X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FUser.php;h=fe4118782bbfab4246f6d83da106e31e64c480ef;hb=ab20f80116acb97eb8f5a0020d7a701c9178af28;hp=73d4959ee5585db4574406b3b7c74825c2202ed2;hpb=227204c69b59dda16c6011002f8f3db7a874ded1;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/User.php b/includes/User.php
index 73d4959ee5..fe4118782b 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -20,32 +20,12 @@
  * @file
  */
 
-/**
- * Int Number of characters in user_token field.
- * @ingroup Constants
- */
-define( 'USER_TOKEN_LENGTH', 32 );
-
-/**
- * Int Serialized record version.
- * @ingroup Constants
- */
-define( 'MW_USER_VERSION', 10 );
-
 /**
  * String Some punctuation to prevent editing from broken text-mangling proxies.
  * @ingroup Constants
  */
 define( 'EDIT_TOKEN_SUFFIX', '+\\' );
 
-/**
- * Thrown by User::setPassword() on error.
- * @ingroup Exception
- */
-class PasswordError extends MWException {
-	// NOP
-}
-
 /**
  * The User object encapsulates all of the user-specific settings (user_id,
  * name, rights, password, email address, options, last login time). Client
@@ -58,13 +38,21 @@ class PasswordError extends MWException {
  */
 class User implements IDBAccessObject {
 	/**
-	 * Global constants made accessible as class constants so that autoloader
+	 * @const int Number of characters in user_token field.
+	 */
+	const TOKEN_LENGTH = 32;
+
+	/**
+	 * Global constant made accessible as class constants so that autoloader
 	 * magic can be used.
 	 */
-	const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
-	const MW_USER_VERSION = MW_USER_VERSION;
 	const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;
 
+	/**
+	 * @const int Serialized record version.
+	 */
+	const VERSION = 10;
+
 	/**
 	 * Maximum items in $mWatchedItems
 	 */
@@ -193,8 +181,16 @@ class User implements IDBAccessObject {
 
 	public $mRealName;
 
+	/**
+	 * @todo Make this actually private
+	 * @private
+	 */
 	public $mPassword;
 
+	/**
+	 * @todo Make this actually private
+	 * @private
+	 */
 	public $mNewpassword;
 
 	public $mNewpassTime;
@@ -370,7 +366,7 @@ class User implements IDBAccessObject {
 		// Try cache
 		$key = wfMemcKey( 'user', 'id', $this->mId );
 		$data = $wgMemc->get( $key );
-		if ( !is_array( $data ) || $data['mVersion'] != MW_USER_VERSION ) {
+		if ( !is_array( $data ) || $data['mVersion'] != self::VERSION ) {
 			// Object is expired, load from DB
 			$data = false;
 		}
@@ -411,7 +407,7 @@ class User implements IDBAccessObject {
 		foreach ( self::$mCacheVars as $name ) {
 			$data[$name] = $this->$name;
 		}
-		$data['mVersion'] = MW_USER_VERSION;
+		$data['mVersion'] = self::VERSION;
 		$key = wfMemcKey( 'user', 'id', $this->mId );
 		global $wgMemc;
 		$wgMemc->set( $key, $data );
@@ -919,8 +915,9 @@ class User implements IDBAccessObject {
 			return false;
 		}
 
-		// Clean up name according to title rules
-		$t = ( $validate === 'valid' ) ?
+		// Clean up name according to title rules,
+		// but only when validation is requested (bug 12654)
+		$t = ( $validate !== false ) ?
 			Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
 		// Check for invalid titles
 		if ( is_null( $t ) ) {
@@ -2258,6 +2255,26 @@ class User implements IDBAccessObject {
 		return $this->mTouched;
 	}
 
+	/**
+	 * @return Password
+	 * @since 1.24
+	 */
+	public function getPassword() {
+		$this->loadPasswords();
+
+		return $this->mPassword;
+	}
+
+	/**
+	 * @return Password
+	 * @since 1.24
+	 */
+	public function getTemporaryPassword() {
+		$this->loadPasswords();
+
+		return $this->mNewpassword;
+	}
+
 	/**
 	 * Set the password and reset the random token.
 	 * Calls through to authentication plugin if necessary;
@@ -2277,6 +2294,8 @@ class User implements IDBAccessObject {
 	public function setPassword( $str ) {
 		global $wgAuth;
 
+		$this->loadPasswords();
+
 		if ( $str !== null ) {
 			if ( !$wgAuth->allowPasswordChange() ) {
 				throw new PasswordError( wfMessage( 'password-change-forbidden' )->text() );
@@ -2349,7 +2368,7 @@ class User implements IDBAccessObject {
 	public function setToken( $token = false ) {
 		$this->load();
 		if ( !$token ) {
-			$this->mToken = MWCryptRand::generateHex( USER_TOKEN_LENGTH );
+			$this->mToken = MWCryptRand::generateHex( self::TOKEN_LENGTH );
 		} else {
 			$this->mToken = $token;
 		}
@@ -2363,7 +2382,7 @@ class User implements IDBAccessObject {
 	 * @param bool $throttle If true, reset the throttle timestamp to the present
 	 */
 	public function setNewpassword( $str, $throttle = true ) {
-		$this->load();
+		$this->loadPasswords();
 
 		if ( $str === null ) {
 			$this->mNewpassword = '';
@@ -2420,8 +2439,8 @@ class User implements IDBAccessObject {
 		if ( $str == $this->mEmail ) {
 			return;
 		}
-		$this->mEmail = $str;
 		$this->invalidateEmail();
+		$this->mEmail = $str;
 		wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
 	}
 
@@ -3821,6 +3840,7 @@ class User implements IDBAccessObject {
 		global $wgNewPasswordExpiry;
 
 		$this->load();
+		$this->loadPasswords();
 		if ( $this->mNewpassword->equals( $plaintext ) ) {
 			if ( is_null( $this->mNewpassTime ) ) {
 				return true;
@@ -3863,7 +3883,7 @@ class User implements IDBAccessObject {
 		}
 
 		if ( $this->isAnon() ) {
-			return EDIT_TOKEN_SUFFIX;
+			return self::EDIT_TOKEN_SUFFIX;
 		} else {
 			$token = $request->getSessionData( 'wsEditToken' );
 			if ( $token === null ) {
@@ -3873,7 +3893,7 @@ class User implements IDBAccessObject {
 			if ( is_array( $salt ) ) {
 				$salt = implode( '|', $salt );
 			}
-			return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
+			return md5( $token . $salt ) . self::EDIT_TOKEN_SUFFIX;
 		}
 	}
 
@@ -4071,6 +4091,7 @@ class User implements IDBAccessObject {
 		$this->mEmailToken = null;
 		$this->mEmailTokenExpires = null;
 		$this->setEmailAuthenticationTimestamp( null );
+		$this->mEmail = '';
 		wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
 		return true;
 	}
@@ -4614,10 +4635,10 @@ class User implements IDBAccessObject {
 	 * @param bool|string $salt Optional salt, may be random or the user ID.
 	 *  If unspecified or false, will generate one automatically
 	 * @return string Password hash
-	 * @deprecated since 1.23, use Password class
+	 * @deprecated since 1.24, use Password class
 	 */
 	public static function crypt( $password, $salt = false ) {
-		wfDeprecated( __METHOD__, '1.23' );
+		wfDeprecated( __METHOD__, '1.24' );
 		$hash = self::getPasswordFactory()->newFromPlaintext( $password );
 		return $hash->toString();
 	}
@@ -4631,10 +4652,10 @@ class User implements IDBAccessObject {
 	 * @param string|bool $userId User ID for old-style password salt
 	 *
 	 * @return bool
-	 * @deprecated since 1.23, use Password class
+	 * @deprecated since 1.24, use Password class
 	 */
 	public static function comparePasswords( $hash, $password, $userId = false ) {
-		wfDeprecated( __METHOD__, '1.23' );
+		wfDeprecated( __METHOD__, '1.24' );
 
 		// Check for *really* old password hashes that don't even have a type
 		// The old hash format was just an md5 hex hash, with no type information