dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Improved security: don't send out password hashes or store them in the session, use...
[lhc/web/wiklou.git] / includes / User.php
1 <?php
2 /**
3 * See user.doc
4 *
5 * @package MediaWiki
6 */
7
8 /**
9 *
10 */
11 require_once( 'WatchedItem.php' );
12
13 # Number of characters in user_token field
14 define( 'USER_TOKEN_LENGTH', 32 );
15
16 /**
17 *
18 * @package MediaWiki
19 */
20 class User {
21 /**#@+
22 * @access private
23 */
24 var $mId, $mName, $mPassword, $mEmail, $mNewtalk;
25 var $mRights, $mOptions;
26 var $mDataLoaded, $mNewpassword;
27 var $mSkin;
28 var $mBlockedby, $mBlockreason;
29 var $mTouched;
30 var $mToken;
31 var $mRealName;
32 var $mHash;
33 /**#@-*/
34
35 /** Construct using User:loadDefaults() */
36 function User() {
37 $this->loadDefaults();
38 }
39
40 /**
41 * Static factory method
42 * @static
43 * @param string $name Username, validated by Title:newFromText()
44 */
45 function newFromName( $name ) {
46 $u = new User();
47
48 # Clean up name according to title rules
49
50 $t = Title::newFromText( $name );
51 if( is_null( $t ) ) {
52 return NULL;
53 } else {
54 $u->setName( $t->getText() );
55 return $u;
56 }
57 }
58
59 /**
60 * Get username given an id.
61 * @param integer $id Database user id
62 * @return string Nickname of a user
63 * @static
64 */
65 function whoIs( $id ) {
66 $dbr =& wfGetDB( DB_SLAVE );
67 return $dbr->selectField( 'user', 'user_name', array( 'user_id' => $id ) );
68 }
69
70 /**
71 * Get real username given an id.
72 * @param integer $id Database user id
73 * @return string Realname of a user
74 * @static
75 */
76 function whoIsReal( $id ) {
77 $dbr =& wfGetDB( DB_SLAVE );
78 return $dbr->selectField( 'user', 'user_real_name', array( 'user_id' => $id ) );
79 }
80
81 /**
82 * Get database id given a user name
83 * @param string $name Nickname of a user
84 * @return integer|null Database user id (null: if non existent
85 * @static
86 */
87 function idFromName( $name ) {
88 $fname = "User::idFromName";
89
90 $nt = Title::newFromText( $name );
91 if( is_null( $nt ) ) {
92 # Illegal name
93 return null;
94 }
95 $dbr =& wfGetDB( DB_SLAVE );
96 $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), $fname );
97
98 if ( $s === false ) {
99 return 0;
100 } else {
101 return $s->user_id;
102 }
103 }
104
105 /**
106 * does the string match an anonymous user IP address?
107 * @param string $name Nickname of a user
108 * @static
109 */
110 function isIP( $name ) {
111 return preg_match("/^\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3}$/",$name);
112 }
113
114 /**
115 * probably return a random password
116 * @return string probably a random password
117 * @static
118 * @todo Check what is doing really [AV]
119 */
120 function randomPassword() {
121 $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
122 $l = strlen( $pwchars ) - 1;
123
124 $np = $pwchars{mt_rand( 0, $l )} . $pwchars{mt_rand( 0, $l )} .
125 $pwchars{mt_rand( 0, $l )} . chr( mt_rand(48, 57) ) .
126 $pwchars{mt_rand( 0, $l )} . $pwchars{mt_rand( 0, $l )} .
127 $pwchars{mt_rand( 0, $l )};
128 return $np;
129 }
130
131 /**
132 * Set properties to default
133 * Used at construction. It will load per language default settings only
134 * if we have an available language object.
135 */
136 function loadDefaults() {
137 global $wgContLang, $wgIP;
138 global $wgNamespacesToBeSearchedDefault;
139
140 $this->mId = $this->mNewtalk = 0;
141 $this->mName = $wgIP;
142 $this->mRealName = $this->mEmail = '';
143 $this->mPassword = $this->mNewpassword = '';
144 $this->mRights = array();
145 // Getting user defaults only if we have an available language
146 if(isset($wgContLang)) { $this->loadDefaultFromLanguage(); }
147
148 foreach ($wgNamespacesToBeSearchedDefault as $nsnum => $val) {
149 $this->mOptions['searchNs'.$nsnum] = $val;
150 }
151 unset( $this->mSkin );
152 $this->mDataLoaded = false;
153 $this->mBlockedby = -1; # Unset
154 $this->mTouched = '0'; # Allow any pages to be cached
155 $this->setToken(); # Random
156 $this->mHash = false;
157 }
158
159 /**
160 * Used to load user options from a language.
161 * This is not in loadDefault() cause we sometime create user before having
162 * a language object.
163 */
164 function loadDefaultFromLanguage(){
165 global $wgContLang;
166 $defOpt = $wgContLang->getDefaultUserOptions() ;
167 foreach ( $defOpt as $oname => $val ) {
168 $this->mOptions[$oname] = $val;
169 }
170 /*
171 default language setting
172 */
173 $this->setOption('variant', $wgContLang->getPreferredVariant());
174 $this->setOption('language', $wgContLang->getPreferredVariant());
175 }
176
177 /**
178 * Get blocking information
179 * @access private
180 */
181 function getBlockedStatus() {
182 global $wgIP, $wgBlockCache, $wgProxyList;
183
184 if ( -1 != $this->mBlockedby ) { return; }
185
186 $this->mBlockedby = 0;
187
188 # User blocking
189 if ( $this->mId ) {
190 $block = new Block();
191 if ( $block->load( $wgIP , $this->mId ) ) {
192 $this->mBlockedby = $block->mBy;
193 $this->mBlockreason = $block->mReason;
194 }
195 }
196
197 # IP/range blocking
198 if ( !$this->mBlockedby ) {
199 $block = $wgBlockCache->get( $wgIP );
200 if ( $block !== false ) {
201 $this->mBlockedby = $block->mBy;
202 $this->mBlockreason = $block->mReason;
203 }
204 }
205
206 # Proxy blocking
207 if ( !$this->mBlockedby ) {
208 if ( array_key_exists( $wgIP, $wgProxyList ) ) {
209 $this->mBlockreason = wfMsg( 'proxyblockreason' );
210 $this->mBlockedby = "Proxy blocker";
211 }
212 }
213 }
214
215 /**
216 * Check if user is blocked
217 * @return bool True if blocked, false otherwise
218 */
219 function isBlocked() {
220 $this->getBlockedStatus();
221 if ( 0 === $this->mBlockedby ) { return false; }
222 return true;
223 }
224
225 /**
226 * Get name of blocker
227 * @return string name of blocker
228 */
229 function blockedBy() {
230 $this->getBlockedStatus();
231 return $this->mBlockedby;
232 }
233
234 /**
235 * Get blocking reason
236 * @return string Blocking reason
237 */
238 function blockedFor() {
239 $this->getBlockedStatus();
240 return $this->mBlockreason;
241 }
242
243 /**
244 * Initialise php session
245 */
246 function SetupSession() {
247 global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain;
248 if( $wgSessionsInMemcached ) {
249 require_once( 'MemcachedSessions.php' );
250 } elseif( 'files' != ini_get( 'session.save_handler' ) ) {
251 # If it's left on 'user' or another setting from another
252 # application, it will end up failing. Try to recover.
253 ini_set ( 'session.save_handler', 'files' );
254 }
255 session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain );
256 session_cache_limiter( 'private, must-revalidate' );
257 @session_start();
258 }
259
260 /**
261 * Read datas from session
262 * @static
263 */
264 function loadFromSession() {
265 global $wgMemc, $wgDBname;
266
267 if ( isset( $_SESSION['wsUserID'] ) ) {
268 if ( 0 != $_SESSION['wsUserID'] ) {
269 $sId = $_SESSION['wsUserID'];
270 } else {
271 return new User();
272 }
273 } else if ( isset( $_COOKIE["{$wgDBname}UserID"] ) ) {
274 $sId = IntVal( $_COOKIE["{$wgDBname}UserID"] );
275 $_SESSION['wsUserID'] = $sId;
276 } else {
277 return new User();
278 }
279 if ( isset( $_SESSION['wsUserName'] ) ) {
280 $sName = $_SESSION['wsUserName'];
281 } else if ( isset( $_COOKIE["{$wgDBname}UserName"] ) ) {
282 $sName = $_COOKIE["{$wgDBname}UserName"];
283 $_SESSION['wsUserName'] = $sName;
284 } else {
285 return new User();
286 }
287
288 $passwordCorrect = FALSE;
289 $user = $wgMemc->get( $key = "$wgDBname:user:id:$sId" );
290 if($makenew = !$user) {
291 wfDebug( "User::loadFromSession() unable to load from memcached\n" );
292 $user = new User();
293 $user->mId = $sId;
294 $user->loadFromDatabase();
295 } else {
296 wfDebug( "User::loadFromSession() got from cache!\n" );
297 }
298
299 if ( isset( $_SESSION['wsToken'] ) ) {
300 $passwordCorrect = $_SESSION['wsToken'] == $user->mToken;
301 } else if ( isset( $_COOKIE["{$wgDBname}Token"] ) ) {
302 $passwordCorrect = $user->mToken == $_COOKIE["{$wgDBname}Token"];
303 } else {
304 return new User(); # Can't log in from session
305 }
306
307 if ( ( $sName == $user->mName ) && $passwordCorrect ) {
308 if($makenew) {
309 if($wgMemc->set( $key, $user ))
310 wfDebug( "User::loadFromSession() successfully saved user\n" );
311 else
312 wfDebug( "User::loadFromSession() unable to save to memcached\n" );
313 }
314 $user->spreadBlock();
315 return $user;
316 }
317 return new User(); # Can't log in from session
318 }
319
320 /**
321 * Load a user from the database
322 */
323 function loadFromDatabase() {
324 global $wgCommandLineMode;
325 $fname = "User::loadFromDatabase";
326 if ( $this->mDataLoaded || $wgCommandLineMode ) {
327 return;
328 }
329
330 # Paranoia
331 $this->mId = IntVal( $this->mId );
332
333 # check in separate table if there are changes to the talk page
334 $this->mNewtalk=0; # reset talk page status
335 $dbr =& wfGetDB( DB_SLAVE );
336 if($this->mId) {
337 $res = $dbr->select( 'user_newtalk', 1, array( 'user_id' => $this->mId ), $fname );
338
339 if ( $dbr->numRows($res)>0 ) {
340 $this->mNewtalk= 1;
341 }
342 $dbr->freeResult( $res );
343 } else {
344 global $wgDBname, $wgMemc;
345 $key = "$wgDBname:newtalk:ip:{$this->mName}";
346 $newtalk = $wgMemc->get( $key );
347 if( ! is_integer( $newtalk ) ){
348 $res = $dbr->select( 'user_newtalk', 1, array( 'user_ip' => $this->mName ), $fname );
349
350 $this->mNewtalk = $dbr->numRows( $res ) > 0 ? 1 : 0;
351 $dbr->freeResult( $res );
352
353 $wgMemc->set( $key, $this->mNewtalk, time() ); // + 1800 );
354 } else {
355 $this->mNewtalk = $newtalk ? 1 : 0;
356 }
357 }
358 if(!$this->mId) {
359 $this->mDataLoaded = true;
360 return;
361 } # the following stuff is for non-anonymous users only
362
363 $s = $dbr->selectRow( 'user', array( 'user_name','user_password','user_newpassword','user_email',
364 'user_real_name','user_options','user_touched', 'user_token' ),
365 array( 'user_id' => $this->mId ), $fname );
366
367 if ( $s !== false ) {
368 $this->mName = $s->user_name;
369 $this->mEmail = $s->user_email;
370 $this->mRealName = $s->user_real_name;
371 $this->mPassword = $s->user_password;
372 $this->mNewpassword = $s->user_newpassword;
373 $this->decodeOptions( $s->user_options );
374 $this->mTouched = wfTimestamp(TS_MW,$s->user_touched);
375 $this->mRights = explode( ",", strtolower(
376 $dbr->selectField( 'user_rights', 'user_rights', array( 'user_id' => $this->mId ) )
377 ) );
378 $this->mToken = $s->user_token;
379 }
380
381 $this->mDataLoaded = true;
382 }
383
384 function getID() { return $this->mId; }
385 function setID( $v ) {
386 $this->mId = $v;
387 $this->mDataLoaded = false;
388 }
389
390 function getName() {
391 $this->loadFromDatabase();
392 return $this->mName;
393 }
394
395 function setName( $str ) {
396 $this->loadFromDatabase();
397 $this->mName = $str;
398 }
399
400 function getNewtalk() {
401 $this->loadFromDatabase();
402 return ( 0 != $this->mNewtalk );
403 }
404
405 function setNewtalk( $val ) {
406 $this->loadFromDatabase();
407 $this->mNewtalk = $val;
408 $this->invalidateCache();
409 }
410
411 function invalidateCache() {
412 $this->loadFromDatabase();
413 $this->mTouched = wfTimestampNow();
414 # Don't forget to save the options after this or
415 # it won't take effect!
416 }
417
418 function validateCache( $timestamp ) {
419 $this->loadFromDatabase();
420 return ($timestamp >= $this->mTouched);
421 }
422
423 /**
424 * Salt a password.
425 * Will only be salted if $wgPasswordSalt is true
426 * @param string Password.
427 * @return string Salted password or clear password.
428 */
429 function addSalt( $p ) {
430 global $wgPasswordSalt;
431 if($wgPasswordSalt)
432 return md5( "{$this->mId}-{$p}" );
433 else
434 return $p;
435 }
436
437 /**
438 * Encrypt a password.
439 * It can eventuall salt a password @see User::addSalt()
440 * @param string $p clear Password.
441 * @param string Encrypted password.
442 */
443 function encryptPassword( $p ) {
444 return $this->addSalt( md5( $p ) );
445 }
446
447 # Set the password and reset the random token
448 function setPassword( $str ) {
449 $this->loadFromDatabase();
450 $this->setToken();
451 $this->mPassword = $this->encryptPassword( $str );
452 $this->mNewpassword = '';
453 }
454
455 # Set the random token (used for persistent authentication)
456 function setToken( $token = false ) {
457 if ( !$token ) {
458 $this->mToken = '';
459 # Take random data from PRNG
460 # This is reasonably secure if the PRNG has been seeded correctly
461 for ($i = 0; $i<USER_TOKEN_LENGTH / 4; $i++) {
462 $this->mToken .= sprintf( "%04X", mt_rand( 0, 65535 ) );
463 }
464 } else {
465 $this->mToken = $token;
466 }
467 }
468
469
470 function setCookiePassword( $str ) {
471 $this->loadFromDatabase();
472 $this->mCookiePassword = md5( $str );
473 }
474
475 function setNewpassword( $str ) {
476 $this->loadFromDatabase();
477 $this->mNewpassword = $this->encryptPassword( $str );
478 }
479
480 function getEmail() {
481 $this->loadFromDatabase();
482 return $this->mEmail;
483 }
484
485 function setEmail( $str ) {
486 $this->loadFromDatabase();
487 $this->mEmail = $str;
488 }
489
490 function getRealName() {
491 $this->loadFromDatabase();
492 return $this->mRealName;
493 }
494
495 function setRealName( $str ) {
496 $this->loadFromDatabase();
497 $this->mRealName = $str;
498 }
499
500 function getOption( $oname ) {
501 $this->loadFromDatabase();
502 if ( array_key_exists( $oname, $this->mOptions ) ) {
503 return $this->mOptions[$oname];
504 } else {
505 return '';
506 }
507 }
508
509 function setOption( $oname, $val ) {
510 $this->loadFromDatabase();
511 if ( $oname == 'skin' ) {
512 # Clear cached skin, so the new one displays immediately in Special:Preferences
513 unset( $this->mSkin );
514 }
515 $this->mOptions[$oname] = $val;
516 $this->invalidateCache();
517 }
518
519 function getRights() {
520 $this->loadFromDatabase();
521 return $this->mRights;
522 }
523
524 function addRight( $rname ) {
525 $this->loadFromDatabase();
526 array_push( $this->mRights, $rname );
527 $this->invalidateCache();
528 }
529
530 function isSysop() {
531 $this->loadFromDatabase();
532 if ( 0 == $this->mId ) { return false; }
533
534 return in_array( 'sysop', $this->mRights );
535 }
536
537 function isDeveloper() {
538 $this->loadFromDatabase();
539 if ( 0 == $this->mId ) { return false; }
540
541 return in_array( 'developer', $this->mRights );
542 }
543
544 function isBureaucrat() {
545 $this->loadFromDatabase();
546 if ( 0 == $this->mId ) { return false; }
547
548 return in_array( 'bureaucrat', $this->mRights );
549 }
550
551 /**
552 * Whether the user is a bot
553 */
554 function isBot() {
555 $this->loadFromDatabase();
556
557 # Why was this here? I need a UID=0 conversion script [TS]
558 # if ( 0 == $this->mId ) { return false; }
559
560 return in_array( 'bot', $this->mRights );
561 }
562
563 /**
564 * Load a skin if it doesn't exist or return it
565 * @todo FIXME : need to check the old failback system [AV]
566 */
567 function &getSkin() {
568 global $IP, $wgUsePHPTal;
569 if ( ! isset( $this->mSkin ) ) {
570 # get all skin names available
571 $skinNames = Skin::getSkinNames();
572 # get the user skin
573 $userSkin = $this->getOption( 'skin' );
574 if ( $userSkin == '' ) { $userSkin = 'standard'; }
575
576 if ( !isset( $skinNames[$userSkin] ) ) {
577 # in case the user skin could not be found find a replacement
578 $fallback = array(
579 0 => 'Standard',
580 1 => 'Nostalgia',
581 2 => 'CologneBlue');
582 # if phptal is enabled we should have monobook skin that
583 # superseed the good old SkinStandard.
584 if ( isset( $skinNames['monobook'] ) ) {
585 $fallback[0] = 'MonoBook';
586 }
587
588 if(is_numeric($userSkin) && isset( $fallback[$userSkin]) ){
589 $sn = $fallback[$userSkin];
590 } else {
591 $sn = 'Standard';
592 }
593 } else {
594 # The user skin is available
595 $sn = $skinNames[$userSkin];
596 }
597
598 # Grab the skin class and initialise it. Each skin checks for PHPTal
599 # and will not load if it's not enabled.
600 require_once( $IP.'/skins/'.$sn.'.php' );
601
602 # Check if we got if not failback to default skin
603 $className = 'Skin'.$sn;
604 if( !class_exists( $className ) ) {
605 # DO NOT die if the class isn't found. This breaks maintenance
606 # scripts and can cause a user account to be unrecoverable
607 # except by SQL manipulation if a previously valid skin name
608 # is no longer valid.
609 $className = 'SkinStandard';
610 require_once( $IP.'/skins/Standard.php' );
611 }
612 $this->mSkin = new $className;
613 }
614 return $this->mSkin;
615 }
616
617 /**#@+
618 * @param string $title Article title to look at
619 */
620
621 /**
622 * Check watched status of an article
623 * @return bool True if article is watched
624 */
625 function isWatched( $title ) {
626 $wl = WatchedItem::fromUserTitle( $this, $title );
627 return $wl->isWatched();
628 }
629
630 /**
631 * Watch an article
632 */
633 function addWatch( $title ) {
634 $wl = WatchedItem::fromUserTitle( $this, $title );
635 $wl->addWatch();
636 $this->invalidateCache();
637 }
638
639 /**
640 * Stop watching an article
641 */
642 function removeWatch( $title ) {
643 $wl = WatchedItem::fromUserTitle( $this, $title );
644 $wl->removeWatch();
645 $this->invalidateCache();
646 }
647 /**#@-*/
648
649 /**
650 * @access private
651 * @return string Encoding options
652 */
653 function encodeOptions() {
654 $a = array();
655 foreach ( $this->mOptions as $oname => $oval ) {
656 array_push( $a, $oname.'='.$oval );
657 }
658 $s = implode( "\n", $a );
659 return $s;
660 }
661
662 /**
663 * @access private
664 */
665 function decodeOptions( $str ) {
666 $a = explode( "\n", $str );
667 foreach ( $a as $s ) {
668 if ( preg_match( "/^(.[^=]*)=(.*)$/", $s, $m ) ) {
669 $this->mOptions[$m[1]] = $m[2];
670 }
671 }
672 }
673
674 function setCookies() {
675 global $wgCookieExpiration, $wgCookiePath, $wgCookieDomain, $wgDBname;
676 if ( 0 == $this->mId ) return;
677 $this->loadFromDatabase();
678 $exp = time() + $wgCookieExpiration;
679
680 $_SESSION['wsUserID'] = $this->mId;
681 setcookie( $wgDBname.'UserID', $this->mId, $exp, $wgCookiePath, $wgCookieDomain );
682
683 $_SESSION['wsUserName'] = $this->mName;
684 setcookie( $wgDBname.'UserName', $this->mName, $exp, $wgCookiePath, $wgCookieDomain );
685
686 $_SESSION['wsToken'] = $this->mToken;
687 if ( 1 == $this->getOption( 'rememberpassword' ) ) {
688 setcookie( $wgDBname.'Token', $this->mToken, $exp, $wgCookiePath, $wgCookieDomain );
689 } else {
690 setcookie( $wgDBname.'Token', '', time() - 3600 );
691 }
692 }
693
694 /**
695 * Logout user
696 * It will clean the session cookie
697 */
698 function logout() {
699 global $wgCookiePath, $wgCookieDomain, $wgDBname, $wgIP;
700 $this->loadDefaults();
701 $this->setLoaded( true );
702
703 $_SESSION['wsUserID'] = 0;
704
705 setcookie( $wgDBname.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
706 setcookie( $wgDBname.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
707 }
708
709 /**
710 * Save object settings into database
711 */
712 function saveSettings() {
713 global $wgMemc, $wgDBname;
714 $fname = 'User::saveSettings';
715
716 $dbw =& wfGetDB( DB_MASTER );
717 if ( ! $this->mNewtalk ) {
718 # Delete user_newtalk row
719 if( $this->mId ) {
720 $dbw->delete( 'user_newtalk', array( 'user_id' => $this->mId ), $fname );
721 } else {
722 $dbw->delete( 'user_newtalk', array( 'user_ip' => $this->mName ), $fname );
723 $wgMemc->delete( "$wgDBname:newtalk:ip:{$this->mName}" );
724 }
725 }
726 if ( 0 == $this->mId ) { return; }
727
728 $dbw->update( 'user',
729 array( /* SET */
730 'user_name' => $this->mName,
731 'user_password' => $this->mPassword,
732 'user_newpassword' => $this->mNewpassword,
733 'user_real_name' => $this->mRealName,
734 'user_email' => $this->mEmail,
735 'user_options' => $this->encodeOptions(),
736 'user_touched' => $dbw->timestamp($this->mTouched),
737 'user_token' => $this->mToken
738 ), array( /* WHERE */
739 'user_id' => $this->mId
740 ), $fname
741 );
742 $dbw->set( 'user_rights', 'user_rights', implode( ",", $this->mRights ),
743 'user_id='. $this->mId, $fname );
744 $wgMemc->delete( "$wgDBname:user:id:$this->mId" );
745 }
746
747 /**
748 * Checks if a user with the given name exists, returns the ID
749 */
750 function idForName() {
751 $fname = 'User::idForName';
752
753 $gotid = 0;
754 $s = trim( $this->mName );
755 if ( 0 == strcmp( '', $s ) ) return 0;
756
757 $dbr =& wfGetDB( DB_SLAVE );
758 $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), $fname );
759 if ( $id === false ) {
760 $id = 0;
761 }
762 return $id;
763 }
764
765 /**
766 * Add user object to the database
767 */
768 function addToDatabase() {
769 $fname = 'User::addToDatabase';
770 $dbw =& wfGetDB( DB_MASTER );
771 $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
772 $dbw->insert( 'user',
773 array(
774 'user_id' => $seqVal,
775 'user_name' => $this->mName,
776 'user_password' => $this->mPassword,
777 'user_newpassword' => $this->mNewpassword,
778 'user_email' => $this->mEmail,
779 'user_real_name' => $this->mRealName,
780 'user_options' => $this->encodeOptions(),
781 'user_token' => $this->mToken
782 ), $fname
783 );
784 $this->mId = $dbw->insertId();
785 $dbw->insert( 'user_rights',
786 array(
787 'user_id' => $this->mId,
788 'user_rights' => implode( ',', $this->mRights )
789 ), $fname
790 );
791
792 }
793
794 function spreadBlock() {
795 global $wgIP;
796 # If the (non-anonymous) user is blocked, this function will block any IP address
797 # that they successfully log on from.
798 $fname = 'User::spreadBlock';
799
800 wfDebug( "User:spreadBlock()\n" );
801 if ( $this->mId == 0 ) {
802 return;
803 }
804
805 $userblock = Block::newFromDB( '', $this->mId );
806 if ( !$userblock->isValid() ) {
807 return;
808 }
809
810 # Check if this IP address is already blocked
811 $ipblock = Block::newFromDB( $wgIP );
812 if ( $ipblock->isValid() ) {
813 # Just update the timestamp
814 $ipblock->updateTimestamp();
815 return;
816 }
817
818 # Make a new block object with the desired properties
819 wfDebug( "Autoblocking {$this->mName}@{$wgIP}\n" );
820 $ipblock->mAddress = $wgIP;
821 $ipblock->mUser = 0;
822 $ipblock->mBy = $userblock->mBy;
823 $ipblock->mReason = wfMsg( 'autoblocker', $this->getName(), $userblock->mReason );
824 $ipblock->mTimestamp = wfTimestampNow();
825 $ipblock->mAuto = 1;
826 # If the user is already blocked with an expiry date, we don't
827 # want to pile on top of that!
828 if($userblock->mExpiry) {
829 $ipblock->mExpiry = min ( $userblock->mExpiry, Block::getAutoblockExpiry( $ipblock->mTimestamp ));
830 } else {
831 $ipblock->mExpiry = Block::getAutoblockExpiry( $ipblock->mTimestamp );
832 }
833
834 # Insert it
835 $ipblock->insert();
836
837 }
838
839 function getPageRenderingHash() {
840 global $wgContLang;
841 if( $this->mHash ){
842 return $this->mHash;
843 }
844
845 // stubthreshold is only included below for completeness,
846 // it will always be 0 when this function is called by parsercache.
847
848 $confstr = $this->getOption( 'math' );
849 $confstr .= '!' . $this->getOption( 'highlightbroken' );
850 $confstr .= '!' . $this->getOption( 'stubthreshold' );
851 $confstr .= '!' . $this->getOption( 'editsection' );
852 $confstr .= '!' . $this->getOption( 'editsectiononrightclick' );
853 $confstr .= '!' . $this->getOption( 'showtoc' );
854 $confstr .= '!' . $this->getOption( 'date' );
855 $confstr .= '!' . $this->getOption( 'numberheadings' );
856
857 // add in language variant option if there are multiple variants
858 // supported by the language object
859 if(sizeof($wgContLang->getVariants())>1) {
860 $confstr .= '!' . $this->getOption( 'variant' );
861 }
862
863 $this->mHash = $confstr;
864 return $confstr ;
865 }
866
867 function isAllowedToCreateAccount() {
868 global $wgWhitelistAccount;
869 $allowed = false;
870
871 if (!$wgWhitelistAccount) { return 1; }; // default behaviour
872 foreach ($wgWhitelistAccount as $right => $ok) {
873 $userHasRight = (!strcmp($right, 'user') || in_array($right, $this->getRights()));
874 $allowed |= ($ok && $userHasRight);
875 }
876 return $allowed;
877 }
878
879 /**
880 * Set mDataLoaded, return previous value
881 * Use this to prevent DB access in command-line scripts or similar situations
882 */
883 function setLoaded( $loaded ) {
884 return wfSetVar( $this->mDataLoaded, $loaded );
885 }
886
887 function getUserPage() {
888 return Title::makeTitle( NS_USER, $this->mName );
889 }
890
891 /**
892 * @static
893 */
894 function getMaxID() {
895 $dbr =& wfGetDB( DB_SLAVE );
896 return $dbr->selectField( 'user', 'max(user_id)', false );
897 }
898
899 /**
900 * Determine whether the user is a newbie. Newbies are either
901 * anonymous IPs, or the 1% most recently created accounts.
902 * Bots and sysops are excluded.
903 * @return bool True if it is a newbie.
904 */
905 function isNewbie() {
906 return $this->mId > User::getMaxID() * 0.99 && !$this->isSysop() && !$this->isBot() || $this->getID() == 0;
907 }
908
909 /**
910 * Check to see if the given clear-text password is one of the accepted passwords
911 * @param string $password User password.
912 * @return bool True if the given password is correct otherwise False.
913 */
914 function checkPassword( $password ) {
915 $this->loadFromDatabase();
916 $ep = $this->encryptPassword( $password );
917 if ( 0 == strcmp( $ep, $this->mPassword ) ) {
918 return true;
919 } elseif ( 0 == strcmp( $ep, $this->mNewpassword ) ) {
920 return true;
921 } elseif ( function_exists( 'iconv' ) ) {
922 # Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
923 # Check for this with iconv
924 /* $cp1252hash = $this->encryptPassword( iconv( 'UTF-8', 'WINDOWS-1252', $password ) );
925 if ( 0 == strcmp( $cp1252hash, $this->mPassword ) ) {
926 return true;
927 }*/
928 }
929 return false;
930 }
931 }
932
933 ?>
Wiklou, le Wiki du Wiklou