1682  } else {
1683  // Clears on failure too since that is desired if the cache is stale
1684  $this->clearSharedCache( 'refresh' );
1685  }
1686 
1687  return $success;
1688  }
1689 
1697  public function clearInstanceCache( $reloadFrom = false ) {
1698  $this->mNewtalk = -1;
1699  $this->mDatePreference = null;
1700  $this->mBlockedby = -1; # Unset
1701  $this->mHash = false;
1702  $this->mRights = null;
1703  $this->mEffectiveGroups = null;
1704  $this->mImplicitGroups = null;
1705  $this->mGroupMemberships = null;
1706  $this->mOptions = null;
1707  $this->mOptionsLoaded = false;
1708  $this->mEditCount = null;
1709 
1710  if ( $reloadFrom ) {
1711  $this->mLoadedItems = [];
1712  $this->mFrom = $reloadFrom;
1713  }
1714  }
1715 
1722  public static function getDefaultOptions() {
1723  global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;
1724 
1725  static $defOpt = null;
1726  static $defOptLang = null;
1727 
1728  if ( $defOpt !== null && $defOptLang === $wgContLang->getCode() ) {
1729  // $wgContLang does not change (and should not change) mid-request,
1730  // but the unit tests change it anyway, and expect this method to
1731  // return values relevant to the current $wgContLang.
1732  return $defOpt;
1733  }
1734 
1735  $defOpt = $wgDefaultUserOptions;
1736  // Default language setting
1737  $defOptLang = $wgContLang->getCode();
1738  $defOpt['language'] = $defOptLang;
1739  foreach ( LanguageConverter::$languagesWithVariants as $langCode ) {
1740  $defOpt[$langCode == $wgContLang->getCode() ? 'variant' : "variant-$langCode"] = $langCode;
1741  }
1742 
1743  // NOTE: don't use SearchEngineConfig::getSearchableNamespaces here,
1744  // since extensions may change the set of searchable namespaces depending
1745  // on user groups/permissions.
1746  foreach ( $wgNamespacesToBeSearchedDefault as $nsnum => $val ) {
1747  $defOpt['searchNs' . $nsnum] = (bool)$val;
1748  }
1749  $defOpt['skin'] = Skin::normalizeKey( $wgDefaultSkin );
1750 
1751  Hooks::run( 'UserGetDefaultOptions', [ &$defOpt ] );
1752 
1753  return $defOpt;
1754  }
1755 
1762  public static function getDefaultOption( $opt ) {
1763  $defOpts = self::getDefaultOptions();
1764  if ( isset( $defOpts[$opt] ) ) {
1765  return $defOpts[$opt];
1766  } else {
1767  return null;
1768  }
1769  }
1770 
1777  private function getBlockedStatus( $bFromSlave = true ) {
1778  global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff, $wgSoftBlockRanges;
1779 
1780  if ( -1 != $this->mBlockedby ) {
1781  return;
1782  }
1783 
1784  wfDebug( __METHOD__ . ": checking...\n" );
1785 
1786  // Initialize data...
1787  // Otherwise something ends up stomping on $this->mBlockedby when
1788  // things get lazy-loaded later, causing false positive block hits
1789  // due to -1 !== 0. Probably session-related... Nothing should be
1790  // overwriting mBlockedby, surely?
1791  $this->load();
1792 
1793  # We only need to worry about passing the IP address to the Block generator if the
1794  # user is not immune to autoblocks/hardblocks, and they are the current user so we
1795  # know which IP address they're actually coming from
1796  $ip = null;
1797  if ( !$this->isAllowed( 'ipblock-exempt' ) ) {
1798  // $wgUser->getName() only works after the end of Setup.php. Until
1799  // then, assume it's a logged-out user.
1800  $globalUserName = $wgUser->isSafeToLoad()
1801  ? $wgUser->getName()
1802  : IP::sanitizeIP( $wgUser->getRequest()->getIP() );
1803  if ( $this->getName() === $globalUserName ) {
1804  $ip = $this->getRequest()->getIP();
1805  }
1806  }
1807 
1808  // User/IP blocking
1809  $block = Block::newFromTarget( $this, $ip, !$bFromSlave );
1810 
1811  // Cookie blocking
1812  if ( !$block instanceof Block ) {
1813  $block = $this->getBlockFromCookieValue( $this->getRequest()->getCookie( 'BlockID' ) );
1814  }
1815 
1816  // Proxy blocking
1817  if ( !$block instanceof Block && $ip !== null && !in_array( $ip, $wgProxyWhitelist ) ) {
1818  // Local list
1819  if ( self::isLocallyBlockedProxy( $ip ) ) {
1820  $block = new Block( [
1821  'byText' => wfMessage( 'proxyblocker' )->text(),
1822  'reason' => wfMessage( 'proxyblockreason' )->text(),
1823  'address' => $ip,
1824  'systemBlock' => 'proxy',
1825  ] );
1826  } elseif ( $this->isAnon() && $this->isDnsBlacklisted( $ip ) ) {
1827  $block = new Block( [
1828  'byText' => wfMessage( 'sorbs' )->text(),
1829  'reason' => wfMessage( 'sorbsreason' )->text(),
1830  'address' => $ip,
1831  'systemBlock' => 'dnsbl',
1832  ] );
1833  }
1834  }
1835 
1836  // (T25343) Apply IP blocks to the contents of XFF headers, if enabled
1837  if ( !$block instanceof Block
1838  && $wgApplyIpBlocksToXff
1839  && $ip !== null
1840  && !in_array( $ip, $wgProxyWhitelist )
1841  ) {
1842  $xff = $this->getRequest()->getHeader( 'X-Forwarded-For' );
1843  $xff = array_map( 'trim', explode( ',', $xff ) );
1844  $xff = array_diff( $xff, [ $ip ] );
1845  $xffblocks = Block::getBlocksForIPList( $xff, $this->isAnon(), !$bFromSlave );
1846  $block = Block::chooseBlock( $xffblocks, $xff );
1847  if ( $block instanceof Block ) {
1848  # Mangle the reason to alert the user that the block
1849  # originated from matching the X-Forwarded-For header.
1850  $block->mReason = wfMessage( 'xffblockreason', $block->mReason )->text();
1851  }
1852  }
1853 
1854  if ( !$block instanceof Block
1855  && $ip !== null
1856  && $this->isAnon()
1857  && IP::isInRanges( $ip, $wgSoftBlockRanges )
1858  ) {
1859  $block = new Block( [
1860  'address' => $ip,
1861  'byText' => 'MediaWiki default',
1862  'reason' => wfMessage( 'softblockrangesreason', $ip )->text(),
1863  'anonOnly' => true,
1864  'systemBlock' => 'wgSoftBlockRanges',
1865  ] );
1866  }
1867 
1868  if ( $block instanceof Block ) {
1869  wfDebug( __METHOD__ . ": Found block.\n" );
1870  $this->mBlock = $block;
1871  $this->mBlockedby = $block->getByName();
1872  $this->mBlockreason = $block->mReason;
1873  $this->mHideName = $block->mHideName;
1874  $this->mAllowUsertalk = !$block->prevents( 'editownusertalk' );
1875  } else {
1876  $this->mBlock = null;
1877  $this->mBlockedby = '';
1878  $this->mBlockreason = '';
1879  $this->mHideName = 0;
1880  $this->mAllowUsertalk = false;
1881  }
1882 
1883  // Avoid PHP 7.1 warning of passing $this by reference
1884  $user = $this;
1885  // Extensions
1886  Hooks::run( 'GetBlockedStatus', [ &$user ] );
1887  }
1888 
1894  protected function getBlockFromCookieValue( $blockCookieVal ) {
1895  // Make sure there's something to check. The cookie value must start with a number.
1896  if ( strlen( $blockCookieVal ) < 1 || !is_numeric( substr( $blockCookieVal, 0, 1 ) ) ) {
1897  return false;
1898  }
1899  // Load the Block from the ID in the cookie.
1900  $blockCookieId = Block::getIdFromCookieValue( $blockCookieVal );
1901  if ( $blockCookieId !== null ) {
1902  // An ID was found in the cookie.
1903  $tmpBlock = Block::newFromID( $blockCookieId );
1904  if ( $tmpBlock instanceof Block ) {
1905  // Check the validity of the block.
1906  $blockIsValid = $tmpBlock->getType() == Block::TYPE_USER
1907  && !$tmpBlock->isExpired()
1908  && $tmpBlock->isAutoblocking();
1909  $config = RequestContext::getMain()->getConfig();
1910  $useBlockCookie = ( $config->get( 'CookieSetOnAutoblock' ) === true );
1911  if ( $blockIsValid && $useBlockCookie ) {
1912  // Use the block.
1913  return $tmpBlock;
1914  } else {
1915  // If the block is not valid, remove the cookie.
1916  Block::clearCookie( $this->getRequest()->response() );
1917  }
1918  } else {
1919  // If the block doesn't exist, remove the cookie.
1920  Block::clearCookie( $this->getRequest()->response() );
1921  }
1922  }
1923  return false;
1924  }
1925 
1933  public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1934  global $wgEnableDnsBlacklist, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1935 
1936  if ( !$wgEnableDnsBlacklist ) {
1937  return false;
1938  }
1939 
1940  if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) ) {
1941  return false;
1942  }
1943 
1944  return $this->inDnsBlacklist( $ip, $wgDnsBlacklistUrls );
1945  }
1946 
1954  public function inDnsBlacklist( $ip, $bases ) {
1955  $found = false;
1956  // @todo FIXME: IPv6 ??? (https://bugs.php.net/bug.php?id=33170)
1957  if ( IP::isIPv4( $ip ) ) {
1958  // Reverse IP, T23255
1959  $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
1960 
1961  foreach ( (array)$bases as $base ) {
1962  // Make hostname
1963  // If we have an access key, use that too (ProjectHoneypot, etc.)
1964  $basename = $base;
1965  if ( is_array( $base ) ) {
1966  if ( count( $base ) >= 2 ) {
1967  // Access key is 1, base URL is 0
1968  $host = "{$base[1]}.$ipReversed.{$base[0]}";
1969  } else {
1970  $host = "$ipReversed.{$base[0]}";
1971  }
1972  $basename = $base[0];
1973  } else {
1974  $host = "$ipReversed.$base";
1975  }
1976 
1977  // Send query
1978  $ipList = gethostbynamel( $host );
1979 
1980  if ( $ipList ) {
1981  wfDebugLog( 'dnsblacklist', "Hostname $host is {$ipList[0]}, it's a proxy says $basename!" );
1982  $found = true;
1983  break;
1984  } else {
1985  wfDebugLog( 'dnsblacklist', "Requested $host, not found in $basename." );
1986  }
1987  }
1988  }
1989 
1990  return $found;
1991  }
1992 
2000  public static function isLocallyBlockedProxy( $ip ) {
2001  global $wgProxyList;
2002 
2003  if ( !$wgProxyList ) {
2004  return false;
2005  }
2006 
2007  if ( !is_array( $wgProxyList ) ) {
2008  // Load values from the specified file
2009  $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
2010  }
2011 
2012  $resultProxyList = [];
2013  $deprecatedIPEntries = [];
2014 
2015  // backward compatibility: move all ip addresses in keys to values
2016  foreach ( $wgProxyList as $key => $value ) {
2017  $keyIsIP = IP::isIPAddress( $key );
2018  $valueIsIP = IP::isIPAddress( $value );
2019  if ( $keyIsIP && !$valueIsIP ) {
2020  $deprecatedIPEntries[] = $key;
2021  $resultProxyList[] = $key;
2022  } elseif ( $keyIsIP && $valueIsIP ) {
2023  $deprecatedIPEntries[] = $key;
2024  $resultProxyList[] = $key;
2025  $resultProxyList[] = $value;
2026  } else {
2027  $resultProxyList[] = $value;
2028  }
2029  }
2030 
2031  if ( $deprecatedIPEntries ) {
2032  wfDeprecated(
2033  'IP addresses in the keys of $wgProxyList (found the following IP addresses in keys: ' .
2034  implode( ', ', $deprecatedIPEntries ) . ', please move them to values)', '1.30' );
2035  }
2036 
2037  $proxyListIPSet = new IPSet( $resultProxyList );
2038  return $proxyListIPSet->match( $ip );
2039  }
2040 
2046  public function isPingLimitable() {
2047  global $wgRateLimitsExcludedIPs;
2048  if ( IP::isInRanges( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
2049  // No other good way currently to disable rate limits
2050  // for specific IPs. :P
2051  // But this is a crappy hack and should die.
2052  return false;
2053  }
2054  return !$this->isAllowed( 'noratelimit' );
2055  }
2056 
2071  public function pingLimiter( $action = 'edit', $incrBy = 1 ) {
2072  // Avoid PHP 7.1 warning of passing $this by reference
2073  $user = $this;
2074  // Call the 'PingLimiter' hook
2075  $result = false;
2076  if ( !Hooks::run( 'PingLimiter', [ &$user, $action, &$result, $incrBy ] ) ) {
2077  return $result;
2078  }
2079 
2080  global $wgRateLimits;
2081  if ( !isset( $wgRateLimits[$action] ) ) {
2082  return false;
2083  }
2084 
2085  $limits = array_merge(
2086  [ '&can-bypass' => true ],
2087  $wgRateLimits[$action]
2088  );
2089 
2090  // Some groups shouldn't trigger the ping limiter, ever
2091  if ( $limits['&can-bypass'] && !$this->isPingLimitable() ) {
2092  return false;
2093  }
2094 
2095  $keys = [];
2096  $id = $this->getId();
2097  $userLimit = false;
2098  $isNewbie = $this->isNewbie();
2099  $cache = ObjectCache::getLocalClusterInstance();
2100 
2101  if ( $id == 0 ) {
2102  // limits for anons
2103  if ( isset( $limits['anon'] ) ) {
2104  $keys[$cache->makeKey( 'limiter', $action, 'anon' )] = $limits['anon'];
2105  }
2106  } else {
2107  // limits for logged-in users
2108  if ( isset( $limits['user'] ) ) {
2109  $userLimit = $limits['user'];
2110  }
2111  // limits for newbie logged-in users
2112  if ( $isNewbie && isset( $limits['newbie'] ) ) {
2113  $keys[$cache->makeKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
2114  }
2115  }
2116 
2117  // limits for anons and for newbie logged-in users
2118  if ( $isNewbie ) {
2119  // ip-based limits
2120  if ( isset( $limits['ip'] ) ) {
2121  $ip = $this->getRequest()->getIP();
2122  $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
2123  }
2124  // subnet-based limits
2125  if ( isset( $limits['subnet'] ) ) {
2126  $ip = $this->getRequest()->getIP();
2127  $subnet = IP::getSubnet( $ip );
2128  if ( $subnet !== false ) {
2129  $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
2130  }
2131  }
2132  }
2133 
2134  // Check for group-specific permissions
2135  // If more than one group applies, use the group with the highest limit ratio (max/period)
2136  foreach ( $this->getGroups() as $group ) {
2137  if ( isset( $limits[$group] ) ) {
2138  if ( $userLimit === false
2139  || $limits[$group][0] / $limits[$group][1] > $userLimit[0] / $userLimit[1]
2140  ) {
2141  $userLimit = $limits[$group];
2142  }
2143  }
2144  }
2145 
2146  // Set the user limit key
2147  if ( $userLimit !== false ) {
2148  list( $max, $period ) = $userLimit;
2149  wfDebug( __METHOD__ . ": effective user limit: $max in {$period}s\n" );
2150  $keys[$cache->makeKey( 'limiter', $action, 'user', $id )] = $userLimit;
2151  }
2152 
2153  // ip-based limits for all ping-limitable users
2154  if ( isset( $limits['ip-all'] ) ) {
2155  $ip = $this->getRequest()->getIP();
2156  // ignore if user limit is more permissive
2157  if ( $isNewbie || $userLimit === false
2158  || $limits['ip-all'][0] / $limits['ip-all'][1] > $userLimit[0] / $userLimit[1] ) {
2159  $keys["mediawiki:limiter:$action:ip-all:$ip"] = $limits['ip-all'];
2160  }
2161  }
2162 
2163  // subnet-based limits for all ping-limitable users
2164  if ( isset( $limits['subnet-all'] ) ) {
2165  $ip = $this->getRequest()->getIP();
2166  $subnet = IP::getSubnet( $ip );
2167  if ( $subnet !== false ) {
2168  // ignore if user limit is more permissive
2169  if ( $isNewbie || $userLimit === false
2170  || $limits['ip-all'][0] / $limits['ip-all'][1]
2171  > $userLimit[0] / $userLimit[1] ) {
2172  $keys["mediawiki:limiter:$action:subnet-all:$subnet"] = $limits['subnet-all'];
2173  }
2174  }
2175  }
2176 
2177  $triggered = false;
2178  foreach ( $keys as $key => $limit ) {
2179  list( $max, $period ) = $limit;
2180  $summary = "(limit $max in {$period}s)";
2181  $count = $cache->get( $key );
2182  // Already pinged?
2183  if ( $count ) {
2184  if ( $count >= $max ) {
2185  wfDebugLog( 'ratelimit', "User '{$this->getName()}' " .
2186  "(IP {$this->getRequest()->getIP()}) tripped $key at $count $summary" );
2187  $triggered = true;
2188  } else {
2189  wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
2190  }
2191  } else {
2192  wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
2193  if ( $incrBy > 0 ) {
2194  $cache->add( $key, 0, intval( $period ) ); // first ping
2195  }
2196  }
2197  if ( $incrBy > 0 ) {
2198  $cache->incr( $key, $incrBy );
2199  }
2200  }
2201 
2202  return $triggered;
2203  }
2204 
2212  public function isBlocked( $bFromSlave = true ) {
2213  return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
2214  }
2215 
2222  public function getBlock( $bFromSlave = true ) {
2223  $this->getBlockedStatus( $bFromSlave );
2224  return $this->mBlock instanceof Block ? $this->mBlock : null;
2225  }
2226 
2234  public function isBlockedFrom( $title, $bFromSlave = false ) {
2235  global $wgBlockAllowsUTEdit;
2236 
2237  $blocked = $this->isBlocked( $bFromSlave );
2238  $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
2239  // If a user's name is suppressed, they cannot make edits anywhere
2240  if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName()
2241  && $title->getNamespace() == NS_USER_TALK ) {
2242  $blocked = false;
2243  wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
2244  }
2245 
2246  Hooks::run( 'UserIsBlockedFrom', [ $this, $title, &$blocked, &$allowUsertalk ] );
2247 
2248  return $blocked;
2249  }
2250 
2255  public function blockedBy() {
2256  $this->getBlockedStatus();
2257  return $this->mBlockedby;
2258  }
2259 
2264  public function blockedFor() {
2265  $this->getBlockedStatus();
2266  return $this->mBlockreason;
2267  }
2268 
2273  public function getBlockId() {
2274  $this->getBlockedStatus();
2275  return ( $this->mBlock ? $this->mBlock->getId() : false );
2276  }
2277 
2286  public function isBlockedGlobally( $ip = '' ) {
2287  return $this->getGlobalBlock( $ip ) instanceof Block;
2288  }
2289 
2300  public function getGlobalBlock( $ip = '' ) {
2301  if ( $this->mGlobalBlock !== null ) {
2302  return $this->mGlobalBlock ?: null;
2303  }
2304  // User is already an IP?
2305  if ( IP::isIPAddress( $this->getName() ) ) {
2306  $ip = $this->getName();
2307  } elseif ( !$ip ) {
2308  $ip = $this->getRequest()->getIP();
2309  }
2310  // Avoid PHP 7.1 warning of passing $this by reference
2311  $user = $this;
2312  $blocked = false;
2313  $block = null;
2314  Hooks::run( 'UserIsBlockedGlobally', [ &$user, $ip, &$blocked, &$block ] );
2315 
2316  if ( $blocked && $block === null ) {
2317  // back-compat: UserIsBlockedGlobally didn't have $block param first
2318  $block = new Block( [
2319  'address' => $ip,
2320  'systemBlock' => 'global-block'
2321  ] );
2322  }
2323 
2324  $this->mGlobalBlock = $blocked ? $block : false;
2325  return $this->mGlobalBlock ?: null;
2326  }
2327 
2333  public function isLocked() {
2334  if ( $this->mLocked !== null ) {
2335  return $this->mLocked;
2336  }
2337  // Avoid PHP 7.1 warning of passing $this by reference
2338  $user = $this;
2339  $authUser = AuthManager::callLegacyAuthPlugin( 'getUserInstance', [ &$user ], null );
2340  $this->mLocked = $authUser && $authUser->isLocked();
2341  Hooks::run( 'UserIsLocked', [ $this, &$this->mLocked ] );
2342  return $this->mLocked;
2343  }
2344 
2350  public function isHidden() {
2351  if ( $this->mHideName !== null ) {
2352  return $this->mHideName;
2353  }
2354  $this->getBlockedStatus();
2355  if ( !$this->mHideName ) {
2356  // Avoid PHP 7.1 warning of passing $this by reference
2357  $user = $this;
2358  $authUser = AuthManager::callLegacyAuthPlugin( 'getUserInstance', [ &$user ], null );
2359  $this->mHideName = $authUser && $authUser->isHidden();
2360  Hooks::run( 'UserIsHidden', [ $this, &$this->mHideName ] );
2361  }
2362  return $this->mHideName;
2363  }
2364 
2369  public function getId() {
2370  if ( $this->mId === null && $this->mName !== null && self::isIP( $this->mName ) ) {
2371  // Special case, we know the user is anonymous
2372  return 0;
2373  } elseif ( !$this->isItemLoaded( 'id' ) ) {
2374  // Don't load if this was initialized from an ID
2375  $this->load();
2376  }
2377 
2378  return (int)$this->mId;
2379  }
2380 
2385  public function setId( $v ) {
2386  $this->mId = $v;
2387  $this->clearInstanceCache( 'id' );
2388  }
2389 
2394  public function getName() {
2395  if ( $this->isItemLoaded( 'name', 'only' ) ) {
2396  // Special case optimisation
2397  return $this->mName;
2398  } else {
2399  $this->load();
2400  if ( $this->mName === false ) {
2401  // Clean up IPs
2402  $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
2403  }
2404  return $this->mName;
2405  }
2406  }
2407 
2421  public function setName( $str ) {
2422  $this->load();
2423  $this->mName = $str;
2424  }
2425 
2432  public function getActorId( IDatabase $dbw = null ) {
2433  global $wgActorTableSchemaMigrationStage;
2434 
2435  if ( $wgActorTableSchemaMigrationStage <= MIGRATION_OLD ) {
2436  return 0;
2437  }
2438 
2439  if ( !$this->isItemLoaded( 'actor' ) ) {
2440  $this->load();
2441  }
2442 
2443  // Currently $this->mActorId might be null if $this was loaded from a
2444  // cache entry that was written when $wgActorTableSchemaMigrationStage
2445  // was MIGRATION_OLD. Once that is no longer a possibility (i.e. when
2446  // User::VERSION is incremented after $wgActorTableSchemaMigrationStage
2447  // has been removed), that condition may be removed.
2448  if ( $this->mActorId === null || !$this->mActorId && $dbw ) {
2449  $q = [
2450  'actor_user' => $this->getId() ?: null,
2451  'actor_name' => (string)$this->getName(),
2452  ];
2453  if ( $dbw ) {
2454  if ( $q['actor_user'] === null && self::isUsableName( $q['actor_name'] ) ) {
2455  throw new CannotCreateActorException(
2456  'Cannot create an actor for a usable name that is not an existing user'
2457  );
2458  }
2459  if ( $q['actor_name'] === '' ) {
2460  throw new CannotCreateActorException( 'Cannot create an actor for a user with no name' );
2461  }
2462  $dbw->insert( 'actor', $q, __METHOD__, [ 'IGNORE' ] );
2463  if ( $dbw->affectedRows() ) {
2464  $this->mActorId = (int)$dbw->insertId();
2465  } else {
2466  // Outdated cache?
2467  list( , $options ) = DBAccessObjectUtils::getDBOptions( $this->queryFlagsUsed );
2468  $this->mActorId = (int)$dbw->selectField( 'actor', 'actor_id', $q, __METHOD__, $options );
2469  if ( !$this->mActorId ) {
2470  throw new CannotCreateActorException(
2471  "Cannot create actor ID for user_id={$this->getId()} user_name={$this->getName()}"
2472  );
2473  }
2474  }
2475  $this->invalidateCache();
2476  } else {
2477  list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $this->queryFlagsUsed );
2478  $db = wfGetDB( $index );
2479  $this->mActorId = (int)$db->selectField( 'actor', 'actor_id', $q, __METHOD__, $options );
2480  }
2481  $this->setItemLoaded( 'actor' );
2482  }
2483 
2484  return (int)$this->mActorId;
2485  }
2486 
2491  public function getTitleKey() {
2492  return str_replace( ' ', '_', $this->getName() );
2493  }
2494 
2499  public function getNewtalk() {
2500  $this->load();
2501 
2502  // Load the newtalk status if it is unloaded (mNewtalk=-1)
2503  if ( $this->mNewtalk === -1 ) {
2504  $this->mNewtalk = false; # reset talk page status
2505 
2506  // Check memcached separately for anons, who have no
2507  // entire User object stored in there.
2508  if ( !$this->mId ) {
2509  global $wgDisableAnonTalk;
2510  if ( $wgDisableAnonTalk ) {
2511  // Anon newtalk disabled by configuration.
2512  $this->mNewtalk = false;
2513  } else {
2514  $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName() );
2515  }
2516  } else {
2517  $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
2518  }
2519  }
2520 
2521  return (bool)$this->mNewtalk;
2522  }
2523 
2537  public function getNewMessageLinks() {
2538  // Avoid PHP 7.1 warning of passing $this by reference
2539  $user = $this;
2540  $talks = [];
2541  if ( !Hooks::run( 'UserRetrieveNewTalks', [ &$user, &$talks ] ) ) {
2542  return $talks;
2543  } elseif ( !$this->getNewtalk() ) {
2544  return [];
2545  }
2546  $utp = $this->getTalkPage();
2547  $dbr = wfGetDB( DB_REPLICA );
2548  // Get the "last viewed rev" timestamp from the oldest message notification
2549  $timestamp = $dbr->selectField( 'user_newtalk',
2550  'MIN(user_last_timestamp)',
2551  $this->isAnon() ? [ 'user_ip' => $this->getName() ] : [ 'user_id' => $this->getId() ],
2552  __METHOD__ );
2553  $rev = $timestamp ? Revision::loadFromTimestamp( $dbr, $utp, $timestamp ) : null;
2554  return [ [ 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL(), 'rev' => $rev ] ];
2555  }
2556 
2562  public function getNewMessageRevisionId() {
2563  $newMessageRevisionId = null;
2564  $newMessageLinks = $this->getNewMessageLinks();
2565  if ( $newMessageLinks ) {
2566  // Note: getNewMessageLinks() never returns more than a single link
2567  // and it is always for the same wiki, but we double-check here in
2568  // case that changes some time in the future.
2569  if ( count( $newMessageLinks ) === 1
2570  && $newMessageLinks[0]['wiki'] === wfWikiID()
2571  && $newMessageLinks[0]['rev']
2572  ) {
2574  $newMessageRevision = $newMessageLinks[0]['rev'];
2575  $newMessageRevisionId = $newMessageRevision->getId();
2576  }
2577  }
2578  return $newMessageRevisionId;
2579  }
2580 
2589  protected function checkNewtalk( $field, $id ) {
2590  $dbr = wfGetDB( DB_REPLICA );
2591 
2592  $ok = $dbr->selectField( 'user_newtalk', $field, [ $field => $id ], __METHOD__ );
2593 
2594  return $ok !== false;
2595  }
2596 
2604  protected function updateNewtalk( $field, $id, $curRev = null ) {
2605  // Get timestamp of the talk page revision prior to the current one
2606  $prevRev = $curRev ? $curRev->getPrevious() : false;
2607  $ts = $prevRev ? $prevRev->getTimestamp() : null;
2608  // Mark the user as having new messages since this revision
2609  $dbw = wfGetDB( DB_MASTER );
2610  $dbw->insert( 'user_newtalk',
2611  [ $field => $id, 'user_last_timestamp' => $dbw->timestampOrNull( $ts ) ],
2612  __METHOD__,
2613  'IGNORE' );
2614  if ( $dbw->affectedRows() ) {
2615  wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
2616  return true;
2617  } else {
2618  wfDebug( __METHOD__ . " already set ($field, $id)\n" );
2619  return false;
2620  }
2621  }
2622 
2629  protected function deleteNewtalk( $field, $id ) {
2630  $dbw = wfGetDB( DB_MASTER );
2631  $dbw->delete( 'user_newtalk',
2632  [ $field => $id ],
2633  __METHOD__ );
2634  if ( $dbw->affectedRows() ) {
2635  wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
2636  return true;
2637  } else {
2638  wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
2639  return false;
2640  }
2641  }
2642 
2649  public function setNewtalk( $val, $curRev = null ) {
2650  if ( wfReadOnly() ) {
2651  return;
2652  }
2653 
2654  $this->load();
2655  $this->mNewtalk = $val;
2656 
2657  if ( $this->isAnon() ) {
2658  $field = 'user_ip';
2659  $id = $this->getName();
2660  } else {
2661  $field = 'user_id';
2662  $id = $this->getId();
2663  }
2664 
2665  if ( $val ) {
2666  $changed = $this->updateNewtalk( $field, $id, $curRev );
2667  } else {
2668  $changed = $this->deleteNewtalk( $field, $id );
2669  }
2670 
2671  if ( $changed ) {
2672  $this->invalidateCache();
2673  }
2674  }
2675 
2681  private function newTouchedTimestamp() {
2682  global $wgClockSkewFudge;
2683 
2684  $time = wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
2685  if ( $this->mTouched && $time <= $this->mTouched ) {
2686  $time = wfTimestamp( TS_MW, wfTimestamp( TS_UNIX, $this->mTouched ) + 1 );
2687  }
2688 
2689  return $time;
2690  }
2691 
2702  public function clearSharedCache( $mode = 'changed' ) {
2703  if ( !$this->getId() ) {
2704  return;
2705  }
2706 
2707  $cache = ObjectCache::getMainWANInstance();
2708  $key = $this->getCacheKey( $cache );
2709  if ( $mode === 'refresh' ) {
2710  $cache->delete( $key, 1 );
2711  } else {
2712  $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
2713  if ( $lb->hasOrMadeRecentMasterChanges() ) {
2714  $lb->getConnection( DB_MASTER )->onTransactionPreCommitOrIdle(
2715  function () use ( $cache, $key ) {
2716  $cache->delete( $key );
2717  },
2718  __METHOD__
2719  );
2720  } else {
2721  $cache->delete( $key );
2722  }
2723  }
2724  }
2725 
2731  public function invalidateCache() {
2732  $this->touch();
2733  $this->clearSharedCache();
2734  }
2735 
2748  public function touch() {
2749  $id = $this->getId();
2750  if ( $id ) {
2751  $cache = MediaWikiServices::getInstance()->getMainWANObjectCache();
2752  $key = $cache->makeKey( 'user-quicktouched', 'id', $id );
2753  $cache->touchCheckKey( $key );
2754  $this->mQuickTouched = null;
2755  }
2756  }
2757 
2763  public function validateCache( $timestamp ) {
2764  return ( $timestamp >= $this->getTouched() );
2765  }
2766 
2775  public function getTouched() {
2776  $this->load();
2777 
2778  if ( $this->mId ) {
2779  if ( $this->mQuickTouched === null ) {
2780  $cache = MediaWikiServices::getInstance()->getMainWANObjectCache();
2781  $key = $cache->makeKey( 'user-quicktouched', 'id', $this->mId );
2782 
2783  $this->mQuickTouched = wfTimestamp( TS_MW, $cache->getCheckKeyTime( $key ) );
2784  }
2785 
2786  return max( $this->mTouched, $this->mQuickTouched );
2787  }
2788 
2789  return $this->mTouched;
2790  }
2791 
2797  public function getDBTouched() {
2798  $this->load();
2799 
2800  return $this->mTouched;
2801  }
2802 
2819  public function setPassword( $str ) {
2820  return $this->setPasswordInternal( $str );
2821  }
2822 
2831  public function setInternalPassword( $str ) {
2832  $this->setPasswordInternal( $str );
2833  }
2834 
2843  private function setPasswordInternal( $str ) {
2844  $manager = AuthManager::singleton();
2845 
2846  // If the user doesn't exist yet, fail
2847  if ( !$manager->userExists( $this->getName() ) ) {
2848  throw new LogicException( 'Cannot set a password for a user that is not in the database.' );
2849  }
2850 
2851  $status = $this->changeAuthenticationData( [
2852  'username' => $this->getName(),
2853  'password' => $str,
2854  'retype' => $str,
2855  ] );
2856  if ( !$status->isGood() ) {
2857  \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' )
2858  ->info( __METHOD__ . ': Password change rejected: '
2859  . $status->getWikiText( null, null, 'en' ) );
2860  return false;
2861  }
2862 
2863  $this->setOption( 'watchlisttoken', false );
2864  SessionManager::singleton()->invalidateSessionsForUser( $this );
2865 
2866  return true;
2867  }
2868 
2881  public function changeAuthenticationData( array $data ) {
2882  $manager = AuthManager::singleton();
2883  $reqs = $manager->getAuthenticationRequests( AuthManager::ACTION_CHANGE, $this );
2884  $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
2885 
2886  $status = Status::newGood( 'ignored' );
2887  foreach ( $reqs as $req ) {
2888  $status->merge( $manager->allowsAuthenticationDataChange( $req ), true );
2889  }
2890  if ( $status->getValue() === 'ignored' ) {
2891  $status->warning( 'authenticationdatachange-ignored' );
2892  }
2893 
2894  if ( $status->isGood() ) {
2895  foreach ( $reqs as $req ) {
2896  $manager->changeAuthenticationData( $req );
2897  }
2898  }
2899  return $status;
2900  }
2901 
2908  public function getToken( $forceCreation = true ) {
2909  global $wgAuthenticationTokenVersion;
2910 
2911  $this->load();
2912  if ( !$this->mToken && $forceCreation ) {
2913  $this->setToken();
2914  }
2915 
2916  if ( !$this->mToken ) {
2917  // The user doesn't have a token, return null to indicate that.
2918  return null;
2919  } elseif ( $this->mToken === self::INVALID_TOKEN ) {
2920  // We return a random value here so existing token checks are very
2921  // likely to fail.
2922  return MWCryptRand::generateHex( self::TOKEN_LENGTH );
2923  } elseif ( $wgAuthenticationTokenVersion === null ) {
2924  // $wgAuthenticationTokenVersion not in use, so return the raw secret
2925  return $this->mToken;
2926  } else {
2927  // $wgAuthenticationTokenVersion in use, so hmac it.
2928  $ret = MWCryptHash::hmac( $wgAuthenticationTokenVersion, $this->mToken, false );
2929 
2930  // The raw hash can be overly long. Shorten it up.
2931  $len = max( 32, self::TOKEN_LENGTH );
2932  if ( strlen( $ret ) < $len ) {
2933  // Should never happen, even md5 is 128 bits
2934  throw new \UnexpectedValueException( 'Hmac returned less than 128 bits' );
2935  }
2936  return substr( $ret, -$len );
2937  }
2938  }
2939 
2946  public function setToken( $token = false ) {
2947  $this->load();
2948  if ( $this->mToken === self::INVALID_TOKEN ) {
2949  \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
2950  ->debug( __METHOD__ . ": Ignoring attempt to set token for system user \"$this\"" );
2951  } elseif ( !$token ) {
2952  $this->mToken = MWCryptRand::generateHex( self::TOKEN_LENGTH );
2953  } else {
2954  $this->mToken = $token;
2955  }
2956  }
2957 
2966  public function setNewpassword( $str, $throttle = true ) {
2967  throw new BadMethodCallException( __METHOD__ . ' has been removed in 1.27' );
2968  }
2969 
2974  public function getEmail() {
2975  $this->load();
2976  Hooks::run( 'UserGetEmail', [ $this, &$this->mEmail ] );
2977  return $this->mEmail;
2978  }
2979 
2984  public function getEmailAuthenticationTimestamp() {
2985  $this->load();
2986  Hooks::run( 'UserGetEmailAuthenticationTimestamp', [ $this, &$this->mEmailAuthenticated ] );
2987  return $this->mEmailAuthenticated;
2988  }
2989 
2994  public function setEmail( $str ) {
2995  $this->load();
2996  if ( $str == $this->mEmail ) {
2997  return;
2998  }
2999  $this->invalidateEmail();
3000  $this->mEmail = $str;
3001  Hooks::run( 'UserSetEmail', [ $this, &$this->mEmail ] );
3002  }
3003 
3011  public function setEmailWithConfirmation( $str ) {
3012  global $wgEnableEmail, $wgEmailAuthentication;
3013 
3014  if ( !$wgEnableEmail ) {
3015  return Status::newFatal( 'emaildisabled' );
3016  }
3017 
3018  $oldaddr = $this->getEmail();
3019  if ( $str === $oldaddr ) {
3020  return Status::newGood( true );
3021  }
3022 
3023  $type = $oldaddr != '' ? 'changed' : 'set';
3024  $notificationResult = null;
3025 
3026  if ( $wgEmailAuthentication ) {
3027  // Send the user an email notifying the user of the change in registered
3028  // email address on their previous email address
3029  if ( $type == 'changed' ) {
3030  $change = $str != '' ? 'changed' : 'removed';
3031  $notificationResult = $this->sendMail(
3032  wfMessage( 'notificationemail_subject_' . $change )->text(),
3033  wfMessage( 'notificationemail_body_' . $change,
3034  $this->getRequest()->getIP(),
3035  $this->getName(),
3036  $str )->text()
3037  );
3038  }
3039  }
3040 
3041  $this->setEmail( $str );
3042 
3043  if ( $str !== '' && $wgEmailAuthentication ) {
3044  // Send a confirmation request to the new address if needed
3045  $result = $this->sendConfirmationMail( $type );
3046 
3047  if ( $notificationResult !== null ) {
3048  $result->merge( $notificationResult );
3049  }
3050 
3051  if ( $result->isGood() ) {
3052  // Say to the caller that a confirmation and notification mail has been sent
3053  $result->value = 'eauth';
3054  }
3055  } else {
3056  $result = Status::newGood( true );
3057  }
3058 
3059  return $result;
3060  }
3061 
3066  public function getRealName() {
3067  if ( !$this->isItemLoaded( 'realname' ) ) {
3068  $this->load();
3069  }
3070 
3071  return $this->mRealName;
3072  }
3073 
3078  public function setRealName( $str ) {
3079  $this->load();
3080  $this->mRealName = $str;
3081  }
3082 
3093  public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
3094  global $wgHiddenPrefs;
3095  $this->loadOptions();
3096 
3097  # We want 'disabled' preferences to always behave as the default value for
3098  # users, even if they have set the option explicitly in their settings (ie they
3099  # set it, and then it was disabled removing their ability to change it). But
3100  # we don't want to erase the preferences in the database in case the preference
3101  # is re-enabled again. So don't touch $mOptions, just override the returned value
3102  if ( !$ignoreHidden && in_array( $oname, $wgHiddenPrefs ) ) {
3103  return self::getDefaultOption( $oname );
3104  }
3105 
3106  if ( array_key_exists( $oname, $this->mOptions ) ) {
3107  return $this->mOptions[$oname];
3108  } else {
3109  return $defaultOverride;
3110  }
3111  }
3112 
3121  public function getOptions( $flags = 0 ) {
3122  global $wgHiddenPrefs;
3123  $this->loadOptions();
3124  $options = $this->mOptions;
3125 
3126  # We want 'disabled' preferences to always behave as the default value for
3127  # users, even if they have set the option explicitly in their settings (ie they
3128  # set it, and then it was disabled removing their ability to change it). But
3129  # we don't want to erase the preferences in the database in case the preference
3130  # is re-enabled again. So don't touch $mOptions, just override the returned value
3131  foreach ( $wgHiddenPrefs as $pref ) {
3132  $default = self::getDefaultOption( $pref );
3133  if ( $default !== null ) {
3134  $options[$pref] = $default;
3135  }
3136  }
3137 
3138  if ( $flags & self::GETOPTIONS_EXCLUDE_DEFAULTS ) {
3139  $options = array_diff_assoc( $options, self::getDefaultOptions() );
3140  }
3141 
3142  return $options;
3143  }
3144 
3152  public function getBoolOption( $oname ) {
3153  return (bool)$this->getOption( $oname );
3154  }
3155 
3164  public function getIntOption( $oname, $defaultOverride = 0 ) {
3165  $val = $this->getOption( $oname );
3166  if ( $val == '' ) {
3167  $val = $defaultOverride;
3168  }
3169  return intval( $val );
3170  }
3171 
3180  public function setOption( $oname, $val ) {
3181  $this->loadOptions();
3182 
3183  // Explicitly NULL values should refer to defaults
3184  if ( is_null( $val ) ) {
3185  $val = self::getDefaultOption( $oname );
3186  }
3187 
3188  $this->mOptions[$oname] = $val;
3189  }
3190 
3201  public function getTokenFromOption( $oname ) {
3202  global $wgHiddenPrefs;
3203 
3204  $id = $this->getId();
3205  if ( !$id || in_array( $oname, $wgHiddenPrefs ) ) {
3206  return false;
3207  }
3208 
3209  $token = $this->getOption( $oname );
3210  if ( !$token ) {
3211  // Default to a value based on the user token to avoid space
3212  // wasted on storing tokens for all users. When this option
3213  // is set manually by the user, only then is it stored.
3214  $token = hash_hmac( 'sha1', "$oname:$id", $this->getToken() );
3215  }
3216 
3217  return $token;
3218  }
3219 
3229  public function resetTokenFromOption( $oname ) {
3230  global $wgHiddenPrefs;
3231  if ( in_array( $oname, $wgHiddenPrefs ) ) {
3232  return false;
3233  }
3234 
3235  $token = MWCryptRand::generateHex( 40 );
3236  $this->setOption( $oname, $token );
3237  return $token;
3238  }
3239 
3263  public static function listOptionKinds() {
3264  return [
3265  'registered',
3266  'registered-multiselect',
3267  'registered-checkmatrix',
3268  'userjs',
3269  'special',
3270  'unused'
3271  ];
3272  }
3273 
3286  public function getOptionKinds( IContextSource $context, $options = null ) {
3287  $this->loadOptions();
3288  if ( $options === null ) {
3289  $options = $this->mOptions;
3290  }
3291 
3292  $preferencesFactory = MediaWikiServices::getInstance()->getPreferencesFactory();
3293  $prefs = $preferencesFactory->getFormDescriptor( $this, $context );
3294  $mapping = [];
3295 
3296  // Pull out the "special" options, so they don't get converted as
3297  // multiselect or checkmatrix.
3298  $specialOptions = array_fill_keys( $preferencesFactory->getSaveBlacklist(), true );
3299  foreach ( $specialOptions as $name => $value ) {
3300  unset( $prefs[$name] );
3301  }
3302 
3303  // Multiselect and checkmatrix options are stored in the database with
3304  // one key per option, each having a boolean value. Extract those keys.
3305  $multiselectOptions = [];
3306  foreach ( $prefs as $name => $info ) {
3307  if ( ( isset( $info['type'] ) && $info['type'] == 'multiselect' ) ||
3308  ( isset( $info['class'] ) && $info['class'] == HTMLMultiSelectField::class ) ) {
3309  $opts = HTMLFormField::flattenOptions( $info['options'] );
3310  $prefix = isset( $info['prefix'] ) ? $info['prefix'] : $name;
3311 
3312  foreach ( $opts as $value ) {
3313  $multiselectOptions["$prefix$value"] = true;
3314  }
3315 
3316  unset( $prefs[$name] );
3317  }
3318  }
3319  $checkmatrixOptions = [];
3320  foreach ( $prefs as $name => $info ) {
3321  if ( ( isset( $info['type'] ) && $info['type'] == 'checkmatrix' ) ||
3322  ( isset( $info['class'] ) && $info['class'] == HTMLCheckMatrix::class ) ) {
3323  $columns = HTMLFormField::flattenOptions( $info['columns'] );
3324  $rows = HTMLFormField::flattenOptions( $info['rows'] );
3325  $prefix = isset( $info['prefix'] ) ? $info['prefix'] : $name;
3326 
3327  foreach ( $columns as $column ) {
3328  foreach ( $rows as $row ) {
3329  $checkmatrixOptions["$prefix$column-$row"] = true;
3330  }
3331  }
3332 
3333  unset( $prefs[$name] );
3334  }
3335  }
3336 
3337  // $value is ignored
3338  foreach ( $options as $key => $value ) {
3339  if ( isset( $prefs[$key] ) ) {
3340  $mapping[$key] = 'registered';
3341  } elseif ( isset( $multiselectOptions[$key] ) ) {
3342  $mapping[$key] = 'registered-multiselect';
3343  } elseif ( isset( $checkmatrixOptions[$key] ) ) {
3344  $mapping[$key] = 'registered-checkmatrix';
3345  } elseif ( isset( $specialOptions[$key] ) ) {
3346  $mapping[$key] = 'special';
3347  } elseif ( substr( $key, 0, 7 ) === 'userjs-' ) {
3348  $mapping[$key] = 'userjs';
3349  } else {
3350  $mapping[$key] = 'unused';
3351  }
3352  }
3353 
3354  return $mapping;
3355  }
3356 
3371  public function resetOptions(
3372  $resetKinds = [ 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' ],
3373  IContextSource $context = null
3374  ) {
3375  $this->load();
3376  $defaultOptions = self::getDefaultOptions();
3377 
3378  if ( !is_array( $resetKinds ) ) {
3379  $resetKinds = [ $resetKinds ];
3380  }
3381 
3382  if ( in_array( 'all', $resetKinds ) ) {
3383  $newOptions = $defaultOptions;
3384  } else {
3385  if ( $context === null ) {
3386  $context = RequestContext::getMain();
3387  }
3388 
3389  $optionKinds = $this->getOptionKinds( $context );
3390  $resetKinds = array_intersect( $resetKinds, self::listOptionKinds() );
3391  $newOptions = [];
3392 
3393  // Use default values for the options that should be deleted, and
3394  // copy old values for the ones that shouldn't.
3395  foreach ( $this->mOptions as $key => $value ) {
3396  if ( in_array( $optionKinds[$key], $resetKinds ) ) {
3397  if ( array_key_exists( $key, $defaultOptions ) ) {
3398  $newOptions[$key] = $defaultOptions[$key];
3399  }
3400  } else {
3401  $newOptions[$key] = $value;
3402  }
3403  }
3404  }
3405 
3406  Hooks::run( 'UserResetAllOptions', [ $this, &$newOptions, $this->mOptions, $resetKinds ] );
3407 
3408  $this->mOptions = $newOptions;
3409  $this->mOptionsLoaded = true;
3410  }
3411 
3416  public function getDatePreference() {
3417  // Important migration for old data rows
3418  if ( is_null( $this->mDatePreference ) ) {
3419  global $wgLang;
3420  $value = $this->getOption( 'date' );
3421  $map = $wgLang->getDatePreferenceMigrationMap();
3422  if ( isset( $map[$value] ) ) {
3423  $value = $map[$value];
3424  }
3425  $this->mDatePreference = $value;
3426  }
3427  return $this->mDatePreference;
3428  }
3429 
3436  public function requiresHTTPS() {
3437  global $wgSecureLogin;
3438  if ( !$wgSecureLogin ) {
3439  return false;
3440  } else {
3441  $https = $this->getBoolOption( 'prefershttps' );
3442  Hooks::run( 'UserRequiresHTTPS', [ $this, &$https ] );
3443  if ( $https ) {
3444  $https = wfCanIPUseHTTPS( $this->getRequest()->getIP() );
3445  }
3446  return $https;
3447  }
3448  }
3449 
3455  public function getStubThreshold() {
3456  global $wgMaxArticleSize; # Maximum article size, in Kb
3457  $threshold = $this->getIntOption( 'stubthreshold' );
3458  if ( $threshold > $wgMaxArticleSize * 1024 ) {
3459  // If they have set an impossible value, disable the preference
3460  // so we can use the parser cache again.
3461  $threshold = 0;
3462  }
3463  return $threshold;
3464  }
3465 
3470  public function getRights() {
3471  if ( is_null( $this->mRights ) ) {
3472  $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
3473  Hooks::run( 'UserGetRights', [ $this, &$this->mRights ] );
3474 
3475  // Deny any rights denied by the user's session, unless this
3476  // endpoint has no sessions.
3477  if ( !defined( 'MW_NO_SESSION' ) ) {
3478  $allowedRights = $this->getRequest()->getSession()->getAllowedUserRights();
3479  if ( $allowedRights !== null ) {
3480  $this->mRights = array_intersect( $this->mRights, $allowedRights );
3481  }
3482  }
3483 
3484  // Force reindexation of rights when a hook has unset one of them
3485  $this->mRights = array_values( array_unique( $this->mRights ) );
3486 
3487  // If block disables login, we should also remove any
3488  // extra rights blocked users might have, in case the
3489  // blocked user has a pre-existing session (T129738).
3490  // This is checked here for cases where people only call
3491  // $user->isAllowed(). It is also checked in Title::checkUserBlock()
3492  // to give a better error message in the common case.
3493  $config = RequestContext::getMain()->getConfig();
3494  if (
3495  $this->isLoggedIn() &&
3496  $config->get( 'BlockDisablesLogin' ) &&
3497  $this->isBlocked()
3498  ) {
3499  $anon = new User;
3500  $this->mRights = array_intersect( $this->mRights, $anon->getRights() );
3501  }
3502  }
3503  return $this->mRights;
3504  }
3505 
3511  public function getGroups() {
3512  $this->load();
3513  $this->loadGroups();
3514  return array_keys( $this->mGroupMemberships );
3515  }
3516 
3524  public function getGroupMemberships() {
3525  $this->load();
3526  $this->loadGroups();
3527  return $this->mGroupMemberships;
3528  }
3529 
3537  public function getEffectiveGroups( $recache = false ) {
3538  if ( $recache || is_null( $this->mEffectiveGroups ) ) {
3539  $this->mEffectiveGroups = array_unique( array_merge(
3540  $this->getGroups(), // explicit groups
3541  $this->getAutomaticGroups( $recache ) // implicit groups
3542  ) );
3543  // Avoid PHP 7.1 warning of passing $this by reference
3544  $user = $this;
3545  // Hook for additional groups
3546  Hooks::run( 'UserEffectiveGroups', [ &$user, &$this->mEffectiveGroups ] );
3547  // Force reindexation of groups when a hook has unset one of them
3548  $this->mEffectiveGroups = array_values( array_unique( $this->mEffectiveGroups ) );
3549  }
3550  return $this->mEffectiveGroups;
3551  }
3552 
3560  public function getAutomaticGroups( $recache = false ) {
3561  if ( $recache || is_null( $this->mImplicitGroups ) ) {
3562  $this->mImplicitGroups = [ '*' ];
3563  if ( $this->getId() ) {
3564  $this->mImplicitGroups[] = 'user';
3565 
3566  $this->mImplicitGroups = array_unique( array_merge(
3567  $this->mImplicitGroups,
3568  Autopromote::getAutopromoteGroups( $this )
3569  ) );
3570  }
3571  if ( $recache ) {
3572  // Assure data consistency with rights/groups,
3573  // as getEffectiveGroups() depends on this function
3574  $this->mEffectiveGroups = null;
3575  }
3576  }
3577  return $this->mImplicitGroups;
3578  }
3579 
3589  public function getFormerGroups() {
3590  $this->load();
3591 
3592  if ( is_null( $this->mFormerGroups ) ) {
3593  $db = ( $this->queryFlagsUsed & self::READ_LATEST )
3594  ? wfGetDB( DB_MASTER )
3595  : wfGetDB( DB_REPLICA );
3596  $res = $db->select( 'user_former_groups',
3597  [ 'ufg_group' ],
3598  [ 'ufg_user' => $this->mId ],
3599  __METHOD__ );
3600  $this->mFormerGroups = [];
3601  foreach ( $res as $row ) {
3602  $this->mFormerGroups[] = $row->ufg_group;
3603  }
3604  }
3605 
3606  return $this->mFormerGroups;
3607  }
3608 
3613  public function getEditCount() {
3614  if ( !$this->getId() ) {
3615  return null;
3616  }
3617 
3618  if ( $this->mEditCount === null ) {
3619  /* Populate the count, if it has not been populated yet */
3620  $dbr = wfGetDB( DB_REPLICA );
3621  // check if the user_editcount field has been initialized
3622  $count = $dbr->selectField(
3623  'user', 'user_editcount',
3624  [ 'user_id' => $this->mId ],
3625  __METHOD__
3626  );
3627 
3628  if ( $count === null ) {
3629  // it has not been initialized. do so.
3630  $count = $this->initEditCount();
3631  }
3632  $this->mEditCount = $count;
3633  }
3634  return (int)$this->mEditCount;
3635  }
3636 
3648  public function addGroup( $group, $expiry = null ) {
3649  $this->load();
3650  $this->loadGroups();
3651 
3652  if ( $expiry ) {
3653  $expiry = wfTimestamp( TS_MW, $expiry );
3654  }
3655 
3656  if ( !Hooks::run( 'UserAddGroup', [ $this, &$group, &$expiry ] ) ) {
3657  return false;
3658  }
3659 
3660  // create the new UserGroupMembership and put it in the DB
3661  $ugm = new UserGroupMembership( $this->mId, $group, $expiry );
3662  if ( !$ugm->insert( true ) ) {
3663  return false;
3664  }
3665 
3666  $this->mGroupMemberships[$group] = $ugm;
3667 
3668  // Refresh the groups caches, and clear the rights cache so it will be
3669  // refreshed on the next call to $this->getRights().
3670  $this->getEffectiveGroups( true );
3671  $this->mRights = null;
3672 
3673  $this->invalidateCache();
3674 
3675  return true;
3676  }
3677 
3684  public function removeGroup( $group ) {
3685  $this->load();
3686 
3687  if ( !Hooks::run( 'UserRemoveGroup', [ $this, &$group ] ) ) {
3688  return false;
3689  }
3690 
3691  $ugm = UserGroupMembership::getMembership( $this->mId, $group );
3692  // delete the membership entry
3693  if ( !$ugm || !$ugm->delete() ) {
3694  return false;
3695  }
3696 
3697  $this->loadGroups();
3698  unset( $this->mGroupMemberships[$group] );
3699 
3700  // Refresh the groups caches, and clear the rights cache so it will be
3701  // refreshed on the next call to $this->getRights().
3702  $this->getEffectiveGroups( true );
3703  $this->mRights = null;
3704 
3705  $this->invalidateCache();
3706 
3707  return true;
3708  }
3709 
3714  public function isLoggedIn() {
3715  return $this->getId() != 0;
3716  }
3717 
3722  public function isAnon() {
3723  return !$this->isLoggedIn();
3724  }
3725 
3730  public function isBot() {
3731  if ( in_array( 'bot', $this->getGroups() ) && $this->isAllowed( 'bot' ) ) {
3732  return true;
3733  }
3734 
3735  $isBot = false;
3736  Hooks::run( "UserIsBot", [ $this, &$isBot ] );
3737 
3738  return $isBot;
3739  }
3740 
3747  public function isAllowedAny() {
3748  $permissions = func_get_args();
3749  foreach ( $permissions as $permission ) {
3750  if ( $this->isAllowed( $permission ) ) {
3751  return true;
3752  }
3753  }
3754  return false;
3755  }
3756 
3762  public function isAllowedAll() {
3763  $permissions = func_get_args();
3764  foreach ( $permissions as $permission ) {
3765  if ( !$this->isAllowed( $permission ) ) {
3766  return false;
3767  }
3768  }
3769  return true;
3770  }
3771 
3777  public function isAllowed( $action = '' ) {
3778  if ( $action === '' ) {
3779  return true; // In the spirit of DWIM
3780  }
3781  // Use strict parameter to avoid matching numeric 0 accidentally inserted
3782  // by misconfiguration: 0 == 'foo'
3783  return in_array( $action, $this->getRights(), true );
3784  }
3785 
3790  public function useRCPatrol() {
3791  global $wgUseRCPatrol;
3792  return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
3793  }
3794 
3799  public function useNPPatrol() {
3800  global $wgUseRCPatrol, $wgUseNPPatrol;
3801  return (
3802  ( $wgUseRCPatrol || $wgUseNPPatrol )
3803  && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) )
3804  );
3805  }
3806 
3811  public function useFilePatrol() {
3812  global $wgUseRCPatrol, $wgUseFilePatrol;
3813  return (
3814  ( $wgUseRCPatrol || $wgUseFilePatrol )
3815  && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) )
3816  );
3817  }
3818 
3824  public function getRequest() {
3825  if ( $this->mRequest ) {
3826  return $this->mRequest;
3827  } else {
3828  global $wgRequest;
3829  return $wgRequest;
3830  }
3831  }
3832 
3841  public function isWatched( $title, $checkRights = self::CHECK_USER_RIGHTS ) {
3842  if ( $title->isWatchable() && ( !$checkRights || $this->isAllowed( 'viewmywatchlist' ) ) ) {
3843  return MediaWikiServices::getInstance()->getWatchedItemStore()->isWatched( $this, $title );
3844  }
3845  return false;
3846  }
3847 
3855  public function addWatch( $title, $checkRights = self::CHECK_USER_RIGHTS ) {
3856  if ( !$checkRights || $this->isAllowed( 'editmywatchlist' ) ) {
3857  MediaWikiServices::getInstance()->getWatchedItemStore()->addWatchBatchForUser(
3858  $this,
3859  [ $title->getSubjectPage(), $title->getTalkPage() ]
3860  );
3861  }
3862  $this->invalidateCache();
3863  }
3864 
3872  public function removeWatch( $title, $checkRights = self::CHECK_USER_RIGHTS ) {
3873  if ( !$checkRights || $this->isAllowed( 'editmywatchlist' ) ) {
3874  $store = MediaWikiServices::getInstance()->getWatchedItemStore();
3875  $store->removeWatch( $this, $title->getSubjectPage() );
3876  $store->removeWatch( $this, $title->getTalkPage() );
3877  }
3878  $this->invalidateCache();
3879  }
3880 
3889  public function clearNotification( &$title, $oldid = 0 ) {
3890  global $wgUseEnotif, $wgShowUpdatedMarker;
3891 
3892  // Do nothing if the database is locked to writes
3893  if ( wfReadOnly() ) {
3894  return;
3895  }
3896 
3897  // Do nothing if not allowed to edit the watchlist
3898  if ( !$this->isAllowed( 'editmywatchlist' ) ) {
3899  return;
3900  }
3901 
3902  // If we're working on user's talk page, we should update the talk page message indicator
3903  if ( $title->getNamespace() == NS_USER_TALK && $title->getText() == $this->getName() ) {
3904  // Avoid PHP 7.1 warning of passing $this by reference
3905  $user = $this;
3906  if ( !Hooks::run( 'UserClearNewTalkNotification', [ &$user, $oldid ] ) ) {
3907  return;
3908  }
3909 
3910  // Try to update the DB post-send and only if needed...
3911  DeferredUpdates::addCallableUpdate( function () use ( $title, $oldid ) {
3912  if ( !$this->getNewtalk() ) {
3913  return; // no notifications to clear
3914  }
3915 
3916  // Delete the last notifications (they stack up)
3917  $this->setNewtalk( false );
3918 
3919  // If there is a new, unseen, revision, use its timestamp
3920  $nextid = $oldid
3921  ? $title->getNextRevisionID( $oldid, Title::GAID_FOR_UPDATE )
3922  : null;
3923  if ( $nextid ) {
3924  $this->setNewtalk( true, Revision::newFromId( $nextid ) );
3925  }
3926  } );
3927  }
3928 
3929  if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
3930  return;
3931  }
3932 
3933  if ( $this->isAnon() ) {
3934  // Nothing else to do...
3935  return;
3936  }
3937 
3938  // Only update the timestamp if the page is being watched.
3939  // The query to find out if it is watched is cached both in memcached and per-invocation,
3940  // and when it does have to be executed, it can be on a replica DB
3941  // If this is the user's newtalk page, we always update the timestamp
3942  $force = '';
3943  if ( $title->getNamespace() == NS_USER_TALK && $title->getText() == $this->getName() ) {
3944  $force = 'force';
3945  }
3946 
3947  MediaWikiServices::getInstance()->getWatchedItemStore()
3948  ->resetNotificationTimestamp( $this, $title, $force, $oldid );
3949  }
3950 
3957  public function clearAllNotifications() {
3958  global $wgUseEnotif, $wgShowUpdatedMarker;
3959  // Do nothing if not allowed to edit the watchlist
3960  if ( wfReadOnly() || !$this->isAllowed( 'editmywatchlist' ) ) {
3961  return;
3962  }
3963 
3964  if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
3965  $this->setNewtalk( false );
3966  return;
3967  }
3968 
3969  $id = $this->getId();
3970  if ( !$id ) {
3971  return;
3972  }
3973 
3974  $watchedItemStore = MediaWikiServices::getInstance()->getWatchedItemStore();
3975  $watchedItemStore->resetAllNotificationTimestampsForUser( $this );
3976 
3977  // We also need to clear here the "you have new message" notification for the own
3978  // user_talk page; it's cleared one page view later in WikiPage::doViewUpdates().
3979  }
3980 
3986  public function getExperienceLevel() {
3987  global $wgLearnerEdits,
3988  $wgExperiencedUserEdits,
3989  $wgLearnerMemberSince,
3990  $wgExperiencedUserMemberSince;
3991 
3992  if ( $this->isAnon() ) {
3993  return false;
3994  }
3995 
3996  $editCount = $this->getEditCount();
3997  $registration = $this->getRegistration();
3998  $now = time();
3999  $learnerRegistration = wfTimestamp( TS_MW, $now - $wgLearnerMemberSince * 86400 );
4000  $experiencedRegistration = wfTimestamp( TS_MW, $now - $wgExperiencedUserMemberSince * 86400 );
4001 
4002  if (
4003  $editCount < $wgLearnerEdits ||
4004  $registration > $learnerRegistration
4005  ) {
4006  return 'newcomer';
4007  } elseif (
4008  $editCount > $wgExperiencedUserEdits &&
4009  $registration <= $experiencedRegistration
4010  ) {
4011  return 'experienced';
4012  } else {
4013  return 'learner';
4014  }
4015  }
4016 
4025  public function setCookies( $request = null, $secure = null, $rememberMe = false ) {
4026  $this->load();
4027  if ( 0 == $this->mId ) {
4028  return;
4029  }
4030 
4031  $session = $this->getRequest()->getSession();
4032  if ( $request && $session->getRequest() !== $request ) {
4033  $session = $session->sessionWithRequest( $request );
4034  }
4035  $delay = $session->delaySave();
4036 
4037  if ( !$session->getUser()->equals( $this ) ) {
4038  if ( !$session->canSetUser() ) {
4039  \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
4040  ->warning( __METHOD__ .
4041  ": Cannot save user \"$this\" to a user \"{$session->getUser()}\"'s immutable session"
4042  );
4043  return;
4044  }
4045  $session->setUser( $this );
4046  }
4047 
4048  $session->setRememberUser( $rememberMe );
4049  if ( $secure !== null ) {
4050  $session->setForceHTTPS( $secure );
4051  }
4052 
4053  $session->persist();
4054 
4055  ScopedCallback::consume( $delay );
4056  }
4057 
4061  public function logout() {
4062  // Avoid PHP 7.1 warning of passing $this by reference
4063  $user = $this;
4064  if ( Hooks::run( 'UserLogout', [ &$user ] ) ) {
4065  $this->doLogout();
4066  }
4067  }
4068 
4073  public function doLogout() {
4074  $session = $this->getRequest()->getSession();
4075  if ( !$session->canSetUser() ) {
4076  \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
4077  ->warning( __METHOD__ . ": Cannot log out of an immutable session" );
4078  $error = 'immutable';
4079  } elseif ( !$session->getUser()->equals( $this ) ) {
4080  \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
4081  ->warning( __METHOD__ .
4082  ": Cannot log user \"$this\" out of a user \"{$session->getUser()}\"'s session"
4083  );
4084  // But we still may as well make this user object anon
4085  $this->clearInstanceCache( 'defaults' );
4086  $error = 'wronguser';
4087  } else {
4088  $this->clearInstanceCache( 'defaults' );
4089  $delay = $session->delaySave();
4090  $session->unpersist(); // Clear cookies (T127436)
4091  $session->setLoggedOutTimestamp( time() );
4092  $session->setUser( new User );
4093  $session->set( 'wsUserID', 0 ); // Other code expects this
4094  $session->resetAllTokens();
4095  ScopedCallback::consume( $delay );
4096  $error = false;
4097  }
4098  \MediaWiki\Logger\LoggerFactory::getInstance( 'authevents' )->info( 'Logout', [
4099  'event' => 'logout',
4100  'successful' => $error === false,
4101  'status' => $error ?: 'success',
4102  ] );
4103  }
4104 
4109  public function saveSettings() {
4110  if ( wfReadOnly() ) {
4111  // @TODO: caller should deal with this instead!
4112  // This should really just be an exception.
4113  MWExceptionHandler::logException( new DBExpectedError(
4114  null,
4115  "Could not update user with ID '{$this->mId}'; DB is read-only."
4116  ) );
4117  return;
4118  }
4119 
4120  $this->load();
4121  if ( 0 == $this->mId ) {
4122  return; // anon
4123  }
4124 
4125  // Get a new user_touched that is higher than the old one.
4126  // This will be used for a CAS check as a last-resort safety
4127  // check against race conditions and replica DB lag.
4128  $newTouched = $this->newTouchedTimestamp();
4129 
4130  $dbw = wfGetDB( DB_MASTER );
4131  $dbw->doAtomicSection( __METHOD__, function ( $dbw, $fname ) use ( $newTouched ) {
4132  global $wgActorTableSchemaMigrationStage;
4133 
4134  $dbw->update( 'user',
4135  [ /* SET */
4136  'user_name' => $this->mName,
4137  'user_real_name' => $this->mRealName,
4138  'user_email' => $this->mEmail,
4139  'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
4140  'user_touched' => $dbw->timestamp( $newTouched ),
4141  'user_token' => strval( $this->mToken ),
4142  'user_email_token' => $this->mEmailToken,
4143  'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
4144  ], $this->makeUpdateConditions( $dbw, [ /* WHERE */
4145  'user_id' => $this->mId,
4146  ] ), $fname
4147  );
4148 
4149  if ( !$dbw->affectedRows() ) {
4150  // Maybe the problem was a missed cache update; clear it to be safe
4151  $this->clearSharedCache( 'refresh' );
4152  // User was changed in the meantime or loaded with stale data
4153  $from = ( $this->queryFlagsUsed & self::READ_LATEST ) ? 'master' : 'replica';
4154  throw new MWException(
4155  "CAS update failed on user_touched for user ID '{$this->mId}' (read from $from);" .
4156  " the version of the user to be saved is older than the current version."
4157  );
4158  }
4159 
4160  if ( $wgActorTableSchemaMigrationStage > MIGRATION_OLD ) {
4161  $dbw->update(
4162  'actor',
4163  [ 'actor_name' => $this->mName ],
4164  [ 'actor_user' => $this->mId ],
4165  $fname
4166  );
4167  }
4168  } );
4169 
4170  $this->mTouched = $newTouched;
4171  $this->saveOptions();
4172 
4173  Hooks::run( 'UserSaveSettings', [ $this ] );
4174  $this->clearSharedCache();
4175  $this->getUserPage()->invalidateCache();
4176  }
4177 
4184  public function idForName( $flags = 0 ) {
4185  $s = trim( $this->getName() );
4186  if ( $s === '' ) {
4187  return 0;
4188  }
4189 
4190  $db = ( ( $flags & self::READ_LATEST ) == self::READ_LATEST )
4191  ? wfGetDB( DB_MASTER )
4192  : wfGetDB( DB_REPLICA );
4193 
4194  $options = ( ( $flags & self::READ_LOCKING ) == self::READ_LOCKING )
4195  ? [ 'LOCK IN SHARE MODE' ]
4196  : [];
4197 
4198  $id = $db->selectField( 'user',
4199  'user_id', [ 'user_name' => $s ], __METHOD__, $options );
4200 
4201  return (int)$id;
4202  }
4203 
4219  public static function createNew( $name, $params = [] ) {
4220  foreach ( [ 'password', 'newpassword', 'newpass_time', 'password_expires' ] as $field ) {
4221  if ( isset( $params[$field] ) ) {
4222  wfDeprecated( __METHOD__ . " with param '$field'", '1.27' );
4223  unset( $params[$field] );
4224  }
4225  }
4226 
4227  $user = new User;
4228  $user->load();
4229  $user->setToken(); // init token
4230  if ( isset( $params['options'] ) ) {
4231  $user->mOptions = $params['options'] + (array)$user->mOptions;
4232  unset( $params['options'] );
4233  }
4234  $dbw = wfGetDB( DB_MASTER );
4235 
4236  $noPass = PasswordFactory::newInvalidPassword()->toString();
4237 
4238  $fields = [
4239  'user_name' => $name,
4240  'user_password' => $noPass,
4241  'user_newpassword' => $noPass,
4242  'user_email' => $user->mEmail,
4243  'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
4244  'user_real_name' => $user->mRealName,
4245  'user_token' => strval( $user->mToken ),
4246  'user_registration' => $dbw->timestamp( $user->mRegistration ),
4247  'user_editcount' => 0,
4248  'user_touched' => $dbw->timestamp( $user->newTouchedTimestamp() ),
4249  ];
4250  foreach ( $params as $name => $value ) {
4251  $fields["user_$name"] = $value;
4252  }
4253 
4254  return $dbw->doAtomicSection( __METHOD__, function ( $dbw, $fname ) use ( $fields ) {
4255  $dbw->insert( 'user', $fields, $fname, [ 'IGNORE' ] );
4256  if ( $dbw->affectedRows() ) {
4257  $newUser = self::newFromId( $dbw->insertId() );
4258  // Load the user from master to avoid replica lag
4259  $newUser->load( self::READ_LATEST );
4260  $newUser->updateActorId( $dbw );
4261  } else {
4262  $newUser = null;
4263  }
4264  return $newUser;
4265  } );
4266  }
4267 
4294  public function addToDatabase() {
4295  $this->load();
4296  if ( !$this->mToken ) {
4297  $this->setToken(); // init token
4298  }
4299 
4300  if ( !is_string( $this->mName ) ) {
4301  throw new RuntimeException( "User name field is not set." );
4302  }
4303 
4304  $this->mTouched = $this->newTouchedTimestamp();
4305 
4306  $dbw = wfGetDB( DB_MASTER );
4307  $status = $dbw->doAtomicSection( __METHOD__, function ( $dbw, $fname ) {
4308  $noPass = PasswordFactory::newInvalidPassword()->toString();
4309  $dbw->insert( 'user',
4310  [
4311  'user_name' => $this->mName,
4312  'user_password' => $noPass,
4313  'user_newpassword' => $noPass,
4314  'user_email' => $this->mEmail,
4315  'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
4316  'user_real_name' => $this->mRealName,
4317  'user_token' => strval( $this->mToken ),
4318  'user_registration' => $dbw->timestamp( $this->mRegistration ),
4319  'user_editcount' => 0,
4320  'user_touched' => $dbw->timestamp( $this->mTouched ),
4321  ], $fname,
4322  [ 'IGNORE' ]
4323  );
4324  if ( !$dbw->affectedRows() ) {
4325  // Use locking reads to bypass any REPEATABLE-READ snapshot.
4326  $this->mId = $dbw->selectField(
4327  'user',
4328  'user_id',
4329  [ 'user_name' => $this->mName ],
4330  __METHOD__,
4331  [ 'LOCK IN SHARE MODE' ]
4332  );
4333  $loaded = false;
4334  if ( $this->mId ) {
4335  if ( $this->loadFromDatabase( self::READ_LOCKING ) ) {
4336  $loaded = true;
4337  }
4338  }
4339  if ( !$loaded ) {
4340  throw new MWException( __METHOD__ . ": hit a key conflict attempting " .
4341  "to insert user '{$this->mName}' row, but it was not present in select!" );
4342  }
4343  return Status::newFatal( 'userexists' );
4344  }
4345  $this->mId = $dbw->insertId();
4346  self::$idCacheByName[$this->mName] = $this->mId;
4347  $this->updateActorId( $dbw );
4348 
4349  return Status::newGood();
4350  } );
4351  if ( !$status->isGood() ) {
4352  return $status;
4353  }
4354 
4355  // Clear instance cache other than user table data and actor, which is already accurate
4356  $this->clearInstanceCache();
4357 
4358  $this->saveOptions();
4359  return Status::newGood();
4360  }
4361 
4366  private function updateActorId( IDatabase $dbw ) {
4367  global $wgActorTableSchemaMigrationStage;
4368 
4369  if ( $wgActorTableSchemaMigrationStage > MIGRATION_OLD ) {
4370  $dbw->insert(
4371  'actor',
4372  [ 'actor_user' => $this->mId, 'actor_name' => $this->mName ],
4373  __METHOD__
4374  );
4375  $this->mActorId = (int)$dbw->insertId();
4376  }
4377  }
4378 
4384  public function spreadAnyEditBlock() {
4385  if ( $this->isLoggedIn() && $this->isBlocked() ) {
4386  return $this->spreadBlock();
4387  }
4388 
4389  return false;
4390  }
4391 
4397  protected function spreadBlock() {
4398  wfDebug( __METHOD__ . "()\n" );
4399  $this->load();
4400  if ( $this->mId == 0 ) {
4401  return false;
4402  }
4403 
4404  $userblock = Block::newFromTarget( $this->getName() );
4405  if ( !$userblock ) {
4406  return false;
4407  }
4408 
4409  return (bool)$userblock->doAutoblock( $this->getRequest()->getIP() );
4410  }
4411 
4416  public function isBlockedFromCreateAccount() {
4417  $this->getBlockedStatus();
4418  if ( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ) {
4419  return $this->mBlock;
4420  }
4421 
4422  # T15611: if the IP address the user is trying to create an account from is
4423  # blocked with createaccount disabled, prevent new account creation there even
4424  # when the user is logged in
4425  if ( $this->mBlockedFromCreateAccount === false && !$this->isAllowed( 'ipblock-exempt' ) ) {
4426  $this->mBlockedFromCreateAccount = Block::newFromTarget( null, $this->getRequest()->getIP() );
4427  }
4428  return $this->mBlockedFromCreateAccount instanceof Block
4429  && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
4430  ? $this->mBlockedFromCreateAccount
4431  : false;
4432  }
4433 
4438  public function isBlockedFromEmailuser() {
4439  $this->getBlockedStatus();
4440  return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
4441  }
4442 
4447  public function isAllowedToCreateAccount() {
4448  return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
4449  }
4450 
4456  public function getUserPage() {
4457  return Title::makeTitle( NS_USER, $this->getName() );
4458  }
4459 
4465  public function getTalkPage() {
4466  $title = $this->getUserPage();
4467  return $title->getTalkPage();
4468  }
4469 
4475  public function isNewbie() {
4476  return !$this->isAllowed( 'autoconfirmed' );
4477  }
4478 
4485  public function checkPassword( $password ) {
4486  $manager = AuthManager::singleton();
4487  $reqs = AuthenticationRequest::loadRequestsFromSubmission(
4488  $manager->getAuthenticationRequests( AuthManager::ACTION_LOGIN ),
4489  [
4490  'username' => $this->getName(),
4491  'password' => $password,
4492  ]
4493  );
4494  $res = AuthManager::singleton()->beginAuthentication( $reqs, 'null:' );
4495  switch ( $res->status ) {
4496  case AuthenticationResponse::PASS:
4497  return true;
4498  case AuthenticationResponse::FAIL:
4499  // Hope it's not a PreAuthenticationProvider that failed...
4500  \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' )
4501  ->info( __METHOD__ . ': Authentication failed: ' . $res->message->plain() );
4502  return false;
4503  default:
4504  throw new BadMethodCallException(
4505  'AuthManager returned a response unsupported by ' . __METHOD__
4506  );
4507  }
4508  }
4509 
4518  public function checkTemporaryPassword( $plaintext ) {
4519  // Can't check the temporary password individually.
4520  return $this->checkPassword( $plaintext );
4521  }
4522 
4534  public function getEditTokenObject( $salt = '', $request = null ) {
4535  if ( $this->isAnon() ) {
4536  return new LoggedOutEditToken();
4537  }
4538 
4539  if ( !$request ) {
4540  $request = $this->getRequest();
4541  }
4542  return $request->getSession()->getToken( $salt );
4543  }
4544 
4558  public function getEditToken( $salt = '', $request = null ) {
4559  return $this->getEditTokenObject( $salt, $request )->toString();
4560  }
4561 
4574  public function matchEditToken( $val, $salt = '', $request = null, $maxage = null ) {
4575  return $this->getEditTokenObject( $salt, $request )->match( $val, $maxage );
4576  }
4577 
4588  public function matchEditTokenNoSuffix( $val, $salt = '', $request = null, $maxage = null ) {
4589  $val = substr( $val, 0, strspn( $val, '0123456789abcdef' ) ) . Token::SUFFIX;
4590  return $this->matchEditToken( $val, $salt, $request, $maxage );
4591  }
4592 
4600  public function sendConfirmationMail( $type = 'created' ) {
4601  global $wgLang;
4602  $expiration = null; // gets passed-by-ref and defined in next line.
4603  $token = $this->confirmationToken( $expiration );
4604  $url = $this->confirmationTokenUrl( $token );
4605  $invalidateURL = $this->invalidationTokenUrl( $token );
4606  $this->saveSettings();
4607 
4608  if ( $type == 'created' || $type === false ) {
4609  $message = 'confirmemail_body';
4610  } elseif ( $type === true ) {
4611  $message = 'confirmemail_body_changed';
4612  } else {
4613  // Messages: confirmemail_body_changed, confirmemail_body_set
4614  $message = 'confirmemail_body_' . $type;
4615  }
4616 
4617  return $this->sendMail( wfMessage( 'confirmemail_subject' )->text(),
4618  wfMessage( $message,
4619  $this->getRequest()->getIP(),
4620  $this->getName(),
4621  $url,
4622  $wgLang->userTimeAndDate( $expiration, $this ),
4623  $invalidateURL,
4624  $wgLang->userDate( $expiration, $this ),
4625  $wgLang->userTime( $expiration, $this ) )->text() );
4626  }
4627 
4639  public function sendMail( $subject, $body, $from = null, $replyto = null ) {
4640  global $wgPasswordSender;
4641 
4642  if ( $from instanceof User ) {
4643  $sender = MailAddress::newFromUser( $from );
4644  } else {
4645  $sender = new MailAddress( $wgPasswordSender,
4646  wfMessage( 'emailsender' )->inContentLanguage()->text() );
4647  }
4648  $to = MailAddress::newFromUser( $this );
4649 
4650  return UserMailer::send( $to, $sender, $subject, $body, [
4651  'replyTo' => $replyto,
4652  ] );
4653  }
4654 
4665  protected function confirmationToken( &$expiration ) {
4666  global $wgUserEmailConfirmationTokenExpiry;
4667  $now = time();
4668  $expires = $now + $wgUserEmailConfirmationTokenExpiry;
4669  $expiration = wfTimestamp( TS_MW, $expires );
4670  $this->load();
4671  $token = MWCryptRand::generateHex( 32 );
4672  $hash = md5( $token );
4673  $this->mEmailToken = $hash;
4674  $this->mEmailTokenExpires = $expiration;
4675  return $token;
4676  }
4677 
4683  protected function confirmationTokenUrl( $token ) {
4684  return $this->getTokenUrl( 'ConfirmEmail', $token );
4685  }
4686 
4692  protected function invalidationTokenUrl( $token ) {
4693  return $this->getTokenUrl( 'InvalidateEmail', $token );
4694  }
4695 
4710  protected function getTokenUrl( $page, $token ) {
4711  // Hack to bypass localization of 'Special:'
4712  $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" );
4713  return $title->getCanonicalURL();
4714  }
4715 
4723  public function confirmEmail() {
4724  // Check if it's already confirmed, so we don't touch the database
4725  // and fire the ConfirmEmailComplete hook on redundant confirmations.
4726  if ( !$this->isEmailConfirmed() ) {
4727  $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
4728  Hooks::run( 'ConfirmEmailComplete', [ $this ] );
4729  }
4730  return true;
4731  }
4732 
4740  public function invalidateEmail() {
4741  $this->load();
4742  $this->mEmailToken = null;
4743  $this->mEmailTokenExpires = null;
4744  $this->setEmailAuthenticationTimestamp( null );
4745  $this->mEmail = '';
4746  Hooks::run( 'InvalidateEmailComplete', [ $this ] );
4747  return true;
4748  }
4749 
4754  public function setEmailAuthenticationTimestamp( $timestamp ) {
4755  $this->load();
4756  $this->mEmailAuthenticated = $timestamp;
4757  Hooks::run( 'UserSetEmailAuthenticationTimestamp', [ $this, &$this->mEmailAuthenticated ] );
4758  }
4759 
4765  public function canSendEmail() {
4766  global $wgEnableEmail, $wgEnableUserEmail;
4767  if ( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
4768  return false;
4769  }
4770  $canSend = $this->isEmailConfirmed();
4771  // Avoid PHP 7.1 warning of passing $this by reference
4772  $user = $this;
4773  Hooks::run( 'UserCanSendEmail', [ &$user, &$canSend ] );
4774  return $canSend;
4775  }
4776 
4782  public function canReceiveEmail() {
4783  return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
4784  }
4785 
4796  public function isEmailConfirmed() {
4797  global $wgEmailAuthentication;
4798  $this->load();
4799  // Avoid PHP 7.1 warning of passing $this by reference
4800  $user = $this;
4801  $confirmed = true;
4802  if ( Hooks::run( 'EmailConfirmed', [ &$user, &$confirmed ] ) ) {
4803  if ( $this->isAnon() ) {
4804  return false;
4805  }
4806  if ( !Sanitizer::validateEmail( $this->mEmail ) ) {
4807  return false;
4808  }
4809  if ( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() ) {
4810  return false;
4811  }
4812  return true;
4813  } else {
4814  return $confirmed;
4815  }
4816  }
4817 
4822  public function isEmailConfirmationPending() {
4823  global $wgEmailAuthentication;
4824  return $wgEmailAuthentication &&
4825  !$this->isEmailConfirmed() &&
4826  $this->mEmailToken &&
4827  $this->mEmailTokenExpires > wfTimestamp();
4828  }
4829 
4837  public function getRegistration() {
4838  if ( $this->isAnon() ) {
4839  return false;
4840  }
4841  $this->load();
4842  return $this->mRegistration;
4843  }
4844 
4851  public function getFirstEditTimestamp() {
4852  if ( $this->getId() == 0 ) {
4853  return false; // anons
4854  }
4855  $dbr = wfGetDB( DB_REPLICA );
4856  $actorWhere = ActorMigration::newMigration()->getWhere( $dbr, 'rev_user', $this );
4857  $time = $dbr->selectField(
4858  [ 'revision' ] + $actorWhere['tables'],
4859  'rev_timestamp',
4860  [ $actorWhere['conds'] ],
4861  __METHOD__,
4862  [ 'ORDER BY' => 'rev_timestamp ASC' ],
4863  $actorWhere['joins']
4864  );
4865  if ( !$time ) {
4866  return false; // no edits
4867  }
4868  return wfTimestamp( TS_MW, $time );
4869  }
4870 
4877  public static function getGroupPermissions( $groups ) {
4878  global $wgGroupPermissions, $wgRevokePermissions;
4879  $rights = [];
4880  // grant every granted permission first
4881  foreach ( $groups as $group ) {
4882  if ( isset( $wgGroupPermissions[$group] ) ) {
4883  $rights = array_merge( $rights,
4884  // array_filter removes empty items
4885  array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
4886  }
4887  }
4888  // now revoke the revoked permissions
4889  foreach ( $groups as $group ) {
4890  if ( isset( $wgRevokePermissions[$group] ) ) {
4891  $rights = array_diff( $rights,
4892  array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
4893  }
4894  }
4895  return array_unique( $rights );
4896  }
4897 
4904  public static function getGroupsWithPermission( $role ) {
4905  global $wgGroupPermissions;
4906  $allowedGroups = [];
4907  foreach ( array_keys( $wgGroupPermissions ) as $group ) {
4908  if ( self::groupHasPermission( $group, $role ) ) {
4909  $allowedGroups[] = $group;
4910  }
4911  }
4912  return $allowedGroups;
4913  }
4914 
4927  public static function groupHasPermission( $group, $role ) {
4928  global $wgGroupPermissions, $wgRevokePermissions;
4929  return isset( $wgGroupPermissions[$group][$role] ) && $wgGroupPermissions[$group][$role]
4930  && !( isset( $wgRevokePermissions[$group][$role] ) && $wgRevokePermissions[$group][$role] );
4931  }
4932 
4947  public static function isEveryoneAllowed( $right ) {
4948  global $wgGroupPermissions, $wgRevokePermissions;
4949  static $cache = [];
4950 
4951  // Use the cached results, except in unit tests which rely on
4952  // being able change the permission mid-request
4953  if ( isset( $cache[$right] ) && !defined( 'MW_PHPUNIT_TEST' ) ) {
4954  return $cache[$right];
4955  }
4956 
4957  if ( !isset( $wgGroupPermissions['*'][$right] ) || !$wgGroupPermissions['*'][$right] ) {
4958  $cache[$right] = false;
4959  return false;
4960  }
4961 
4962  // If it's revoked anywhere, then everyone doesn't have it
4963  foreach ( $wgRevokePermissions as $rights ) {
4964  if ( isset( $rights[$right] ) && $rights[$right] ) {
4965  $cache[$right] = false;
4966  return false;
4967  }
4968  }
4969 
4970  // Remove any rights that aren't allowed to the global-session user,
4971  // unless there are no sessions for this endpoint.
4972  if ( !defined( 'MW_NO_SESSION' ) ) {
4973  $allowedRights = SessionManager::getGlobalSession()->getAllowedUserRights();
4974  if ( $allowedRights !== null && !in_array( $right, $allowedRights, true ) ) {
4975  $cache[$right] = false;
4976  return false;
4977  }
4978  }
4979 
4980  // Allow extensions to say false
4981  if ( !Hooks::run( 'UserIsEveryoneAllowed', [ $right ] ) ) {
4982  $cache[$right] = false;
4983  return false;
4984  }
4985 
4986  $cache[$right] = true;
4987  return true;
4988  }
4989 
4997  public static function getGroupName( $group ) {
4998  wfDeprecated( __METHOD__, '1.29' );
4999  return UserGroupMembership::getGroupName( $group );
5000  }
5001 
5010  public static function getGroupMember( $group, $username = '#' ) {
5011  wfDeprecated( __METHOD__, '1.29' );
5012  return UserGroupMembership::getGroupMemberName( $group, $username );
5013  }
5014 
5021  public static function getAllGroups() {
5022  global $wgGroupPermissions, $wgRevokePermissions;
5023  return array_diff(
5024  array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
5025  self::getImplicitGroups()
5026  );
5027  }
5028 
5033  public static function getAllRights() {
5034  if ( self::$mAllRights === false ) {
5035  global $wgAvailableRights;
5036  if ( count( $wgAvailableRights ) ) {
5037  self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
5038  } else {
5039  self::$mAllRights = self::$mCoreRights;
5040  }
5041  Hooks::run( 'UserGetAllRights', [ &self::$mAllRights ] );
5042  }
5043  return self::$mAllRights;
5044  }
5045 
5050  public static function getImplicitGroups() {
5051  global $wgImplicitGroups;
5052 
5053  $groups = $wgImplicitGroups;
5054  # Deprecated, use $wgImplicitGroups instead
5055  Hooks::run( 'UserGetImplicitGroups', [ &$groups ], '1.25' );
5056 
5057  return $groups;
5058  }
5059 
5067  public static function getGroupPage( $group ) {
5068  wfDeprecated( __METHOD__, '1.29' );
5069  return UserGroupMembership::getGroupPage( $group );
5070  }
5071 
5082  public static function makeGroupLinkHTML( $group, $text = '' ) {
5083  wfDeprecated( __METHOD__, '1.29' );
5084 
5085  if ( $text == '' ) {
5086  $text = UserGroupMembership::getGroupName( $group );
5087  }
5088  $title = UserGroupMembership::getGroupPage( $group );
5089  if ( $title ) {
5090  return MediaWikiServices::getInstance()
5091  ->getLinkRenderer()->makeLink( $title, $text );
5092  } else {
5093  return htmlspecialchars( $text );
5094  }
5095  }
5096 
5107  public static function makeGroupLinkWiki( $group, $text = '' ) {
5108  wfDeprecated( __METHOD__, '1.29' );
5109 
5110  if ( $text == '' ) {
5111  $text = UserGroupMembership::getGroupName( $group );
5112  }
5113  $title = UserGroupMembership::getGroupPage( $group );
5114  if ( $title ) {
5115  $page = $title->getFullText();
5116  return "[[$page|$text]]";
5117  } else {
5118  return $text;
5119  }
5120  }
5121 
5131  public static function changeableByGroup( $group ) {
5132  global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;
5133 
5134  $groups = [
5135  'add' => [],
5136  'remove' => [],
5137  'add-self' => [],
5138  'remove-self' => []
5139  ];
5140 
5141  if ( empty( $wgAddGroups[$group] ) ) {
5142  // Don't add anything to $groups
5143  } elseif ( $wgAddGroups[$group] === true ) {
5144  // You get everything
5145  $groups['add'] = self::getAllGroups();
5146  } elseif ( is_array( $wgAddGroups[$group] ) ) {
5147  $groups['add'] = $wgAddGroups[$group];
5148  }
5149 
5150  // Same thing for remove
5151  if ( empty( $wgRemoveGroups[$group] ) ) {
5152  // Do nothing
5153  } elseif ( $wgRemoveGroups[$group] === true ) {
5154  $groups['remove'] = self::getAllGroups();
5155  } elseif ( is_array( $wgRemoveGroups[$group] ) ) {
5156  $groups['remove'] = $wgRemoveGroups[$group];
5157  }
5158 
5159  // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
5160  if ( empty( $wgGroupsAddToSelf['user'] ) || $wgGroupsAddToSelf['user'] !== true ) {
5161  foreach ( $wgGroupsAddToSelf as $key => $value ) {
5162  if ( is_int( $key ) ) {
5163  $wgGroupsAddToSelf['user'][] = $value;
5164  }
5165  }
5166  }
5167 
5168  if ( empty( $wgGroupsRemoveFromSelf['user'] ) || $wgGroupsRemoveFromSelf['user'] !== true ) {
5169  foreach ( $wgGroupsRemoveFromSelf as $key => $value ) {
5170  if ( is_int( $key ) ) {
5171  $wgGroupsRemoveFromSelf['user'][] = $value;
5172  }
5173  }
5174  }
5175 
5176  // Now figure out what groups the user can add to him/herself
5177  if ( empty( $wgGroupsAddToSelf[$group] ) ) {
5178  // Do nothing
5179  } elseif ( $wgGroupsAddToSelf[$group] === true ) {
5180  // No idea WHY this would be used, but it's there
5181  $groups['add-self'] = self::getAllGroups();
5182  } elseif ( is_array( $wgGroupsAddToSelf[$group] ) ) {
5183  $groups['add-self'] = $wgGroupsAddToSelf[$group];
5184  }
5185 
5186  if ( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
5187  // Do nothing
5188  } elseif ( $wgGroupsRemoveFromSelf[$group] === true ) {
5189  $groups['remove-self'] = self::getAllGroups();
5190  } elseif ( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
5191  $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
5192  }
5193 
5194  return $groups;
5195  }
5196 
5204  public function changeableGroups() {
5205  if ( $this->isAllowed( 'userrights' ) ) {
5206  // This group gives the right to modify everything (reverse-
5207  // compatibility with old "userrights lets you change
5208  // everything")
5209  // Using array_merge to make the groups reindexed
5210  $all = array_merge( self::getAllGroups() );
5211  return [
5212  'add' => $all,
5213  'remove' => $all,
5214  'add-self' => [],
5215  'remove-self' => []
5216  ];
5217  }
5218 
5219  // Okay, it's not so simple, we will have to go through the arrays
5220  $groups = [
5221  'add' => [],
5222  'remove' => [],
5223  'add-self' => [],
5224  'remove-self' => []
5225  ];
5226  $addergroups = $this->getEffectiveGroups();
5227 
5228  foreach ( $addergroups as $addergroup ) {
5229  $groups = array_merge_recursive(
5230  $groups, $this->changeableByGroup( $addergroup )
5231  );
5232  $groups['add'] = array_unique( $groups['add'] );
5233  $groups['remove'] = array_unique( $groups['remove'] );
5234  $groups['add-self'] = array_unique( $groups['add-self'] );
5235  $groups['remove-self'] = array_unique( $groups['remove-self'] );
5236  }
5237  return $groups;
5238  }
5239 
5246  public function incEditCount() {
5247  wfGetDB( DB_MASTER )->onTransactionPreCommitOrIdle(
5248  function () {
5249  $this->incEditCountImmediate();
5250  },
5251  __METHOD__
5252  );
5253  }
5254 
5260  public function incEditCountImmediate() {
5261  if ( $this->isAnon() ) {
5262  return;
5263  }
5264 
5265  $dbw = wfGetDB( DB_MASTER );
5266  // No rows will be "affected" if user_editcount is NULL
5267  $dbw->update(
5268  'user',
5269  [ 'user_editcount=user_editcount+1' ],
5270  [ 'user_id' => $this->getId(), 'user_editcount IS NOT NULL' ],
5271  __METHOD__
5272  );
5273  // Lazy initialization check...
5274  if ( $dbw->affectedRows() == 0 ) {
5275  // Now here's a goddamn hack...
5276  $dbr = wfGetDB( DB_REPLICA );
5277  if ( $dbr !== $dbw ) {
5278  // If we actually have a replica DB server, the count is
5279  // at least one behind because the current transaction
5280  // has not been committed and replicated.
5281  $this->mEditCount = $this->initEditCount( 1 );
5282  } else {
5283  // But if DB_REPLICA is selecting the master, then the
5284  // count we just read includes the revision that was
5285  // just added in the working transaction.
5286  $this->mEditCount = $this->initEditCount();
5287  }
5288  } else {
5289  if ( $this->mEditCount === null ) {
5290  $this->getEditCount();
5291  $dbr = wfGetDB( DB_REPLICA );
5292  $this->mEditCount += ( $dbr !== $dbw ) ? 1 : 0;
5293  } else {
5294  $this->mEditCount++;
5295  }
5296  }
5297  // Edit count in user cache too
5298  $this->invalidateCache();
5299  }
5300 
5307  protected function initEditCount( $add = 0 ) {
5308  // Pull from a replica DB to be less cruel to servers
5309  // Accuracy isn't the point anyway here
5310  $dbr = wfGetDB( DB_REPLICA );
5311  $actorWhere = ActorMigration::newMigration()->getWhere( $dbr, 'rev_user', $this );
5312  $count = (int)$dbr->selectField(
5313  [ 'revision' ] + $actorWhere['tables'],
5314  'COUNT(*)',
5315  [ $actorWhere['conds'] ],
5316  __METHOD__,
5317  [],
5318  $actorWhere['joins']
5319  );
5320  $count = $count + $add;
5321 
5322  $dbw = wfGetDB( DB_MASTER );
5323  $dbw->update(
5324  'user',
5325  [ 'user_editcount' => $count ],
5326  [ 'user_id' => $this->getId() ],
5327  __METHOD__
5328  );
5329 
5330  return $count;
5331  }
5332 
5340  public static function getRightDescription( $right ) {
5341  $key = "right-$right";
5342  $msg = wfMessage( $key );
5343  return $msg->isDisabled() ? $right : $msg->text();
5344  }
5345 
5353  public static function getGrantName( $grant ) {
5354  $key = "grant-$grant";
5355  $msg = wfMessage( $key );
5356  return $msg->isDisabled() ? $grant : $msg->text();
5357  }
5358 
5379  public function addNewUserLogEntry( $action = false, $reason = '' ) {
5380  return true; // disabled
5381  }
5382 
5391  public function addNewUserLogEntryAutoCreate() {
5392  $this->addNewUserLogEntry( 'autocreate' );
5393 
5394  return true;
5395  }
5396 
5402  protected function loadOptions( $data = null ) {
5403  global $wgContLang;
5404 
5405  $this->load();
5406 
5407  if ( $this->mOptionsLoaded ) {
5408  return;
5409  }
5410 
5411  $this->mOptions = self::getDefaultOptions();
5412 
5413  if ( !$this->getId() ) {
5414  // For unlogged-in users, load language/variant options from request.
5415  // There's no need to do it for logged-in users: they can set preferences,
5416  // and handling of page content is done by $pageLang->getPreferredVariant() and such,
5417  // so don't override user's choice (especially when the user chooses site default).
5418  $variant = $wgContLang->getDefaultVariant();
5419  $this->mOptions['variant'] = $variant;
5420  $this->mOptions['language'] = $variant;
5421  $this->mOptionsLoaded = true;
5422  return;
5423  }
5424 
5425  // Maybe load from the object
5426  if ( !is_null( $this->mOptionOverrides ) ) {
5427  wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
5428  foreach ( $this->mOptionOverrides as $key => $value ) {
5429  $this->mOptions[$key] = $value;
5430  }
5431  } else {
5432  if ( !is_array( $data ) ) {
5433  wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
5434  // Load from database
5435  $dbr = ( $this->queryFlagsUsed & self::READ_LATEST )
5436  ? wfGetDB( DB_MASTER )
5437  : wfGetDB( DB_REPLICA );
5438 
5439  $res = $dbr->select(
5440  'user_properties',
5441  [ 'up_property', 'up_value' ],
5442  [ 'up_user' => $this->getId() ],
5443  __METHOD__
5444  );
5445 
5446  $this->mOptionOverrides = [];
5447  $data = [];
5448  foreach ( $res as $row ) {
5449  // Convert '0' to 0. PHP's boolean conversion considers them both
5450  // false, but e.g. JavaScript considers the former as true.
5451  // @todo: T54542 Somehow determine the desired type (string/int/bool)
5452  // and convert all values here.
5453  if ( $row->up_value === '0' ) {
5454  $row->up_value = 0;
5455  }
5456  $data[$row->up_property] = $row->up_value;
5457  }
5458  }
5459 
5460  // Convert the email blacklist from a new line delimited string
5461  // to an array of ids.
5462  if ( isset( $data['email-blacklist'] ) && $data['email-blacklist'] ) {
5463  $data['email-blacklist'] = array_map( 'intval', explode( "\n", $data['email-blacklist'] ) );
5464  }
5465 
5466  foreach ( $data as $property => $value ) {
5467  $this->mOptionOverrides[$property] = $value;
5468  $this->mOptions[$property] = $value;
5469  }
5470  }
5471 
5472  $this->mOptionsLoaded = true;
5473 
5474  Hooks::run( 'UserLoadOptions', [ $this, &$this->mOptions ] );
5475  }
5476 
5482  protected function saveOptions() {
5483  $this->loadOptions();
5484 
5485  // Not using getOptions(), to keep hidden preferences in database
5486  $saveOptions = $this->mOptions;
5487 
5488  // Convert usernames to ids.
5489  if ( isset( $this->mOptions['email-blacklist'] ) ) {
5490  if ( $this->mOptions['email-blacklist'] ) {
5491  $value = $this->mOptions['email-blacklist'];
5492  // Email Blacklist may be an array of ids or a string of new line
5493  // delimnated user names.
5494  if ( is_array( $value ) ) {
5495  $ids = array_filter( $value, 'is_numeric' );
5496  } else {
5497  $lookup = CentralIdLookup::factory();
5498  $ids = $lookup->centralIdsFromNames( explode( "\n", $value ), $this );
5499  }
5500  $this->mOptions['email-blacklist'] = $ids;
5501  $saveOptions['email-blacklist'] = implode( "\n", $this->mOptions['email-blacklist'] );
5502  } else {
5503  // If the blacklist is empty, set it to null rather than an empty string.
5504  $this->mOptions['email-blacklist'] = null;
5505  }
5506  }
5507 
5508  // Allow hooks to abort, for instance to save to a global profile.
5509  // Reset options to default state before saving.
5510  if ( !Hooks::run( 'UserSaveOptions', [ $this, &$saveOptions ] ) ) {
5511  return;
5512  }
5513 
5514  $userId = $this->getId();
5515 
5516  $insert_rows = []; // all the new preference rows
5517  foreach ( $saveOptions as $key => $value ) {
5518  // Don't bother storing default values
5519  $defaultOption = self::getDefaultOption( $key );
5520  if ( ( $defaultOption === null && $value !== false && $value !== null )
5521  || $value != $defaultOption
5522  ) {
5523  $insert_rows[] = [
5524  'up_user' => $userId,
5525  'up_property' => $key,
5526  'up_value' => $value,
5527  ];
5528  }
5529  }
5530 
5531  $dbw = wfGetDB( DB_MASTER );
5532 
5533  $res = $dbw->select( 'user_properties',
5534  [ 'up_property', 'up_value' ], [ 'up_user' => $userId ], __METHOD__ );
5535 
5536  // Find prior rows that need to be removed or updated. These rows will
5537  // all be deleted (the latter so that INSERT IGNORE applies the new values).
5538  $keysDelete = [];
5539  foreach ( $res as $row ) {
5540  if ( !isset( $saveOptions[$row->up_property] )
5541  || strcmp( $saveOptions[$row->up_property], $row->up_value ) != 0
5542  ) {
5543  $keysDelete[] = $row->up_property;
5544  }
5545  }
5546 
5547  if ( count( $keysDelete ) ) {
5548  // Do the DELETE by PRIMARY KEY for prior rows.
5549  // In the past a very large portion of calls to this function are for setting
5550  // 'rememberpassword' for new accounts (a preference that has since been removed).
5551  // Doing a blanket per-user DELETE for new accounts with no rows in the table
5552  // caused gap locks on [max user ID,+infinity) which caused high contention since
5553  // updates would pile up on each other as they are for higher (newer) user IDs.
5554  // It might not be necessary these days, but it shouldn't hurt either.
5555  $dbw->delete( 'user_properties',
5556  [ 'up_user' => $userId, 'up_property' => $keysDelete ], __METHOD__ );
5557  }
5558  // Insert the new preference rows
5559  $dbw->insert( 'user_properties', $insert_rows, __METHOD__, [ 'IGNORE' ] );
5560  }
5561 
5568  public static function selectFields() {
5569  wfDeprecated( __METHOD__, '1.31' );
5570  return [
5571  'user_id',
5572  'user_name',
5573  'user_real_name',
5574  'user_email',
5575  'user_touched',
5576  'user_token',
5577  'user_email_authenticated',
5578  'user_email_token',
5579  'user_email_token_expires',
5580  'user_registration',
5581  'user_editcount',
5582  ];
5583  }
5584 
5594  public static function getQueryInfo() {
5595  global $wgActorTableSchemaMigrationStage;
5596 
5597  $ret = [
5598  'tables' => [ 'user' ],
5599  'fields' => [
5600  'user_id',
5601  'user_name',
5602  'user_real_name',
5603  'user_email',
5604  'user_touched',
5605  'user_token',
5606  'user_email_authenticated',
5607  'user_email_token',
5608  'user_email_token_expires',
5609  'user_registration',
5610  'user_editcount',
5611  ],
5612  'joins' => [],
5613  ];
5614  if ( $wgActorTableSchemaMigrationStage > MIGRATION_OLD ) {
5615  $ret['tables']['user_actor'] = 'actor';
5616  $ret['fields'][] = 'user_actor.actor_id';
5617  $ret['joins']['user_actor'] = [
5618  $wgActorTableSchemaMigrationStage === MIGRATION_NEW ? 'JOIN' : 'LEFT JOIN',
5619  [ 'user_actor.actor_user = user_id' ]
5620  ];
5621  }
5622  return $ret;
5623  }
5624 
5632  static function newFatalPermissionDeniedStatus( $permission ) {
5633  global $wgLang;
5634 
5635  $groups = [];
5636  foreach ( self::getGroupsWithPermission( $permission ) as $group ) {
5637  $groups[] = UserGroupMembership::getLink( $group, RequestContext::getMain(), 'wiki' );
5638  }
5639 
5640  if ( $groups ) {
5641  return Status::newFatal( 'badaccess-groups', $wgLang->commaList( $groups ), count( $groups ) );
5642  } else {
5643  return Status::newFatal( 'badaccess-group0' );
5644  }
5645  }
5646 
5656  public function getInstanceForUpdate() {
5657  if ( !$this->getId() ) {
5658  return null; // anon
5659  }
5660 
5661  $user = self::newFromId( $this->getId() );
5662  if ( !$user->loadFromId( self::READ_EXCLUSIVE ) ) {
5663  return null;
5664  }
5665 
5666  return $user;
5667  }
5668 
5676  public function equals( User $user ) {
5677  return $this->getName() === $user->getName();
5678  }
5679 }
User\getDefaultOption
static getDefaultOption( $opt)
Get a given default option value.
Definition: User.php:1762
User\saveOptions
saveOptions()
Saves the non-default options for this user, as previously set e.g.
Definition: User.php:5482
$wgHiddenPrefs
$wgHiddenPrefs
An array of preferences to not show for the user.
Definition: DefaultSettings.php:4901
Block\prevents
prevents( $action, $x=null)
Get/set whether the Block prevents a given action.
Definition: Block.php:1070
User\updateNewtalk
updateNewtalk( $field, $id, $curRev=null)
Add or update the new messages flag.
Definition: User.php:2604
User\loadFromId
loadFromId( $flags=self::READ_NORMAL)
Load user table data, given mId has already been set.
Definition: User.php:466
User\load
load( $flags=self::READ_NORMAL)
Load the user table data for this object from the source given by mFrom.
Definition: User.php:367
User\getNewtalk
getNewtalk()
Check if the user has new messages.
Definition: User.php:2499
Wikimedia\Rdbms\Database
Relational database abstraction object.
Definition: Database.php:48
User\$mOptionsLoaded
$mOptionsLoaded
Bool Whether the cache variables have been loaded.
Definition: User.php:248
$wgProxyWhitelist
$wgProxyWhitelist
Proxy whitelist, list of addresses that are assumed to be non-proxy despite what the other methods mi...
Definition: DefaultSettings.php:5599
User\inDnsBlacklist
inDnsBlacklist( $ip, $bases)
Whether the given IP is in a given DNS blacklist.
Definition: User.php:1954
$user
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a account $user
Definition: hooks.txt:244
if
if($IP===false)
Definition: cleanupArchiveUserText.php:4
$wgUser
$wgUser
Definition: Setup.php:894
User\newFromId
static newFromId( $id)
Static factory method for creation from a given user ID.
Definition: User.php:614
Title\newFromText
static newFromText( $text, $defaultNamespace=NS_MAIN)
Create a new Title from text, such as what one would find in a link.
Definition: Title.php:273
User\confirmationTokenUrl
confirmationTokenUrl( $token)
Return a URL the user can use to confirm their email address.
Definition: User.php:4683
file
We ve cleaned up the code here by removing clumps of infrequently used code and moving them off somewhere else It s much easier for someone working with this code to see what s _really_ going and make changes or fix bugs In we can take all the code that deals with the little used title reversing we can concentrate it all in an extension file
Definition: hooks.txt:91
$wgProxyList
$wgProxyList
Big list of banned IP addresses.
Definition: DefaultSettings.php:5948
User\clearSharedCache
clearSharedCache( $mode='changed')
Clear user data from memcached.
Definition: User.php:2702
wfCanIPUseHTTPS
wfCanIPUseHTTPS( $ip)
Determine whether the client at a given source IP is likely to be able to access the wiki via HTTPS.
Definition: GlobalFunctions.php:3296
false
processing should stop and the error should be shown to the user * false
Definition: hooks.txt:187
User\$mToken
string $mToken
Definition: User.php:227
ObjectCache\getLocalClusterInstance
static getLocalClusterInstance()
Get the main cluster-local cache object.
Definition: ObjectCache.php:367
User\isValidPassword
isValidPassword( $password)
Is the input a valid password for this user?
Definition: User.php:1123
User\getId
getId()
Get the user's ID.
Definition: User.php:2369
Revision\newFromId
static newFromId( $id, $flags=0)
Load a page revision from a given revision ID number.
Definition: Revision.php:114
User\makeGroupLinkWiki
static makeGroupLinkWiki( $group, $text='')
Create a link to the group in Wikitext, if available; else return the group name.
Definition: User.php:5107
User\useFilePatrol
useFilePatrol()
Check whether to enable new files patrol features for this user.
Definition: User.php:3811
$wgMaxArticleSize
$wgMaxArticleSize
Maximum article size in kilobytes.
Definition: DefaultSettings.php:2200
MWCryptHash\hmac
static hmac( $data, $key, $raw=true)
Generate an acceptably unstable one-way-hmac of some text making use of the best hash algorithm that ...
Definition: MWCryptHash.php:106
User\isAnon
isAnon()
Get whether the user is anonymous.
Definition: User.php:3722
$context
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on and they can depend only on the ResourceLoaderContext $context
Definition: hooks.txt:2604
User\$mBlock
Block $mBlock
Definition: User.php:301
Block\clearCookie
static clearCookie(WebResponse $response)
Unset the 'BlockID' cookie.
Definition: Block.php:1552
User\$mBlockreason
string $mBlockreason
Definition: User.php:281
User\getTokenUrl
getTokenUrl( $page, $token)
Internal function to format the e-mail validation/invalidation URLs.
Definition: User.php:4710
User\getActorId
getActorId(IDatabase $dbw=null)
Get the user's actor ID.
Definition: User.php:2432
User\$mImplicitGroups
array $mImplicitGroups
Definition: User.php:285
User\isLocallyBlockedProxy
static isLocallyBlockedProxy( $ip)
Check if an IP address is in the local proxy list.
Definition: User.php:2000
$wgRevokePermissions
$wgRevokePermissions
Permission keys revoked from users in each group.
Definition: DefaultSettings.php:5242
User\resetTokenFromOption
resetTokenFromOption( $oname)
Reset a token stored in the preferences (like the watchlist one).
Definition: User.php:3229
$wgBlockAllowsUTEdit
$wgBlockAllowsUTEdit
Set this to true to allow blocked users to edit their own user talk page.
Definition: DefaultSettings.php:4980
User\loadFromUserObject
loadFromUserObject( $user)
Load the data for this user object from another user object.
Definition: User.php:1555
User\newFatalPermissionDeniedStatus
static newFatalPermissionDeniedStatus( $permission)
Factory function for fatal permission-denied errors.
Definition: User.php:5632
User\getEditTokenObject
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition: User.php:4534
$wgShowUpdatedMarker
$wgShowUpdatedMarker
Show "Updated (since my last visit)" marker in RC view, watchlist and history view for watched pages ...
Definition: DefaultSettings.php:6930
IP\isInRanges
static isInRanges( $ip, $ranges)
Determines if an IP address is a list of CIDR a.b.c.d/n ranges.
Definition: IP.php:668
$opt
$opt
Definition: postprocess-phan.php:115
User\isBot
isBot()
Definition: User.php:3730
Block\newFromID
static newFromID( $id)
Load a blocked user from their block id.
Definition: Block.php:184
User\newTouchedTimestamp
newTouchedTimestamp()
Generate a current or new-future timestamp to be stored in the user_touched field when we update thin...
Definition: User.php:2681
$wgExperiencedUserMemberSince
$wgExperiencedUserMemberSince
Name of the external diff engine to use.
Definition: DefaultSettings.php:8789
User\getEditCount
getEditCount()
Get the user's edit count.
Definition: User.php:3613
User\spreadBlock
spreadBlock()
If this (non-anonymous) user is blocked, block the IP address they've successfully logged in from.
Definition: User.php:4397
User\incEditCount
incEditCount()
Deferred version of incEditCountImmediate()
Definition: User.php:5246
User\newFromSession
static newFromSession(WebRequest $request=null)
Create a new user object using data from session.
Definition: User.php:729
captcha-old.count
count
Definition: captcha-old.py:249
wfGetLB
wfGetLB( $wiki=false)
Get a load balancer object.
Definition: GlobalFunctions.php:2813
UserMailer\send
static send( $to, $from, $subject, $body, $options=[])
This function will perform a direct (authenticated) login to a SMTP Server to use for mail relaying i...
Definition: UserMailer.php:114
User\getOptionKinds
getOptionKinds(IContextSource $context, $options=null)
Return an associative array mapping preferences keys to the kind of a preference they're used for.
Definition: User.php:3286
Block\chooseBlock
static chooseBlock(array $blocks, array $ipChain)
From a list of multiple blocks, find the most exact and strongest Block.
Definition: Block.php:1293
User\getBlock
getBlock( $bFromSlave=true)
Get the block affecting the user, or null if the user is not blocked.
Definition: User.php:2222
text
design txt This is a brief overview of the new design More thorough and up to date information is available on the documentation wiki at etc Handles the details of getting and saving to the user table of the and dealing with sessions and cookies OutputPage Encapsulates the entire HTML page that will be sent in response to any server request It is used by calling its functions to add text
Definition: design.txt:12
User\isEmailConfirmationPending
isEmailConfirmationPending()
Check whether there is an outstanding request for e-mail confirmation.
Definition: User.php:4822
MediaWiki\Logger\LoggerFactory\getInstance
static getInstance( $channel)
Get a named logger instance from the currently configured logger factory.
Definition: LoggerFactory.php:92
User\getBlockId
getBlockId()
If user is blocked, return the ID for the block.
Definition: User.php:2273
User\getIntOption
getIntOption( $oname, $defaultOverride=0)
Get the user's current setting for a given option, as an integer value.
Definition: User.php:3164
User\getOptions
getOptions( $flags=0)
Get all user's options.
Definition: User.php:3121
UserGroupMembership\getGroupName
static getGroupName( $group)
Gets the localized friendly name for a group, if it exists.
Definition: UserGroupMembership.php:434
User\$mTouched
string $mTouched
TS_MW timestamp from the DB.
Definition: User.php:223
User\__construct
__construct()
Lightweight constructor for an anonymous user.
Definition: User.php:325
$result
The index of the header message $result[1]=The index of the body text message $result[2 through n]=Parameters passed to body text message. Please note the header message cannot receive/use parameters. 'ImportHandleLogItemXMLTag':When parsing a XML tag in a log item. Return false to stop further processing of the tag $reader:XMLReader object $logInfo:Array of information 'ImportHandlePageXMLTag':When parsing a XML tag in a page. Return false to stop further processing of the tag $reader:XMLReader object & $pageInfo:Array of information 'ImportHandleRevisionXMLTag':When parsing a XML tag in a page revision. Return false to stop further processing of the tag $reader:XMLReader object $pageInfo:Array of page information $revisionInfo:Array of revision information 'ImportHandleToplevelXMLTag':When parsing a top level XML tag. Return false to stop further processing of the tag $reader:XMLReader object 'ImportHandleUnknownUser':When a user doesn 't exist locally, this hook is called to give extensions an opportunity to auto-create it. If the auto-creation is successful, return false. $name:User name 'ImportHandleUploadXMLTag':When parsing a XML tag in a file upload. Return false to stop further processing of the tag $reader:XMLReader object $revisionInfo:Array of information 'ImportLogInterwikiLink':Hook to change the interwiki link used in log entries and edit summaries for transwiki imports. & $fullInterwikiPrefix:Interwiki prefix, may contain colons. & $pageTitle:String that contains page title. 'ImportSources':Called when reading from the $wgImportSources configuration variable. Can be used to lazy-load the import sources list. & $importSources:The value of $wgImportSources. Modify as necessary. See the comment in DefaultSettings.php for the detail of how to structure this array. 'InfoAction':When building information to display on the action=info page. $context:IContextSource object & $pageInfo:Array of information 'InitializeArticleMaybeRedirect':MediaWiki check to see if title is a redirect. & $title:Title object for the current page & $request:WebRequest & $ignoreRedirect:boolean to skip redirect check & $target:Title/string of redirect target & $article:Article object 'InternalParseBeforeLinks':during Parser 's internalParse method before links but after nowiki/noinclude/includeonly/onlyinclude and other processings. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InternalParseBeforeSanitize':during Parser 's internalParse method just before the parser removes unwanted/dangerous HTML tags and after nowiki/noinclude/includeonly/onlyinclude and other processings. Ideal for syntax-extensions after template/parser function execution which respect nowiki and HTML-comments. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InterwikiLoadPrefix':When resolving if a given prefix is an interwiki or not. Return true without providing an interwiki to continue interwiki search. $prefix:interwiki prefix we are looking for. & $iwData:output array describing the interwiki with keys iw_url, iw_local, iw_trans and optionally iw_api and iw_wikiid. 'InvalidateEmailComplete':Called after a user 's email has been invalidated successfully. $user:user(object) whose email is being invalidated 'IRCLineURL':When constructing the URL to use in an IRC notification. Callee may modify $url and $query, URL will be constructed as $url . $query & $url:URL to index.php & $query:Query string $rc:RecentChange object that triggered url generation 'IsFileCacheable':Override the result of Article::isFileCacheable()(if true) & $article:article(object) being checked 'IsTrustedProxy':Override the result of IP::isTrustedProxy() & $ip:IP being check & $result:Change this value to override the result of IP::isTrustedProxy() 'IsUploadAllowedFromUrl':Override the result of UploadFromUrl::isAllowedUrl() $url:URL used to upload from & $allowed:Boolean indicating if uploading is allowed for given URL 'isValidEmailAddr':Override the result of Sanitizer::validateEmail(), for instance to return false if the domain name doesn 't match your organization. $addr:The e-mail address entered by the user & $result:Set this and return false to override the internal checks 'isValidPassword':Override the result of User::isValidPassword() $password:The password entered by the user & $result:Set this and return false to override the internal checks $user:User the password is being validated for 'Language::getMessagesFileName':$code:The language code or the language we 're looking for a messages file for & $file:The messages file path, you can override this to change the location. 'LanguageGetMagic':DEPRECATED! Use $magicWords in a file listed in $wgExtensionMessagesFiles instead. Use this to define synonyms of magic words depending of the language & $magicExtensions:associative array of magic words synonyms $lang:language code(string) 'LanguageGetNamespaces':Provide custom ordering for namespaces or remove namespaces. Do not use this hook to add namespaces. Use CanonicalNamespaces for that. & $namespaces:Array of namespaces indexed by their numbers 'LanguageGetSpecialPageAliases':DEPRECATED! Use $specialPageAliases in a file listed in $wgExtensionMessagesFiles instead. Use to define aliases of special pages names depending of the language & $specialPageAliases:associative array of magic words synonyms $lang:language code(string) 'LanguageGetTranslatedLanguageNames':Provide translated language names. & $names:array of language code=> language name $code:language of the preferred translations 'LanguageLinks':Manipulate a page 's language links. This is called in various places to allow extensions to define the effective language links for a page. $title:The page 's Title. & $links:Array with elements of the form "language:title" in the order that they will be output. & $linkFlags:Associative array mapping prefixed links to arrays of flags. Currently unused, but planned to provide support for marking individual language links in the UI, e.g. for featured articles. 'LanguageSelector':Hook to change the language selector available on a page. $out:The output page. $cssClassName:CSS class name of the language selector. 'LinkBegin':DEPRECATED! Use HtmlPageLinkRendererBegin instead. Used when generating internal and interwiki links in Linker::link(), before processing starts. Return false to skip default processing and return $ret. See documentation for Linker::link() for details on the expected meanings of parameters. $skin:the Skin object $target:the Title that the link is pointing to & $html:the contents that the< a > tag should have(raw HTML) $result
Definition: hooks.txt:1985
wfTimestamp
wfTimestamp( $outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
Definition: GlobalFunctions.php:1968
User\getToken
getToken( $forceCreation=true)
Get the user's current token.
Definition: User.php:2908
User\spreadAnyEditBlock
spreadAnyEditBlock()
If this user is logged-in and blocked, block any IP address they've successfully logged in from.
Definition: User.php:4384
$wgSoftBlockRanges
string[] $wgSoftBlockRanges
IP ranges that should be considered soft-blocked (anon-only, account creation allowed).
Definition: DefaultSettings.php:5608
User\getNewMessageRevisionId
getNewMessageRevisionId()
Get the revision ID for the last talk page revision viewed by the talk page owner.
Definition: User.php:2562
User\loadDefaults
loadDefaults( $name=false)
Set cached properties to default.
Definition: User.php:1280
User\$mAllowUsertalk
bool $mAllowUsertalk
Definition: User.php:304
$wgEmailAuthentication
$wgEmailAuthentication
Require email authentication before sending mail to an email address.
Definition: DefaultSettings.php:1700
User\$mOptions
array $mOptions
Definition: User.php:295
User\$mNewtalk
$mNewtalk
Lazy-initialized variables, invalidated with clearInstanceCache.
Definition: User.php:271
User\loadOptions
loadOptions( $data=null)
Load the user options either from cache, the database or an array.
Definition: User.php:5402
User\makeGroupLinkHTML
static makeGroupLinkHTML( $group, $text='')
Create a link to the group in HTML, if available; else return the group name.
Definition: User.php:5082
MIGRATION_NEW
const MIGRATION_NEW
Definition: Defines.php:296
use
as see the revision history and available at free of to any person obtaining a copy of this software and associated documentation to deal in the Software without including without limitation the rights to use
Definition: MIT-LICENSE.txt:10
$wgDefaultUserOptions
$wgDefaultUserOptions
Settings added to this array will override the default globals for the user preferences used by anony...
Definition: DefaultSettings.php:4834
$req
this hook is for auditing only $req
Definition: hooks.txt:990
User\setNewpassword
setNewpassword( $str, $throttle=true)
Set the password for a password reminder or new account email.
Definition: User.php:2966
Autopromote\getAutopromoteGroups
static getAutopromoteGroups(User $user)
Get the groups for the given user based on $wgAutopromote.
Definition: Autopromote.php:35
StatusValue\newFatal
static newFatal( $message)
Factory function for fatal errors.
Definition: StatusValue.php:68
User\setEmailWithConfirmation
setEmailWithConfirmation( $str)
Set the user's e-mail address and a confirmation mail if needed.
Definition: User.php:3011
$wgEnableUserEmail
$wgEnableUserEmail
Set to true to enable user-to-user e-mail.
Definition: DefaultSettings.php:1605
User\$mHideName
bool $mHideName
Definition: User.php:293
User\getStubThreshold
getStubThreshold()
Get the user preferred stub threshold.
Definition: User.php:3455
$params
$params
Definition: styleTest.css.php:40
Block\newFromTarget
static newFromTarget( $specificTarget, $vagueTarget=null, $fromMaster=false)
Given a target and the target's type, get an existing Block object if possible.
Definition: Block.php:1173
wfReadOnly
wfReadOnly()
Check whether the wiki is in read-only mode.
Definition: GlobalFunctions.php:1250
User\$mLocked
bool $mLocked
Definition: User.php:291
User\newFromName
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition: User.php:591
User\loadFromRow
loadFromRow( $row, $data=null)
Initialize this object from a row from the user table.
Definition: User.php:1439
User\setEmailAuthenticationTimestamp
setEmailAuthenticationTimestamp( $timestamp)
Set the e-mail authentication timestamp.
Definition: User.php:4754
IP\isIPv6
static isIPv6( $ip)
Given a string, determine if it as valid IP in IPv6 only.
Definition: IP.php:88
User\$mEmail
string $mEmail
Definition: User.php:221
User\getUserPage
getUserPage()
Get this user's personal page title.
Definition: User.php:4456
User\$mOptionOverrides
array $mOptionOverrides
Definition: User.php:241
User\getGroups
getGroups()
Get the list of explicit group memberships this user has.
Definition: User.php:3511
User\newFromAnyId
static newFromAnyId( $userId, $userName, $actorId)
Static factory method for creation from an ID, name, and/or actor ID.
Definition: User.php:657
$s
$s
Definition: mergeMessageFileList.php:187
page
target page
Definition: All_system_messages.txt:1267
User\getBlockFromCookieValue
getBlockFromCookieValue( $blockCookieVal)
Try to load a Block from an ID given in a cookie value.
Definition: User.php:1894
PasswordFactory\generateRandomPasswordString
static generateRandomPasswordString( $minLength=10)
Generate a random string suitable for a password.
Definition: PasswordFactory.php:198
MWCryptRand\generateHex
static generateHex( $chars, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in hexadecimal string format.
Definition: MWCryptRand.php:76
User\useNPPatrol
useNPPatrol()
Check whether to enable new pages patrol features for this user.
Definition: User.php:3799
$res
$res
Definition: database.txt:21
DBAccessObjectUtils\getDBOptions
static getDBOptions( $bitfield)
Get an appropriate DB index, options, and fallback DB index for a query.
Definition: DBAccessObjectUtils.php:52
$name
Allows to change the fields on the form that will be generated $name
Definition: hooks.txt:302
User\getDatePreference
getDatePreference()
Get the user's preferred date format.
Definition: User.php:3416
User\isSafeToLoad
isSafeToLoad()
Test if it's safe to load this User object.
Definition: User.php:350
User\setEmail
setEmail( $str)
Set the user's e-mail address.
Definition: User.php:2994
User\idForName
idForName( $flags=0)
If only this user's username is known, and it exists, return the user ID.
Definition: User.php:4184
$wgAvailableRights
$wgAvailableRights[]
Definition: ReplaceText.php:55
$success
$success
Definition: NoLocalSettings.php:42
User\isValidUserName
static isValidUserName( $name)
Is the input a valid username?
Definition: User.php:969
User
User
Definition: All_system_messages.txt:425
User\sendConfirmationMail
sendConfirmationMail( $type='created')
Generate a new e-mail confirmation token and send a confirmation/invalidation mail to the user's give...
Definition: User.php:4600
User\groupHasPermission
static groupHasPermission( $group, $role)
Check, if the given group has the given permission.
Definition: User.php:4927
User\getEmailAuthenticationTimestamp
getEmailAuthenticationTimestamp()
Get the timestamp of the user's e-mail authentication.
Definition: User.php:2984
User\pingLimiter
pingLimiter( $action='edit', $incrBy=1)
Primitive rate limits: enforce maximum actions per time period to put a brake on flooding.
Definition: User.php:2071
User\$mFrom
$mFrom
String Initialization data source if mLoadedItems!==true.
Definition: User.php:266
User\initEditCount
initEditCount( $add=0)
Initialize user_editcount from data out of the revision table.
Definition: User.php:5307
IDBAccessObject
Interface for database access objects.
Definition: IDBAccessObject.php:55
User\useRCPatrol
useRCPatrol()
Check whether to enable recent changes patrol features for this user.
Definition: User.php:3790
$base
$base
Definition: generateLocalAutoload.php:11
User\invalidateEmail
invalidateEmail()
Invalidate the user's e-mail confirmation, and unauthenticate the e-mail address if it was already co...
Definition: User.php:4740
$messages
$messages
Definition: LogTests.i18n.php:8
UserGroupMembership\getGroupPage
static getGroupPage( $group)
Gets the title of a page describing a particular user group.
Definition: UserGroupMembership.php:459
User\newFromRow
static newFromRow( $row, $data=null)
Create a new user object from a user row.
Definition: User.php:750
$wgUseRCPatrol
$wgUseRCPatrol
Use RC Patrolling to check for vandalism (from recent changes and watchlists) New pages and new files...
Definition: DefaultSettings.php:6804
User\loadGroups
loadGroups()
Load the groups from the database if they aren't already loaded.
Definition: User.php:1565
User\$mHash
string $mHash
Definition: User.php:277
$wgUseNPPatrol
$wgUseNPPatrol
Use new page patrolling to check new pages on Special:Newpages.
Definition: DefaultSettings.php:6839
wfDebugLog
wfDebugLog( $logGroup, $text, $dest='all', array $context=[])
Send a line to a supplementary debug log file, if configured, or main debug log if not.
Definition: GlobalFunctions.php:1075
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition: UserIdentity.php:32
User\isIPRange
isIPRange()
Is the user an IP range?
Definition: User.php:954
Wikimedia\Rdbms\IDatabase\insert
insert( $table, $a, $fname=__METHOD__, $options=[])
INSERT wrapper, inserts an array into a table.
User\deleteNewtalk
deleteNewtalk( $field, $id)
Clear the new messages flag for the given user.
Definition: User.php:2629
ActorMigration\newMigration
static newMigration()
Static constructor.
Definition: ActorMigration.php:89
MailAddress\newFromUser
static newFromUser(User $user)
Create a new MailAddress object for the given user.
Definition: MailAddress.php:74
User\equals
equals(User $user)
Checks if two user objects point to the same user.
Definition: User.php:5676
User\$mCacheVars
static $mCacheVars
Array of Strings List of member variables which are saved to the shared cache (memcached).
Definition: User.php:98
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
pages
The ContentHandler facility adds support for arbitrary content types on wiki pages
Definition: contenthandler.txt:1
User\getRights
getRights()
Get the permissions this user has.
Definition: User.php:3470
$wgClockSkewFudge
$wgClockSkewFudge
Clock skew or the one-second resolution of time() can occasionally cause cache problems when the user...
Definition: DefaultSettings.php:2611
User\createNew
static createNew( $name, $params=[])
Add a user to the database, return the user object.
Definition: User.php:4219
User\getRequest
getRequest()
Get the WebRequest object to use with this object.
Definition: User.php:3824
Wikimedia\Rdbms\IDatabase
Basic database interface for live and lazy-loaded relation database handles.
Definition: IDatabase.php:38
User\getAutomaticGroups
getAutomaticGroups( $recache=false)
Get the list of implicit group memberships this user has.
Definition: User.php:3560
User\INVALID_TOKEN
const INVALID_TOKEN
@const string An invalid value for user_token
Definition: User.php:62
User\setPassword
setPassword( $str)
Set the password and reset the random token.
Definition: User.php:2819
User\getDefaultOptions
static getDefaultOptions()
Combine the language default options with any site-specific options and add the default language vari...
Definition: User.php:1722
User\getInstanceForUpdate
getInstanceForUpdate()
Get a new instance of this user that was loaded from the master via a locking read.
Definition: User.php:5656
$dbr
$dbr
Definition: testCompression.php:50
$wgMaxNameChars
$wgMaxNameChars
Maximum number of bytes in username.
Definition: DefaultSettings.php:4807
IDBAccessObject\READ_LOCKING
const READ_LOCKING
Constants for object loading bitfield flags (higher => higher QoS)
Definition: IDBAccessObject.php:62
User\isBlockedFrom
isBlockedFrom( $title, $bFromSlave=false)
Check if user is blocked from editing a particular article.
Definition: User.php:2234
$wgExperiencedUserEdits
$wgExperiencedUserEdits
Name of the external diff engine to use.
Definition: DefaultSettings.php:8788
User\newSystemUser
static newSystemUser( $name, $options=[])
Static factory method for creation of a "system" user from username.
Definition: User.php:791
UserGroupMembership\getMembershipsForUser
static getMembershipsForUser( $userId, IDatabase $db=null)
Returns UserGroupMembership objects for all the groups a user currently belongs to.
Definition: UserGroupMembership.php:310
NS_MAIN
const NS_MAIN
Definition: Defines.php:65
User\addGroup
addGroup( $group, $expiry=null)
Add the user to the given group.
Definition: User.php:3648
MailAddress
Stores a single person's name and email address.
Definition: MailAddress.php:32
LoggedOutEditToken
Value object representing a logged-out user's edit token.
Definition: LoggedOutEditToken.php:35
User\matchEditToken
matchEditToken( $val, $salt='', $request=null, $maxage=null)
Check given value against the token value stored in the session.
Definition: User.php:4574
User\getEmail
getEmail()
Get the user's e-mail address.
Definition: User.php:2974
User\$mRights
array $mRights
Definition: User.php:279
article
design txt This is a brief overview of the new design More thorough and up to date information is available on the documentation wiki at etc Handles the details of getting and saving to the user table of the and dealing with sessions and cookies OutputPage Encapsulates the entire HTML page that will be sent in response to any server request It is used by calling its functions to add in any and then calling but I prefer the flexibility This should also do the output encoding The system allocates a global one in $wgOut Title Represents the title of an article
Definition: design.txt:25
User\getTalkPage
getTalkPage()
Get this user's talk page title.
Definition: User.php:4465
User\addToDatabase
addToDatabase()
Add this existing user object to the database.
Definition: User.php:4294
User\makeUpdateConditions
makeUpdateConditions(Database $db, array $conditions)
Builds update conditions.
Definition: User.php:1641
IP\isValidRange
static isValidRange( $ipRange)
Validate an IP range (valid address with a valid CIDR prefix).
Definition: IP.php:138
User\invalidateCache
invalidateCache()
Immediately touch the user data cache for this account.
Definition: User.php:2731
User\setInternalPassword
setInternalPassword( $str)
Set the password and reset the random token unconditionally.
Definition: User.php:2831
MWException
MediaWiki exception.
Definition: MWException.php:26
User\invalidationTokenUrl
invalidationTokenUrl( $token)
Return a URL the user can use to invalidate their email address.
Definition: User.php:4692
$title
namespace and then decline to actually register it file or subcat img or subcat $title
Definition: hooks.txt:934
User\isLocked
isLocked()
Check if user account is locked.
Definition: User.php:2333
User\$mDatePreference
string $mDatePreference
Definition: User.php:273
$wgAuthenticationTokenVersion
string null $wgAuthenticationTokenVersion
Versioning for authentication tokens.
Definition: DefaultSettings.php:4939
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition: GlobalFunctions.php:1111
$property
$property
Definition: styleTest.css.php:44
User\checkPasswordValidity
checkPasswordValidity( $password)
Check if this is a valid password for this user.
Definition: User.php:1170
Skin\normalizeKey
static normalizeKey( $key)
Normalize a skin preference value to a form that can be loaded.
Definition: Skin.php:99
User\confirmEmail
confirmEmail()
Mark the e-mail address confirmed.
Definition: User.php:4723
User\setItemLoaded
setItemLoaded( $item)
Set that an item has been loaded.
Definition: User.php:1329
UserGroupMembership\getLink
static getLink( $ugm, IContextSource $context, $format, $userName=null)
Gets a link for a user group, possibly including the expiry date if relevant.
Definition: UserGroupMembership.php:375
User\blockedFor
blockedFor()
If user is blocked, return the specified reason for the block.
Definition: User.php:2264
User\setNewtalk
setNewtalk( $val, $curRev=null)
Update the 'You have new messages!' status.
Definition: User.php:2649
wfGetDB
wfGetDB( $db, $groups=[], $wiki=false)
Get a Database object.
Definition: GlobalFunctions.php:2800
User\$mBlockedFromCreateAccount
Block $mBlockedFromCreateAccount
Definition: User.php:307
in
null for the wiki Added in
Definition: hooks.txt:1591
User\$mGlobalBlock
Block $mGlobalBlock
Definition: User.php:289
User\isAllowedToCreateAccount
isAllowedToCreateAccount()
Get whether the user is allowed to create an account.
Definition: User.php:4447
MediaWiki\Auth\AuthenticationResponse
This is a value object to hold authentication response data.
Definition: AuthenticationResponse.php:37
User\logout
logout()
Log this user out.
Definition: User.php:4061
User\confirmationToken
confirmationToken(&$expiration)
Generate, store, and return a new e-mail confirmation code.
Definition: User.php:4665
User\getCacheKey
getCacheKey(WANObjectCache $cache)
Definition: User.php:507
wfTimestampOrNull
wfTimestampOrNull( $outputtype=TS_UNIX, $ts=null)
Return a formatted timestamp, or null if input is null.
Definition: GlobalFunctions.php:1984
User\getImplicitGroups
static getImplicitGroups()
Get a list of implicit groups.
Definition: User.php:5050
User\isHidden
isHidden()
Check if user account is hidden.
Definition: User.php:2350
User\randomPassword
static randomPassword()
Return a random password.
Definition: User.php:1267
User\$mBlockedby
string $mBlockedby
Definition: User.php:275
UserGroupMembership\newFromRow
static newFromRow( $row)
Creates a new UserGroupMembership object from a database row.
Definition: UserGroupMembership.php:93
IP\getSubnet
static getSubnet( $ip)
Returns the subnet of a given IP.
Definition: IP.php:742
User\isBlockedFromEmailuser
isBlockedFromEmailuser()
Get whether the user is blocked from using Special:Emailuser.
Definition: User.php:4438
User\isIP
static isIP( $name)
Does the string match an anonymous IP address?
Definition: User.php:943
User\validateCache
validateCache( $timestamp)
Validate the cache for this account.
Definition: User.php:2763
User\getEffectiveGroups
getEffectiveGroups( $recache=false)
Get the list of implicit group memberships this user has.
Definition: User.php:3537
User\isPingLimitable
isPingLimitable()
Is this user subject to rate limiting?
Definition: User.php:2046
User\removeGroup
removeGroup( $group)
Remove the user from the given group.
Definition: User.php:3684
User\canReceiveEmail
canReceiveEmail()
Is this user allowed to receive e-mails within limits of current site configuration?
Definition: User.php:4782
$wgImplicitGroups
$wgImplicitGroups
Implicit groups, aren't shown on Special:Listusers or somewhere else.
Definition: DefaultSettings.php:5247
User\isNewbie
isNewbie()
Determine whether the user is a newbie.
Definition: User.php:4475
User\isAllowedAll
isAllowedAll()
Definition: User.php:3762
$wgLang
this class mediates it Skin Encapsulates a look and feel for the wiki All of the functions that render HTML and make choices about how to render it are here and are called from various other places when and is meant to be subclassed with other skins that may override some of its functions The User object contains a reference to a and so rather than having a global skin object we just rely on the global User and get the skin with $wgUser and also has some character encoding functions and other locale stuff The current user interface language is instantiated as $wgLang
Definition: design.txt:56
User\touch
touch()
Update the "touched" timestamp for the user.
Definition: User.php:2748
User\clearInstanceCache
clearInstanceCache( $reloadFrom=false)
Clear various cached data stored in this object.
Definition: User.php:1697
$wgEnableEmail
$wgEnableEmail
Set to true to enable the e-mail basic features: Password reminders, etc.
Definition: DefaultSettings.php:1599
User\CHECK_USER_RIGHTS
const CHECK_USER_RIGHTS
Definition: User.php:85
$wgEnableDnsBlacklist
$wgEnableDnsBlacklist
Whether to use DNS blacklists in $wgDnsBlacklistUrls to check for open proxies.
Definition: DefaultSettings.php:5568
User\TOKEN_LENGTH
const TOKEN_LENGTH
@const int Number of characters in user_token field.
Definition: User.php:57
$wgDefaultSkin
$wgDefaultSkin
Default skin, for new users and anonymous visitors.
Definition: DefaultSettings.php:3258
$time
see documentation in includes Linker php for Linker::makeImageLink & $time
Definition: hooks.txt:1795
$wgReservedUsernames
$wgReservedUsernames
Array of usernames which may not be registered or logged in from Maintenance scripts can still use th...
Definition: DefaultSettings.php:4813
Title\makeTitle
static makeTitle( $ns, $title, $fragment='', $interwiki='')
Create a new Title from a namespace index and a DB key.
Definition: Title.php:534
global
when a variable name is used in a it is silently declared as a new masking the global
Definition: design.txt:93
DB_REPLICA
const DB_REPLICA
Definition: defines.php:25
wfTimestampNow
wfTimestampNow()
Convenience function; returns MediaWiki timestamp for the present time.
Definition: GlobalFunctions.php:1997
User\addWatch
addWatch( $title, $checkRights=self::CHECK_USER_RIGHTS)
Watch an article.
Definition: User.php:3855
User\$mQuickTouched
string $mQuickTouched
TS_MW timestamp from cache.
Definition: User.php:225
User\setName
setName( $str)
Set the user name.
Definition: User.php:2421
DB_MASTER
const DB_MASTER
Definition: defines.php:26
User\$mRealName
string $mRealName
Definition: User.php:218
User\resetOptions
resetOptions( $resetKinds=[ 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused'], IContextSource $context=null)
Reset certain (or all) options to the site defaults.
Definition: User.php:3371
UserArray\newFromIDs
static newFromIDs( $ids)
Definition: UserArray.php:45
User\$mGroupMemberships
UserGroupMembership[] $mGroupMemberships
Associative array of (group name => UserGroupMembership object)
Definition: User.php:239
UserPasswordPolicy
Check if a user's password complies with any password policies that apply to that user,...
Definition: UserPasswordPolicy.php:28
$wgUseFilePatrol
$wgUseFilePatrol
Use file patrolling to check new files on Special:Newfiles.
Definition: DefaultSettings.php:6850
wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition: GlobalFunctions.php:982
string
This code would result in ircNotify being run twice when an article is and once for brion Hooks can return three possible true was required This is the default since MediaWiki *some string
Definition: hooks.txt:175
$wgRemoveGroups
$wgRemoveGroups
Definition: DefaultSettings.php:5496
User\$mLoadedItems
$mLoadedItems
Array with already loaded items or true if all items have been loaded.
Definition: User.php:253
list
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
Definition: deferred.txt:11
User\clearNotification
clearNotification(&$title, $oldid=0)
Clear the user's notification timestamp for the given title.
Definition: User.php:3889
User\saveSettings
saveSettings()
Save this user's settings into the database.
Definition: User.php:4109
User\addNewUserLogEntry
addNewUserLogEntry( $action=false, $reason='')
Add a newuser log entry for this user.
Definition: User.php:5379
Block\getBlocksForIPList
static getBlocksForIPList(array $ipChain, $isAnon, $fromMaster=false)
Get all blocks that match any IP from an array of IP addresses.
Definition: Block.php:1212
User\$mCoreRights
static $mCoreRights
Array of Strings Core rights.
Definition: User.php:125
$wgFullyInitialised
foreach( $wgExtensionFunctions as $func) if(!defined( 'MW_NO_SESSION') &&! $wgCommandLineMode) if(! $wgCommandLineMode) $wgFullyInitialised
Definition: Setup.php:969
User\getFirstEditTimestamp
getFirstEditTimestamp()
Get the timestamp of the first edit.
Definition: User.php:4851
MIGRATION_OLD
const MIGRATION_OLD
Definition: Defines.php:293
$fname
if(defined( 'MW_SETUP_CALLBACK')) $fname
Customization point after all loading (constants, functions, classes, DefaultSettings,...
Definition: Setup.php:112
$wgAutopromoteOnceLogInRC
$wgAutopromoteOnceLogInRC
Put user rights log entries for autopromotion in recent changes?
Definition: DefaultSettings.php:5467
$request
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition: hooks.txt:2604
User\GETOPTIONS_EXCLUDE_DEFAULTS
const GETOPTIONS_EXCLUDE_DEFAULTS
Exclude user options that are set to their default value.
Definition: User.php:80
User\setRealName
setRealName( $str)
Set the user's real name.
Definition: User.php:3078
User\EDIT_TOKEN_SUFFIX
const EDIT_TOKEN_SUFFIX
Global constant made accessible as class constants so that autoloader magic can be used.
Definition: User.php:69
User\getNewMessageLinks
getNewMessageLinks()
Return the data needed to construct links for new talk page message alerts.
Definition: User.php:2537
any
they could even be mouse clicks or menu items whatever suits your program You should also get your if any
Definition: COPYING.txt:326
User\getBlockedStatus
getBlockedStatus( $bFromSlave=true)
Get blocking information.
Definition: User.php:1777
Title\makeTitleSafe
static makeTitleSafe( $ns, $title, $fragment='', $interwiki='')
Create a new Title from a namespace index and a DB key.
Definition: Title.php:562
wfWikiID
wfWikiID()
Get an ASCII string identifying this wiki This is used as a prefix in memcached keys.
Definition: GlobalFunctions.php:2751
NS_USER_TALK
const NS_USER_TALK
Definition: Defines.php:68
User\getFormerGroups
getFormerGroups()
Returns the groups the user has belonged to.
Definition: User.php:3589
User\whoIs
static whoIs( $id)
Get the username corresponding to a given user ID.
Definition: User.php:863
Block\getIdFromCookieValue
static getIdFromCookieValue( $cookieValue)
Get the stored ID from the 'BlockID' cookie.
Definition: Block.php:1588
$value
$value
Definition: styleTest.css.php:45
DBAccessObjectUtils\hasFlags
static hasFlags( $bitfield, $flags)
Definition: DBAccessObjectUtils.php:35
User\incEditCountImmediate
incEditCountImmediate()
Increment the user's edit-count field.
Definition: User.php:5260
User\loadFromSession
loadFromSession()
Load user data from the session.
Definition: User.php:1340
$wgRateLimits
$wgRateLimits
Simple rate limiter options to brake edit floods.
Definition: DefaultSettings.php:5652
User\isBlockedGlobally
isBlockedGlobally( $ip='')
Check if user is blocked on all wikis.
Definition: User.php:2286
User\getOption
getOption( $oname, $defaultOverride=null, $ignoreHidden=false)
Get the user's current setting for a given option.
Definition: User.php:3093
StatusValue\newGood
static newGood( $value=null)
Factory function for good results.
Definition: StatusValue.php:81
User\isDnsBlacklisted
isDnsBlacklisted( $ip, $checkWhitelist=false)
Whether the given IP is in a DNS blacklist.
Definition: User.php:1933
User\getTouched
getTouched()
Get the user touched timestamp.
Definition: User.php:2775
User\$mId
int $mId
Cache variables.
Definition: User.php:212
User\getGlobalBlock
getGlobalBlock( $ip='')
Check if user is blocked on all wikis.
Definition: User.php:2300
User\__toString
__toString()
Definition: User.php:332
MediaWiki\Session\SessionManager
This serves as the entry point to the MediaWiki session handling system.
Definition: SessionManager.php:50
Title\GAID_FOR_UPDATE
const GAID_FOR_UPDATE
Used to be GAID_FOR_UPDATE define.
Definition: Title.php:54
CannotCreateActorException
Exception thrown when an actor can't be created.
Definition: CannotCreateActorException.php:28
User\checkAndSetTouched
checkAndSetTouched()
Bump user_touched if it didn't change since this object was loaded.
Definition: User.php:1659
WANObjectCache
Multi-datacenter aware caching interface.
Definition: WANObjectCache.php:87
User\getRealName
getRealName()
Get the user's real name.
Definition: User.php:3066
User\$idCacheByName
static $idCacheByName
Definition: User.php:312
User\updateActorId
updateActorId(IDatabase $dbw)
Update the actor ID after an insert.
Definition: User.php:4366
User\setCookies
setCookies( $request=null, $secure=null, $rememberMe=false)
Persist this user's session (e.g.
Definition: User.php:4025
User\getGroupPermissions
static getGroupPermissions( $groups)
Get the permissions associated with a given list of groups.
Definition: User.php:4877
User\getGroupPage
static getGroupPage( $group)
Get the title of a page describing a particular group.
Definition: User.php:5067
User\changeableGroups
changeableGroups()
Returns an array of groups that this user can add and remove.
Definition: User.php:5204
User\clearAllNotifications
clearAllNotifications()
Resets all of the given user's page-change notification timestamps.
Definition: User.php:3957
User\VERSION
const VERSION
@const int Serialized record version.
Definition: User.php:74
$ret
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses & $ret
Definition: hooks.txt:1987
User\matchEditTokenNoSuffix
matchEditTokenNoSuffix( $val, $salt='', $request=null, $maxage=null)
Check given value against the token value stored in the session, ignoring the suffix.
Definition: User.php:4588
$wgAddGroups
$wgAddGroups
$wgAddGroups and $wgRemoveGroups can be used to give finer control over who can assign which groups a...
Definition: DefaultSettings.php:5491
User\checkPassword
checkPassword( $password)
Check to see if the given clear-text password is one of the accepted passwords.
Definition: User.php:4485
User\getAllGroups
static getAllGroups()
Return the set of defined explicit groups.
Definition: User.php:5021
User\removeWatch
removeWatch( $title, $checkRights=self::CHECK_USER_RIGHTS)
Stop watching an article.
Definition: User.php:3872
User\getAllRights
static getAllRights()
Get a list of all available permissions.
Definition: User.php:5033
$wgInvalidUsernameCharacters
$wgInvalidUsernameCharacters
Characters to prevent during new account creations.
Definition: DefaultSettings.php:4908
RequestContext\getMain
static getMain()
Get the RequestContext object associated with the main request.
Definition: RequestContext.php:434
User\getQueryInfo
static getQueryInfo()
Return the tables, fields, and join conditions to be selected to create a new user object.
Definition: User.php:5594
User\blockedBy
blockedBy()
If user is blocked, return the name of the user who placed the block.
Definition: User.php:2255
$wgLearnerEdits
$wgLearnerEdits
The following variables define 3 user experience levels:
Definition: DefaultSettings.php:8786
User\getDBTouched
getDBTouched()
Get the user_touched timestamp field (time of last DB updates)
Definition: User.php:2797
Wikimedia\Rdbms\Database\timestamp
timestamp( $ts=0)
Convert a timestamp in one of the formats accepted by wfTimestamp() to the format used for inserting ...
Definition: Database.php:3906
User\getGroupMember
static getGroupMember( $group, $username='#')
Get the localized descriptive name for a member of a group, if it exists.
Definition: User.php:5010
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition: AuthManager.php:83
IP\isIPv4
static isIPv4( $ip)
Given a string, determine if it as valid IP in IPv4 only.
Definition: IP.php:99
IContextSource
Interface for objects which can provide a MediaWiki context on request.
Definition: IContextSource.php:53
WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition: WebRequest.php:38
User\changeableByGroup
static changeableByGroup( $group)
Returns an array of the groups that a particular group can add/remove.
Definition: User.php:5131
Block\TYPE_USER
const TYPE_USER
Definition: Block.php:83
User\getGroupName
static getGroupName( $group)
Get the localized descriptive name for a group, if it exists.
Definition: User.php:4997
$wgUseEnotif
$wgUseEnotif
Definition: Setup.php:443
Autopromote\getAutopromoteOnceGroups
static getAutopromoteOnceGroups(User $user, $event)
Get the groups for the given user based on the given criteria.
Definition: Autopromote.php:63
User\setId
setId( $v)
Set the user and reload all fields according to a given ID.
Definition: User.php:2385
User\getExperienceLevel
getExperienceLevel()
Compute experienced level based on edit count and registration date.
Definition: User.php:3986
$wgUserEmailConfirmationTokenExpiry
$wgUserEmailConfirmationTokenExpiry
The time, in seconds, when an email confirmation email expires.
Definition: DefaultSettings.php:1639
User\getRegistration
getRegistration()
Get the timestamp of account creation.
Definition: User.php:4837
PasswordFactory\newInvalidPassword
static newInvalidPassword()
Create an InvalidPassword.
Definition: PasswordFactory.php:214
IP\sanitizeIP
static sanitizeIP( $ip)
Convert an IP into a verbose, uppercase, normalized form.
Definition: IP.php:152
User\isEveryoneAllowed
static isEveryoneAllowed( $right)
Check if all users may be assumed to have the given permission.
Definition: User.php:4947
and
and that you know you can do these things To protect your we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the or if you modify it For if you distribute copies of such a whether gratis or for a you must give the recipients all the rights that you have You must make sure that receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two and(2) offer you this license which gives you legal permission to copy
User\isAllowedAny
isAllowedAny()
Check if user is allowed to access a feature / make an action.
Definition: User.php:3747
User\getRightDescription
static getRightDescription( $right)
Get the description of a given right.
Definition: User.php:5340
User\changeAuthenticationData
changeAuthenticationData(array $data)
Changes credentials of the user.
Definition: User.php:2881
$cache
$cache
Definition: mcc.php:33
$rows
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction $rows
Definition: hooks.txt:2604
$wgRateLimitsExcludedIPs
$wgRateLimitsExcludedIPs
Array of IPs / CIDR ranges which should be excluded from rate limits.
Definition: DefaultSettings.php:5725
$options
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped & $options
Definition: hooks.txt:1987
ObjectCache\getMainWANInstance
static getMainWANInstance()
Get the main WAN cache object.
Definition: ObjectCache.php:380
$wgApplyIpBlocksToXff
$wgApplyIpBlocksToXff
Whether to look at the X-Forwarded-For header's list of (potentially spoofed) IPs and apply IP blocks...
Definition: DefaultSettings.php:5615
User\isLoggedIn
isLoggedIn()
Get whether the user is logged in.
Definition: User.php:3714
User\checkTemporaryPassword
checkTemporaryPassword( $plaintext)
Check if the given clear-text password matches the temporary password sent by e-mail for password res...
Definition: User.php:4518
Wikimedia\Rdbms\DBExpectedError
Base class for the more common types of database errors.
Definition: DBExpectedError.php:32
User\$mActorId
int null $mActorId
Definition: User.php:216
User\getTitleKey
getTitleKey()
Get the user's name escaped by underscores.
Definition: User.php:2491
$code
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that probably a stub it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output modifiable & $code
Definition: hooks.txt:783
User\setToken
setToken( $token=false)
Set the random token (used for persistent authentication) Called from loadDefaults() among other plac...
Definition: User.php:2946
User\idFromName
static idFromName( $name, $flags=self::READ_NORMAL)
Get database id given a user name.
Definition: User.php:883
User\resetIdByNameCache
static resetIdByNameCache()
Reset the cache used in idFromName().
Definition: User.php:923
User\$mEmailTokenExpires
string $mEmailTokenExpires
Definition: User.php:233
User\findUsersByGroup
static findUsersByGroup( $groups, $limit=5000, $after=null)
Return the users who are members of the given group(s).
Definition: User.php:1053
User\getCanonicalName
static getCanonicalName( $name, $validate='valid')
Given unvalidated user input, return a canonical username, or false if the username is invalid.
Definition: User.php:1210
User\isEmailConfirmed
isEmailConfirmed()
Is this user's e-mail address valid-looking and confirmed within limits of the current site configura...
Definition: User.php:4796
$rev
presenting them properly to the user as errors is done by the caller return true use this to change the list i e etc $rev
Definition: hooks.txt:1767
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
User\getGrantName
static getGrantName( $grant)
Get the name of a given grant.
Definition: User.php:5353
Block
Definition: Block.php:27
UserCache\singleton
static singleton()
Definition: UserCache.php:34
Revision\loadFromTimestamp
static loadFromTimestamp( $db, $title, $timestamp)
Load the revision for the given title with the given timestamp.
Definition: Revision.php:291
User\newFromActorId
static newFromActorId( $id)
Static factory method for creation from a given actor ID.
Definition: User.php:629
$wgDnsBlacklistUrls
$wgDnsBlacklistUrls
List of DNS blacklists to use, if $wgEnableDnsBlacklist is true.
Definition: DefaultSettings.php:5593
$keys
$keys
Definition: testCompression.php:67
NS_USER
const NS_USER
Definition: Defines.php:67
User\loadFromCache
loadFromCache()
Load user data from shared cache, given mId has already been set.
Definition: User.php:528
$wgLearnerMemberSince
$wgLearnerMemberSince
Name of the external diff engine to use.
Definition: DefaultSettings.php:8787
User\addAutopromoteOnceGroups
addAutopromoteOnceGroups( $event)
Add the user to the group if he/she meets given criteria.
Definition: User.php:1589
User\sendMail
sendMail( $subject, $body, $from=null, $replyto=null)
Send an e-mail to this user's account.
Definition: User.php:4639
User\getTokenFromOption
getTokenFromOption( $oname)
Get a token stored in the preferences (like the watchlist one), resetting it if it's empty (and savin...
Definition: User.php:3201
true
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return true
Definition: hooks.txt:1987
User\$mEmailToken
string $mEmailToken
Definition: User.php:231
ManualLogEntry
Class for creating log entries manually, to inject them into the database.
Definition: LogEntry.php:432
$wgGroupsRemoveFromSelf
$wgGroupsRemoveFromSelf
Definition: DefaultSettings.php:5275
User\checkNewtalk
checkNewtalk( $field, $id)
Internal uncached check for new messages.
Definition: User.php:2589
User\loadFromDatabase
loadFromDatabase( $flags=self::READ_LATEST)
Load user and user_group data from the database.
Definition: User.php:1387
HTMLFormField\flattenOptions
static flattenOptions( $options)
flatten an array of options to a single array, for instance, a set of "<options>" inside "<optgroups>...
Definition: HTMLFormField.php:1110
$status
Status::newGood()` to allow deletion, and then `return false` from the hook function. Ensure you consume the 'ChangeTagAfterDelete' hook to carry out custom deletion actions. $tag:name of the tag $user:user initiating the action & $status:Status object. See above. 'ChangeTagsListActive':Allows you to nominate which of the tags your extension uses are in active use. & $tags:list of all active tags. Append to this array. 'ChangeTagsAfterUpdateTags':Called after tags have been updated with the ChangeTags::updateTags function. Params:$addedTags:tags effectively added in the update $removedTags:tags effectively removed in the update $prevTags:tags that were present prior to the update $rc_id:recentchanges table id $rev_id:revision table id $log_id:logging table id $params:tag params $rc:RecentChange being tagged when the tagging accompanies the action or null $user:User who performed the tagging when the tagging is subsequent to the action or null 'ChangeTagsAllowedAdd':Called when checking if a user can add tags to a change. & $allowedTags:List of all the tags the user is allowed to add. Any tags the user wants to add( $addTags) that are not in this array will cause it to fail. You may add or remove tags to this array as required. $addTags:List of tags user intends to add. $user:User who is adding the tags. 'ChangeUserGroups':Called before user groups are changed. $performer:The User who will perform the change $user:The User whose groups will be changed & $add:The groups that will be added & $remove:The groups that will be removed 'Collation::factory':Called if $wgCategoryCollation is an unknown collation. $collationName:Name of the collation in question & $collationObject:Null. Replace with a subclass of the Collation class that implements the collation given in $collationName. 'ConfirmEmailComplete':Called after a user 's email has been confirmed successfully. $user:user(object) whose email is being confirmed 'ContentAlterParserOutput':Modify parser output for a given content object. Called by Content::getParserOutput after parsing has finished. Can be used for changes that depend on the result of the parsing but have to be done before LinksUpdate is called(such as adding tracking categories based on the rendered HTML). $content:The Content to render $title:Title of the page, as context $parserOutput:ParserOutput to manipulate 'ContentGetParserOutput':Customize parser output for a given content object, called by AbstractContent::getParserOutput. May be used to override the normal model-specific rendering of page content. $content:The Content to render $title:Title of the page, as context $revId:The revision ID, as context $options:ParserOptions for rendering. To avoid confusing the parser cache, the output can only depend on parameters provided to this hook function, not on global state. $generateHtml:boolean, indicating whether full HTML should be generated. If false, generation of HTML may be skipped, but other information should still be present in the ParserOutput object. & $output:ParserOutput, to manipulate or replace 'ContentHandlerDefaultModelFor':Called when the default content model is determined for a given title. May be used to assign a different model for that title. $title:the Title in question & $model:the model name. Use with CONTENT_MODEL_XXX constants. 'ContentHandlerForModelID':Called when a ContentHandler is requested for a given content model name, but no entry for that model exists in $wgContentHandlers. Note:if your extension implements additional models via this hook, please use GetContentModels hook to make them known to core. $modeName:the requested content model name & $handler:set this to a ContentHandler object, if desired. 'ContentModelCanBeUsedOn':Called to determine whether that content model can be used on a given page. This is especially useful to prevent some content models to be used in some special location. $contentModel:ID of the content model in question $title:the Title in question. & $ok:Output parameter, whether it is OK to use $contentModel on $title. Handler functions that modify $ok should generally return false to prevent further hooks from further modifying $ok. 'ContribsPager::getQueryInfo':Before the contributions query is about to run & $pager:Pager object for contributions & $queryInfo:The query for the contribs Pager 'ContribsPager::reallyDoQuery':Called before really executing the query for My Contributions & $data:an array of results of all contribs queries $pager:The ContribsPager object hooked into $offset:Index offset, inclusive $limit:Exact query limit $descending:Query direction, false for ascending, true for descending 'ContributionsLineEnding':Called before a contributions HTML line is finished $page:SpecialPage object for contributions & $ret:the HTML line $row:the DB row for this line & $classes:the classes to add to the surrounding< li > & $attribs:associative array of other HTML attributes for the< li > element. Currently only data attributes reserved to MediaWiki are allowed(see Sanitizer::isReservedDataAttribute). 'ContributionsToolLinks':Change tool links above Special:Contributions $id:User identifier $title:User page title & $tools:Array of tool links $specialPage:SpecialPage instance for context and services. Can be either SpecialContributions or DeletedContributionsPage. Extensions should type hint against a generic SpecialPage though. 'ConvertContent':Called by AbstractContent::convert when a conversion to another content model is requested. Handler functions that modify $result should generally return false to disable further attempts at conversion. $content:The Content object to be converted. $toModel:The ID of the content model to convert to. $lossy:boolean indicating whether lossy conversion is allowed. & $result:Output parameter, in case the handler function wants to provide a converted Content object. Note that $result->getContentModel() must return $toModel. 'CustomEditor':When invoking the page editor Return true to allow the normal editor to be used, or false if implementing a custom editor, e.g. for a special namespace, etc. $article:Article being edited $user:User performing the edit 'DatabaseOraclePostInit':Called after initialising an Oracle database $db:the DatabaseOracle object 'DeletedContribsPager::reallyDoQuery':Called before really executing the query for Special:DeletedContributions Similar to ContribsPager::reallyDoQuery & $data:an array of results of all contribs queries $pager:The DeletedContribsPager object hooked into $offset:Index offset, inclusive $limit:Exact query limit $descending:Query direction, false for ascending, true for descending 'DeletedContributionsLineEnding':Called before a DeletedContributions HTML line is finished. Similar to ContributionsLineEnding $page:SpecialPage object for DeletedContributions & $ret:the HTML line $row:the DB row for this line & $classes:the classes to add to the surrounding< li > & $attribs:associative array of other HTML attributes for the< li > element. Currently only data attributes reserved to MediaWiki are allowed(see Sanitizer::isReservedDataAttribute). 'DeleteUnknownPreferences':Called by the cleanupPreferences.php maintenance script to build a WHERE clause with which to delete preferences that are not known about. This hook is used by extensions that have dynamically-named preferences that should not be deleted in the usual cleanup process. For example, the Gadgets extension creates preferences prefixed with 'gadget-', and so anything with that prefix is excluded from the deletion. &where:An array that will be passed as the $cond parameter to IDatabase::select() to determine what will be deleted from the user_properties table. $db:The IDatabase object, useful for accessing $db->buildLike() etc. 'DifferenceEngineAfterLoadNewText':called in DifferenceEngine::loadNewText() after the new revision 's content has been loaded into the class member variable $differenceEngine->mNewContent but before returning true from this function. $differenceEngine:DifferenceEngine object 'DifferenceEngineLoadTextAfterNewContentIsLoaded':called in DifferenceEngine::loadText() after the new revision 's content has been loaded into the class member variable $differenceEngine->mNewContent but before checking if the variable 's value is null. This hook can be used to inject content into said class member variable. $differenceEngine:DifferenceEngine object 'DifferenceEngineMarkPatrolledLink':Allows extensions to change the "mark as patrolled" link which is shown both on the diff header as well as on the bottom of a page, usually wrapped in a span element which has class="patrollink". $differenceEngine:DifferenceEngine object & $markAsPatrolledLink:The "mark as patrolled" link HTML(string) $rcid:Recent change ID(rc_id) for this change(int) 'DifferenceEngineMarkPatrolledRCID':Allows extensions to possibly change the rcid parameter. For example the rcid might be set to zero due to the user being the same as the performer of the change but an extension might still want to show it under certain conditions. & $rcid:rc_id(int) of the change or 0 $differenceEngine:DifferenceEngine object $change:RecentChange object $user:User object representing the current user 'DifferenceEngineNewHeader':Allows extensions to change the $newHeader variable, which contains information about the new revision, such as the revision 's author, whether the revision was marked as a minor edit or not, etc. $differenceEngine:DifferenceEngine object & $newHeader:The string containing the various #mw-diff-otitle[1-5] divs, which include things like revision author info, revision comment, RevisionDelete link and more $formattedRevisionTools:Array containing revision tools, some of which may have been injected with the DiffRevisionTools hook $nextlink:String containing the link to the next revision(if any) $status
Definition: hooks.txt:1255
wfMessage
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt
User\selectFields
static selectFields()
Return the list of user fields that should be selected to create a new user object.
Definition: User.php:5568
User\$mName
string $mName
Definition: User.php:214
User\$mRegistration
string $mRegistration
Definition: User.php:235
$wgGroupPermissions
$wgGroupPermissions['sysop']['replacetext']
Definition: ReplaceText.php:56
class
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52
$wgPasswordPolicy
$wgPasswordPolicy
Password policy for local wiki users.
Definition: DefaultSettings.php:4487
$t
$t
Definition: testCompression.php:69
User\addNewUserLogEntryAutoCreate
addNewUserLogEntryAutoCreate()
Add an autocreate newuser log entry for this user Used by things like CentralAuth and perhaps other a...
Definition: User.php:5391
User\newFromConfirmationCode
static newFromConfirmationCode( $code, $flags=0)
Factory method to fetch whichever user has a given email confirmation code.
Definition: User.php:705
User\IGNORE_USER_RIGHTS
const IGNORE_USER_RIGHTS
Definition: User.php:90
User\$mRequest
WebRequest $mRequest
Definition: User.php:298
MediaWiki\Session\Token
Value object representing a CSRF token.
Definition: Token.php:32
$wgRequest
if(! $wgDBerrorLogTZ) $wgRequest
Definition: Setup.php:737
User\isWatched
isWatched( $title, $checkRights=self::CHECK_USER_RIGHTS)
Check the watched status of an article.
Definition: User.php:3841
MediaWikiServices
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency MediaWikiServices
Definition: injection.txt:23
UserGroupMembership\getMembership
static getMembership( $userId, $group, IDatabase $db=null)
Returns a UserGroupMembership object that pertains to the given user and group, or false if the user ...
Definition: UserGroupMembership.php:341
User\getBoolOption
getBoolOption( $oname)
Get the user's current setting for a given option, as a boolean value.
Definition: User.php:3152
Wikimedia\Rdbms\IDatabase\insertId
insertId()
Get the inserted value of an auto-increment row.
$wgMinimalPasswordLength
$wgMinimalPasswordLength
Specifies the minimal length of a user password.
Definition: DefaultSettings.php:4706
$wgGroupsAddToSelf
$wgGroupsAddToSelf
A map of group names that the user is in, to group names that those users are allowed to add or revok...
Definition: DefaultSettings.php:5270
User\isUsableName
static isUsableName( $name)
Usernames which fail to pass this function will be blocked from user login and new account registrati...
Definition: User.php:1018
User\isBlocked
isBlocked( $bFromSlave=true)
Check if user is blocked.
Definition: User.php:2212
User\$mFormerGroups
array $mFormerGroups
Definition: User.php:287
CentralIdLookup\factory
static factory( $providerId=null)
Fetch a CentralIdLookup.
Definition: CentralIdLookup.php:46
$wgPasswordSender
$wgPasswordSender
Sender email address for e-mail notifications.
Definition: DefaultSettings.php:1578
User\isBlockedFromCreateAccount
isBlockedFromCreateAccount()
Get whether the user is explicitly blocked from account creation.
Definition: User.php:4416
User\getEditToken
getEditToken( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition: User.php:4558
User\requiresHTTPS
requiresHTTPS()
Determine based on the wiki configuration and the user's options, whether this user must be over HTTP...
Definition: User.php:3436
User\$mAllRights
static $mAllRights
String Cached results of getAllRights()
Definition: User.php:207
User\isItemLoaded
isItemLoaded( $item, $all='all')
Return whether an item has been loaded.
Definition: User.php:1319
User\purge
static purge( $wikiId, $userId)
Definition: User.php:496
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:53
DeferredUpdates\addCallableUpdate
static addCallableUpdate( $callable, $stage=self::POSTSEND, $dbw=null)
Add a callable update.
Definition: DeferredUpdates.php:111
Hooks\run
static run( $event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
Definition: Hooks.php:203
User\setOption
setOption( $oname, $val)
Set the given option for a user.
Definition: User.php:3180
User\$queryFlagsUsed
int $queryFlagsUsed
User::READ_* constant bitfield used to load data.
Definition: User.php:310
$username
this hook is for auditing only or null if authentication failed before getting that far $username
Definition: hooks.txt:783
User\getPasswordValidity
getPasswordValidity( $password)
Given unvalidated password input, return error message on failure.
Definition: User.php:1134
User\whoIsReal
static whoIsReal( $id)
Get the real name of a user given their user ID.
Definition: User.php:873
User\getName
getName()
Get the user name, or the IP of an anonymous user.
Definition: User.php:2394
$wgSecureLogin
$wgSecureLogin
This is to let user authenticate using https when they come from http.
Definition: DefaultSettings.php:4927
UserGroupMembership\getGroupMemberName
static getGroupMemberName( $group, $username)
Gets the localized name for a member of a group, if it exists.
Definition: UserGroupMembership.php:447
User\doLogout
doLogout()
Clear the user's session, and reset the instance cache.
Definition: User.php:4073
User\getGroupMemberships
getGroupMemberships()
Get the list of explicit group memberships this user has, stored as UserGroupMembership objects.
Definition: User.php:3524
User\canSendEmail
canSendEmail()
Is this user allowed to send e-mails within limits of current site configuration?
Definition: User.php:4765
User\isCreatableName
static isCreatableName( $name)
Usernames which fail to pass this function will be blocked from new account registrations,...
Definition: User.php:1093
$wgNamespacesToBeSearchedDefault
$wgNamespacesToBeSearchedDefault
List of namespaces which are searched by default.
Definition: DefaultSettings.php:6479
User\getMutableCacheKeys
getMutableCacheKeys(WANObjectCache $cache)
Definition: User.php:516
MediaWiki\Auth\AuthenticationRequest
This is a value object for authentication requests.
Definition: AuthenticationRequest.php:37
User\$mEffectiveGroups
array $mEffectiveGroups
Definition: User.php:283
User\setPasswordInternal
setPasswordInternal( $str)
Actually set the password and such.
Definition: User.php:2843
$wgDisableAnonTalk
$wgDisableAnonTalk
Disable links to talk pages of anonymous users (IPs) in listings on special pages like page history,...
Definition: DefaultSettings.php:6936
UserGroupMembership
Represents a "user group membership" – a specific instance of a user belonging to a group.
Definition: UserGroupMembership.php:37
IP\isIPAddress
static isIPAddress( $ip)
Determine if a string is as valid IP address or network (CIDR prefix).
Definition: IP.php:77
User\$mEditCount
int $mEditCount
Definition: User.php:237
User\$mEmailAuthenticated
string $mEmailAuthenticated
Definition: User.php:229
array
the array() calling protocol came about after MediaWiki 1.4rc1.
User\getGroupsWithPermission
static getGroupsWithPermission( $role)
Get all the groups who have a given permission.
Definition: User.php:4904
User\isAllowed
isAllowed( $action='')
Internal mechanics of testing a permission.
Definition: User.php:3777
MWExceptionHandler\logException
static logException( $e, $catcher=self::CAUGHT_BY_OTHER)
Log an exception to the exception log (if enabled).
Definition: MWExceptionHandler.php:645
User\listOptionKinds
static listOptionKinds()
Return a list of the types of user options currently returned by User::getOptionKinds().
Definition: User.php:3263
$wgContLang
this class mediates it Skin Encapsulates a look and feel for the wiki All of the functions that render HTML and make choices about how to render it are here and are called from various other places when and is meant to be subclassed with other skins that may override some of its functions The User object contains a reference to a and so rather than having a global skin object we just rely on the global User and get the skin with $wgUser and also has some character encoding functions and other locale stuff The current user interface language is instantiated as and the content language as $wgContLang
Definition: design.txt:56
$type
$type
Definition: testCompression.php:48
$wgActorTableSchemaMigrationStage
int $wgActorTableSchemaMigrationStage
Actor table schema migration stage.
Definition: DefaultSettings.php:8822