SECURITY: Make 'newbie' limit in $wgRateLimits really override 'user' limit
[lhc/web/wiklou.git] / includes / user / User.php
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 use MediaWiki\MediaWikiServices;
24 use MediaWiki\Session\SessionManager;
25 use MediaWiki\Session\Token;
26 use MediaWiki\Auth\AuthManager;
27 use MediaWiki\Auth\AuthenticationResponse;
28 use MediaWiki\Auth\AuthenticationRequest;
29 use MediaWiki\User\UserIdentity;
30 use Wikimedia\IPSet;
31 use Wikimedia\ScopedCallback;
32 use Wikimedia\Rdbms\Database;
33 use Wikimedia\Rdbms\DBExpectedError;
34 use Wikimedia\Rdbms\IDatabase;
35
36 /**
37 * The User object encapsulates all of the user-specific settings (user_id,
38 * name, rights, email address, options, last login time). Client
39 * classes use the getXXX() functions to access these fields. These functions
40 * do all the work of determining whether the user is logged in,
41 * whether the requested option can be satisfied from cookies or
42 * whether a database query is needed. Most of the settings needed
43 * for rendering normal pages are set in the cookie to minimize use
44 * of the database.
45 */
46 class User implements IDBAccessObject, UserIdentity {
47 /**
48 * @const int Number of characters in user_token field.
49 */
50 const TOKEN_LENGTH = 32;
51
52 /**
53 * @const string An invalid value for user_token
54 */
55 const INVALID_TOKEN = '*** INVALID ***';
56
57 /**
58 * Global constant made accessible as class constants so that autoloader
59 * magic can be used.
60 * @deprecated since 1.27, use \MediaWiki\Session\Token::SUFFIX
61 */
62 const EDIT_TOKEN_SUFFIX = Token::SUFFIX;
63
64 /**
65 * @const int Serialized record version.
66 */
67 const VERSION = 12;
68
69 /**
70 * Exclude user options that are set to their default value.
71 * @since 1.25
72 */
73 const GETOPTIONS_EXCLUDE_DEFAULTS = 1;
74
75 /**
76 * @since 1.27
77 */
78 const CHECK_USER_RIGHTS = true;
79
80 /**
81 * @since 1.27
82 */
83 const IGNORE_USER_RIGHTS = false;
84
85 /**
86 * Array of Strings List of member variables which are saved to the
87 * shared cache (memcached). Any operation which changes the
88 * corresponding database fields must call a cache-clearing function.
89 * @showinitializer
90 */
91 protected static $mCacheVars = [
92 // user table
93 'mId',
94 'mName',
95 'mRealName',
96 'mEmail',
97 'mTouched',
98 'mToken',
99 'mEmailAuthenticated',
100 'mEmailToken',
101 'mEmailTokenExpires',
102 'mRegistration',
103 'mEditCount',
104 // user_groups table
105 'mGroupMemberships',
106 // user_properties table
107 'mOptionOverrides',
108 // actor table
109 'mActorId',
110 ];
111
112 /**
113 * Array of Strings Core rights.
114 * Each of these should have a corresponding message of the form
115 * "right-$right".
116 * @showinitializer
117 */
118 protected static $mCoreRights = [
119 'apihighlimits',
120 'applychangetags',
121 'autoconfirmed',
122 'autocreateaccount',
123 'autopatrol',
124 'bigdelete',
125 'block',
126 'blockemail',
127 'bot',
128 'browsearchive',
129 'changetags',
130 'createaccount',
131 'createpage',
132 'createtalk',
133 'delete',
134 'deletechangetags',
135 'deletedhistory',
136 'deletedtext',
137 'deletelogentry',
138 'deleterevision',
139 'edit',
140 'editcontentmodel',
141 'editinterface',
142 'editprotected',
143 'editmyoptions',
144 'editmyprivateinfo',
145 'editmyusercss',
146 'editmyuserjson',
147 'editmyuserjs',
148 'editmywatchlist',
149 'editsemiprotected',
150 'editsitecss',
151 'editsitejson',
152 'editsitejs',
153 'editusercss',
154 'edituserjson',
155 'edituserjs',
156 'hideuser',
157 'import',
158 'importupload',
159 'ipblock-exempt',
160 'managechangetags',
161 'markbotedits',
162 'mergehistory',
163 'minoredit',
164 'move',
165 'movefile',
166 'move-categorypages',
167 'move-rootuserpages',
168 'move-subpages',
169 'nominornewtalk',
170 'noratelimit',
171 'override-export-depth',
172 'pagelang',
173 'patrol',
174 'patrolmarks',
175 'protect',
176 'purge',
177 'read',
178 'reupload',
179 'reupload-own',
180 'reupload-shared',
181 'rollback',
182 'sendemail',
183 'siteadmin',
184 'suppressionlog',
185 'suppressredirect',
186 'suppressrevision',
187 'unblockself',
188 'undelete',
189 'unwatchedpages',
190 'upload',
191 'upload_by_url',
192 'userrights',
193 'userrights-interwiki',
194 'viewmyprivateinfo',
195 'viewmywatchlist',
196 'viewsuppressed',
197 'writeapi',
198 ];
199
200 /**
201 * String Cached results of getAllRights()
202 */
203 protected static $mAllRights = false;
204
205 /** Cache variables */
206 // @{
207 /** @var int */
208 public $mId;
209 /** @var string */
210 public $mName;
211 /** @var int|null */
212 protected $mActorId;
213 /** @var string */
214 public $mRealName;
215
216 /** @var string */
217 public $mEmail;
218 /** @var string TS_MW timestamp from the DB */
219 public $mTouched;
220 /** @var string TS_MW timestamp from cache */
221 protected $mQuickTouched;
222 /** @var string */
223 protected $mToken;
224 /** @var string */
225 public $mEmailAuthenticated;
226 /** @var string */
227 protected $mEmailToken;
228 /** @var string */
229 protected $mEmailTokenExpires;
230 /** @var string */
231 protected $mRegistration;
232 /** @var int */
233 protected $mEditCount;
234 /** @var UserGroupMembership[] Associative array of (group name => UserGroupMembership object) */
235 protected $mGroupMemberships;
236 /** @var array */
237 protected $mOptionOverrides;
238 // @}
239
240 /**
241 * Bool Whether the cache variables have been loaded.
242 */
243 // @{
244 public $mOptionsLoaded;
245
246 /**
247 * Array with already loaded items or true if all items have been loaded.
248 */
249 protected $mLoadedItems = [];
250 // @}
251
252 /**
253 * String Initialization data source if mLoadedItems!==true. May be one of:
254 * - 'defaults' anonymous user initialised from class defaults
255 * - 'name' initialise from mName
256 * - 'id' initialise from mId
257 * - 'actor' initialise from mActorId
258 * - 'session' log in from session if possible
259 *
260 * Use the User::newFrom*() family of functions to set this.
261 */
262 public $mFrom;
263
264 /**
265 * Lazy-initialized variables, invalidated with clearInstanceCache
266 */
267 protected $mNewtalk;
268 /** @var string */
269 protected $mDatePreference;
270 /** @var string */
271 public $mBlockedby;
272 /** @var string */
273 protected $mHash;
274 /** @var array */
275 public $mRights;
276 /** @var string */
277 protected $mBlockreason;
278 /** @var array */
279 protected $mEffectiveGroups;
280 /** @var array */
281 protected $mImplicitGroups;
282 /** @var array */
283 protected $mFormerGroups;
284 /** @var Block */
285 protected $mGlobalBlock;
286 /** @var bool */
287 protected $mLocked;
288 /** @var bool */
289 public $mHideName;
290 /** @var array */
291 public $mOptions;
292
293 /** @var WebRequest */
294 private $mRequest;
295
296 /** @var Block */
297 public $mBlock;
298
299 /** @var bool */
300 protected $mAllowUsertalk;
301
302 /** @var Block */
303 private $mBlockedFromCreateAccount = false;
304
305 /** @var int User::READ_* constant bitfield used to load data */
306 protected $queryFlagsUsed = self::READ_NORMAL;
307
308 public static $idCacheByName = [];
309
310 /**
311 * Lightweight constructor for an anonymous user.
312 * Use the User::newFrom* factory functions for other kinds of users.
313 *
314 * @see newFromName()
315 * @see newFromId()
316 * @see newFromActorId()
317 * @see newFromConfirmationCode()
318 * @see newFromSession()
319 * @see newFromRow()
320 */
321 public function __construct() {
322 $this->clearInstanceCache( 'defaults' );
323 }
324
325 /**
326 * @return string
327 */
328 public function __toString() {
329 return (string)$this->getName();
330 }
331
332 /**
333 * Test if it's safe to load this User object.
334 *
335 * You should typically check this before using $wgUser or
336 * RequestContext::getUser in a method that might be called before the
337 * system has been fully initialized. If the object is unsafe, you should
338 * use an anonymous user:
339 * \code
340 * $user = $wgUser->isSafeToLoad() ? $wgUser : new User;
341 * \endcode
342 *
343 * @since 1.27
344 * @return bool
345 */
346 public function isSafeToLoad() {
347 global $wgFullyInitialised;
348
349 // The user is safe to load if:
350 // * MW_NO_SESSION is undefined AND $wgFullyInitialised is true (safe to use session data)
351 // * mLoadedItems === true (already loaded)
352 // * mFrom !== 'session' (sessions not involved at all)
353
354 return ( !defined( 'MW_NO_SESSION' ) && $wgFullyInitialised ) ||
355 $this->mLoadedItems === true || $this->mFrom !== 'session';
356 }
357
358 /**
359 * Load the user table data for this object from the source given by mFrom.
360 *
361 * @param int $flags User::READ_* constant bitfield
362 */
363 public function load( $flags = self::READ_NORMAL ) {
364 global $wgFullyInitialised;
365
366 if ( $this->mLoadedItems === true ) {
367 return;
368 }
369
370 // Set it now to avoid infinite recursion in accessors
371 $oldLoadedItems = $this->mLoadedItems;
372 $this->mLoadedItems = true;
373 $this->queryFlagsUsed = $flags;
374
375 // If this is called too early, things are likely to break.
376 if ( !$wgFullyInitialised && $this->mFrom === 'session' ) {
377 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
378 ->warning( 'User::loadFromSession called before the end of Setup.php', [
379 'exception' => new Exception( 'User::loadFromSession called before the end of Setup.php' ),
380 ] );
381 $this->loadDefaults();
382 $this->mLoadedItems = $oldLoadedItems;
383 return;
384 }
385
386 switch ( $this->mFrom ) {
387 case 'defaults':
388 $this->loadDefaults();
389 break;
390 case 'name':
391 // Make sure this thread sees its own changes
392 $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
393 if ( $lb->hasOrMadeRecentMasterChanges() ) {
394 $flags |= self::READ_LATEST;
395 $this->queryFlagsUsed = $flags;
396 }
397
398 $this->mId = self::idFromName( $this->mName, $flags );
399 if ( !$this->mId ) {
400 // Nonexistent user placeholder object
401 $this->loadDefaults( $this->mName );
402 } else {
403 $this->loadFromId( $flags );
404 }
405 break;
406 case 'id':
407 // Make sure this thread sees its own changes, if the ID isn't 0
408 if ( $this->mId != 0 ) {
409 $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
410 if ( $lb->hasOrMadeRecentMasterChanges() ) {
411 $flags |= self::READ_LATEST;
412 $this->queryFlagsUsed = $flags;
413 }
414 }
415
416 $this->loadFromId( $flags );
417 break;
418 case 'actor':
419 // Make sure this thread sees its own changes
420 $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
421 if ( $lb->hasOrMadeRecentMasterChanges() ) {
422 $flags |= self::READ_LATEST;
423 $this->queryFlagsUsed = $flags;
424 }
425
426 list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
427 $row = wfGetDB( $index )->selectRow(
428 'actor',
429 [ 'actor_user', 'actor_name' ],
430 [ 'actor_id' => $this->mActorId ],
431 __METHOD__,
432 $options
433 );
434
435 if ( !$row ) {
436 // Ugh.
437 $this->loadDefaults();
438 } elseif ( $row->actor_user ) {
439 $this->mId = $row->actor_user;
440 $this->loadFromId( $flags );
441 } else {
442 $this->loadDefaults( $row->actor_name );
443 }
444 break;
445 case 'session':
446 if ( !$this->loadFromSession() ) {
447 // Loading from session failed. Load defaults.
448 $this->loadDefaults();
449 }
450 Hooks::run( 'UserLoadAfterLoadFromSession', [ $this ] );
451 break;
452 default:
453 throw new UnexpectedValueException(
454 "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
455 }
456 }
457
458 /**
459 * Load user table data, given mId has already been set.
460 * @param int $flags User::READ_* constant bitfield
461 * @return bool False if the ID does not exist, true otherwise
462 */
463 public function loadFromId( $flags = self::READ_NORMAL ) {
464 if ( $this->mId == 0 ) {
465 // Anonymous users are not in the database (don't need cache)
466 $this->loadDefaults();
467 return false;
468 }
469
470 // Try cache (unless this needs data from the master DB).
471 // NOTE: if this thread called saveSettings(), the cache was cleared.
472 $latest = DBAccessObjectUtils::hasFlags( $flags, self::READ_LATEST );
473 if ( $latest ) {
474 if ( !$this->loadFromDatabase( $flags ) ) {
475 // Can't load from ID
476 return false;
477 }
478 } else {
479 $this->loadFromCache();
480 }
481
482 $this->mLoadedItems = true;
483 $this->queryFlagsUsed = $flags;
484
485 return true;
486 }
487
488 /**
489 * @since 1.27
490 * @param string $wikiId
491 * @param int $userId
492 */
493 public static function purge( $wikiId, $userId ) {
494 $cache = ObjectCache::getMainWANInstance();
495 $key = $cache->makeGlobalKey( 'user', 'id', $wikiId, $userId );
496 $cache->delete( $key );
497 }
498
499 /**
500 * @since 1.27
501 * @param WANObjectCache $cache
502 * @return string
503 */
504 protected function getCacheKey( WANObjectCache $cache ) {
505 return $cache->makeGlobalKey( 'user', 'id', wfWikiID(), $this->mId );
506 }
507
508 /**
509 * @param WANObjectCache $cache
510 * @return string[]
511 * @since 1.28
512 */
513 public function getMutableCacheKeys( WANObjectCache $cache ) {
514 $id = $this->getId();
515
516 return $id ? [ $this->getCacheKey( $cache ) ] : [];
517 }
518
519 /**
520 * Load user data from shared cache, given mId has already been set.
521 *
522 * @return bool True
523 * @since 1.25
524 */
525 protected function loadFromCache() {
526 $cache = ObjectCache::getMainWANInstance();
527 $data = $cache->getWithSetCallback(
528 $this->getCacheKey( $cache ),
529 $cache::TTL_HOUR,
530 function ( $oldValue, &$ttl, array &$setOpts ) use ( $cache ) {
531 $setOpts += Database::getCacheSetOptions( wfGetDB( DB_REPLICA ) );
532 wfDebug( "User: cache miss for user {$this->mId}\n" );
533
534 $this->loadFromDatabase( self::READ_NORMAL );
535 $this->loadGroups();
536 $this->loadOptions();
537
538 $data = [];
539 foreach ( self::$mCacheVars as $name ) {
540 $data[$name] = $this->$name;
541 }
542
543 $ttl = $cache->adaptiveTTL( wfTimestamp( TS_UNIX, $this->mTouched ), $ttl );
544
545 // if a user group membership is about to expire, the cache needs to
546 // expire at that time (T163691)
547 foreach ( $this->mGroupMemberships as $ugm ) {
548 if ( $ugm->getExpiry() ) {
549 $secondsUntilExpiry = wfTimestamp( TS_UNIX, $ugm->getExpiry() ) - time();
550 if ( $secondsUntilExpiry > 0 && $secondsUntilExpiry < $ttl ) {
551 $ttl = $secondsUntilExpiry;
552 }
553 }
554 }
555
556 return $data;
557 },
558 [ 'pcTTL' => $cache::TTL_PROC_LONG, 'version' => self::VERSION ]
559 );
560
561 // Restore from cache
562 foreach ( self::$mCacheVars as $name ) {
563 $this->$name = $data[$name];
564 }
565
566 return true;
567 }
568
569 /** @name newFrom*() static factory methods */
570 // @{
571
572 /**
573 * Static factory method for creation from username.
574 *
575 * This is slightly less efficient than newFromId(), so use newFromId() if
576 * you have both an ID and a name handy.
577 *
578 * @param string $name Username, validated by Title::newFromText()
579 * @param string|bool $validate Validate username. Takes the same parameters as
580 * User::getCanonicalName(), except that true is accepted as an alias
581 * for 'valid', for BC.
582 *
583 * @return User|bool User object, or false if the username is invalid
584 * (e.g. if it contains illegal characters or is an IP address). If the
585 * username is not present in the database, the result will be a user object
586 * with a name, zero user ID and default settings.
587 */
588 public static function newFromName( $name, $validate = 'valid' ) {
589 if ( $validate === true ) {
590 $validate = 'valid';
591 }
592 $name = self::getCanonicalName( $name, $validate );
593 if ( $name === false ) {
594 return false;
595 } else {
596 // Create unloaded user object
597 $u = new User;
598 $u->mName = $name;
599 $u->mFrom = 'name';
600 $u->setItemLoaded( 'name' );
601 return $u;
602 }
603 }
604
605 /**
606 * Static factory method for creation from a given user ID.
607 *
608 * @param int $id Valid user ID
609 * @return User The corresponding User object
610 */
611 public static function newFromId( $id ) {
612 $u = new User;
613 $u->mId = $id;
614 $u->mFrom = 'id';
615 $u->setItemLoaded( 'id' );
616 return $u;
617 }
618
619 /**
620 * Static factory method for creation from a given actor ID.
621 *
622 * @since 1.31
623 * @param int $id Valid actor ID
624 * @return User The corresponding User object
625 */
626 public static function newFromActorId( $id ) {
627 global $wgActorTableSchemaMigrationStage;
628
629 if ( $wgActorTableSchemaMigrationStage <= MIGRATION_OLD ) {
630 throw new BadMethodCallException(
631 'Cannot use ' . __METHOD__ . ' when $wgActorTableSchemaMigrationStage is MIGRATION_OLD'
632 );
633 }
634
635 $u = new User;
636 $u->mActorId = $id;
637 $u->mFrom = 'actor';
638 $u->setItemLoaded( 'actor' );
639 return $u;
640 }
641
642 /**
643 * Returns a User object corresponding to the given UserIdentity.
644 *
645 * @since 1.32
646 *
647 * @param UserIdentity $identity
648 *
649 * @return User
650 */
651 public static function newFromIdentity( UserIdentity $identity ) {
652 if ( $identity instanceof User ) {
653 return $identity;
654 }
655
656 return self::newFromAnyId(
657 $identity->getId() === 0 ? null : $identity->getId(),
658 $identity->getName() === '' ? null : $identity->getName(),
659 $identity->getActorId() === 0 ? null : $identity->getActorId()
660 );
661 }
662
663 /**
664 * Static factory method for creation from an ID, name, and/or actor ID
665 *
666 * This does not check that the ID, name, and actor ID all correspond to
667 * the same user.
668 *
669 * @since 1.31
670 * @param int|null $userId User ID, if known
671 * @param string|null $userName User name, if known
672 * @param int|null $actorId Actor ID, if known
673 * @return User
674 */
675 public static function newFromAnyId( $userId, $userName, $actorId ) {
676 global $wgActorTableSchemaMigrationStage;
677
678 $user = new User;
679 $user->mFrom = 'defaults';
680
681 if ( $wgActorTableSchemaMigrationStage > MIGRATION_OLD && $actorId !== null ) {
682 $user->mActorId = (int)$actorId;
683 if ( $user->mActorId !== 0 ) {
684 $user->mFrom = 'actor';
685 }
686 $user->setItemLoaded( 'actor' );
687 }
688
689 if ( $userName !== null && $userName !== '' ) {
690 $user->mName = $userName;
691 $user->mFrom = 'name';
692 $user->setItemLoaded( 'name' );
693 }
694
695 if ( $userId !== null ) {
696 $user->mId = (int)$userId;
697 if ( $user->mId !== 0 ) {
698 $user->mFrom = 'id';
699 }
700 $user->setItemLoaded( 'id' );
701 }
702
703 if ( $user->mFrom === 'defaults' ) {
704 throw new InvalidArgumentException(
705 'Cannot create a user with no name, no ID, and no actor ID'
706 );
707 }
708
709 return $user;
710 }
711
712 /**
713 * Factory method to fetch whichever user has a given email confirmation code.
714 * This code is generated when an account is created or its e-mail address
715 * has changed.
716 *
717 * If the code is invalid or has expired, returns NULL.
718 *
719 * @param string $code Confirmation code
720 * @param int $flags User::READ_* bitfield
721 * @return User|null
722 */
723 public static function newFromConfirmationCode( $code, $flags = 0 ) {
724 $db = ( $flags & self::READ_LATEST ) == self::READ_LATEST
725 ? wfGetDB( DB_MASTER )
726 : wfGetDB( DB_REPLICA );
727
728 $id = $db->selectField(
729 'user',
730 'user_id',
731 [
732 'user_email_token' => md5( $code ),
733 'user_email_token_expires > ' . $db->addQuotes( $db->timestamp() ),
734 ]
735 );
736
737 return $id ? self::newFromId( $id ) : null;
738 }
739
740 /**
741 * Create a new user object using data from session. If the login
742 * credentials are invalid, the result is an anonymous user.
743 *
744 * @param WebRequest|null $request Object to use; $wgRequest will be used if omitted.
745 * @return User
746 */
747 public static function newFromSession( WebRequest $request = null ) {
748 $user = new User;
749 $user->mFrom = 'session';
750 $user->mRequest = $request;
751 return $user;
752 }
753
754 /**
755 * Create a new user object from a user row.
756 * The row should have the following fields from the user table in it:
757 * - either user_name or user_id to load further data if needed (or both)
758 * - user_real_name
759 * - all other fields (email, etc.)
760 * It is useless to provide the remaining fields if either user_id,
761 * user_name and user_real_name are not provided because the whole row
762 * will be loaded once more from the database when accessing them.
763 *
764 * @param stdClass $row A row from the user table
765 * @param array|null $data Further data to load into the object
766 * (see User::loadFromRow for valid keys)
767 * @return User
768 */
769 public static function newFromRow( $row, $data = null ) {
770 $user = new User;
771 $user->loadFromRow( $row, $data );
772 return $user;
773 }
774
775 /**
776 * Static factory method for creation of a "system" user from username.
777 *
778 * A "system" user is an account that's used to attribute logged actions
779 * taken by MediaWiki itself, as opposed to a bot or human user. Examples
780 * might include the 'Maintenance script' or 'Conversion script' accounts
781 * used by various scripts in the maintenance/ directory or accounts such
782 * as 'MediaWiki message delivery' used by the MassMessage extension.
783 *
784 * This can optionally create the user if it doesn't exist, and "steal" the
785 * account if it does exist.
786 *
787 * "Stealing" an existing user is intended to make it impossible for normal
788 * authentication processes to use the account, effectively disabling the
789 * account for normal use:
790 * - Email is invalidated, to prevent account recovery by emailing a
791 * temporary password and to disassociate the account from the existing
792 * human.
793 * - The token is set to a magic invalid value, to kill existing sessions
794 * and to prevent $this->setToken() calls from resetting the token to a
795 * valid value.
796 * - SessionManager is instructed to prevent new sessions for the user, to
797 * do things like deauthorizing OAuth consumers.
798 * - AuthManager is instructed to revoke access, to invalidate or remove
799 * passwords and other credentials.
800 *
801 * @param string $name Username
802 * @param array $options Options are:
803 * - validate: As for User::getCanonicalName(), default 'valid'
804 * - create: Whether to create the user if it doesn't already exist, default true
805 * - steal: Whether to "disable" the account for normal use if it already
806 * exists, default false
807 * @return User|null
808 * @since 1.27
809 */
810 public static function newSystemUser( $name, $options = [] ) {
811 $options += [
812 'validate' => 'valid',
813 'create' => true,
814 'steal' => false,
815 ];
816
817 $name = self::getCanonicalName( $name, $options['validate'] );
818 if ( $name === false ) {
819 return null;
820 }
821
822 $dbr = wfGetDB( DB_REPLICA );
823 $userQuery = self::getQueryInfo();
824 $row = $dbr->selectRow(
825 $userQuery['tables'],
826 $userQuery['fields'],
827 [ 'user_name' => $name ],
828 __METHOD__,
829 [],
830 $userQuery['joins']
831 );
832 if ( !$row ) {
833 // Try the master database...
834 $dbw = wfGetDB( DB_MASTER );
835 $row = $dbw->selectRow(
836 $userQuery['tables'],
837 $userQuery['fields'],
838 [ 'user_name' => $name ],
839 __METHOD__,
840 [],
841 $userQuery['joins']
842 );
843 }
844
845 if ( !$row ) {
846 // No user. Create it?
847 return $options['create']
848 ? self::createNew( $name, [ 'token' => self::INVALID_TOKEN ] )
849 : null;
850 }
851
852 $user = self::newFromRow( $row );
853
854 // A user is considered to exist as a non-system user if it can
855 // authenticate, or has an email set, or has a non-invalid token.
856 if ( $user->mEmail || $user->mToken !== self::INVALID_TOKEN ||
857 AuthManager::singleton()->userCanAuthenticate( $name )
858 ) {
859 // User exists. Steal it?
860 if ( !$options['steal'] ) {
861 return null;
862 }
863
864 AuthManager::singleton()->revokeAccessForUser( $name );
865
866 $user->invalidateEmail();
867 $user->mToken = self::INVALID_TOKEN;
868 $user->saveSettings();
869 SessionManager::singleton()->preventSessionsForUser( $user->getName() );
870 }
871
872 return $user;
873 }
874
875 // @}
876
877 /**
878 * Get the username corresponding to a given user ID
879 * @param int $id User ID
880 * @return string|bool The corresponding username
881 */
882 public static function whoIs( $id ) {
883 return UserCache::singleton()->getProp( $id, 'name' );
884 }
885
886 /**
887 * Get the real name of a user given their user ID
888 *
889 * @param int $id User ID
890 * @return string|bool The corresponding user's real name
891 */
892 public static function whoIsReal( $id ) {
893 return UserCache::singleton()->getProp( $id, 'real_name' );
894 }
895
896 /**
897 * Get database id given a user name
898 * @param string $name Username
899 * @param int $flags User::READ_* constant bitfield
900 * @return int|null The corresponding user's ID, or null if user is nonexistent
901 */
902 public static function idFromName( $name, $flags = self::READ_NORMAL ) {
903 $nt = Title::makeTitleSafe( NS_USER, $name );
904 if ( is_null( $nt ) ) {
905 // Illegal name
906 return null;
907 }
908
909 if ( !( $flags & self::READ_LATEST ) && array_key_exists( $name, self::$idCacheByName ) ) {
910 return self::$idCacheByName[$name];
911 }
912
913 list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
914 $db = wfGetDB( $index );
915
916 $s = $db->selectRow(
917 'user',
918 [ 'user_id' ],
919 [ 'user_name' => $nt->getText() ],
920 __METHOD__,
921 $options
922 );
923
924 if ( $s === false ) {
925 $result = null;
926 } else {
927 $result = $s->user_id;
928 }
929
930 self::$idCacheByName[$name] = $result;
931
932 if ( count( self::$idCacheByName ) > 1000 ) {
933 self::$idCacheByName = [];
934 }
935
936 return $result;
937 }
938
939 /**
940 * Reset the cache used in idFromName(). For use in tests.
941 */
942 public static function resetIdByNameCache() {
943 self::$idCacheByName = [];
944 }
945
946 /**
947 * Does the string match an anonymous IP address?
948 *
949 * This function exists for username validation, in order to reject
950 * usernames which are similar in form to IP addresses. Strings such
951 * as 300.300.300.300 will return true because it looks like an IP
952 * address, despite not being strictly valid.
953 *
954 * We match "\d{1,3}\.\d{1,3}\.\d{1,3}\.xxx" as an anonymous IP
955 * address because the usemod software would "cloak" anonymous IP
956 * addresses like this, if we allowed accounts like this to be created
957 * new users could get the old edits of these anonymous users.
958 *
959 * @param string $name Name to match
960 * @return bool
961 */
962 public static function isIP( $name ) {
963 return preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/', $name )
964 || IP::isIPv6( $name );
965 }
966
967 /**
968 * Is the user an IP range?
969 *
970 * @since 1.30
971 * @return bool
972 */
973 public function isIPRange() {
974 return IP::isValidRange( $this->mName );
975 }
976
977 /**
978 * Is the input a valid username?
979 *
980 * Checks if the input is a valid username, we don't want an empty string,
981 * an IP address, anything that contains slashes (would mess up subpages),
982 * is longer than the maximum allowed username size or doesn't begin with
983 * a capital letter.
984 *
985 * @param string $name Name to match
986 * @return bool
987 */
988 public static function isValidUserName( $name ) {
989 global $wgMaxNameChars;
990
991 if ( $name == ''
992 || self::isIP( $name )
993 || strpos( $name, '/' ) !== false
994 || strlen( $name ) > $wgMaxNameChars
995 || $name != MediaWikiServices::getInstance()->getContentLanguage()->ucfirst( $name )
996 ) {
997 return false;
998 }
999
1000 // Ensure that the name can't be misresolved as a different title,
1001 // such as with extra namespace keys at the start.
1002 $parsed = Title::newFromText( $name );
1003 if ( is_null( $parsed )
1004 || $parsed->getNamespace()
1005 || strcmp( $name, $parsed->getPrefixedText() ) ) {
1006 return false;
1007 }
1008
1009 // Check an additional blacklist of troublemaker characters.
1010 // Should these be merged into the title char list?
1011 $unicodeBlacklist = '/[' .
1012 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
1013 '\x{00a0}' . # non-breaking space
1014 '\x{2000}-\x{200f}' . # various whitespace
1015 '\x{2028}-\x{202f}' . # breaks and control chars
1016 '\x{3000}' . # ideographic space
1017 '\x{e000}-\x{f8ff}' . # private use
1018 ']/u';
1019 if ( preg_match( $unicodeBlacklist, $name ) ) {
1020 return false;
1021 }
1022
1023 return true;
1024 }
1025
1026 /**
1027 * Usernames which fail to pass this function will be blocked
1028 * from user login and new account registrations, but may be used
1029 * internally by batch processes.
1030 *
1031 * If an account already exists in this form, login will be blocked
1032 * by a failure to pass this function.
1033 *
1034 * @param string $name Name to match
1035 * @return bool
1036 */
1037 public static function isUsableName( $name ) {
1038 global $wgReservedUsernames;
1039 // Must be a valid username, obviously ;)
1040 if ( !self::isValidUserName( $name ) ) {
1041 return false;
1042 }
1043
1044 static $reservedUsernames = false;
1045 if ( !$reservedUsernames ) {
1046 $reservedUsernames = $wgReservedUsernames;
1047 Hooks::run( 'UserGetReservedNames', [ &$reservedUsernames ] );
1048 }
1049
1050 // Certain names may be reserved for batch processes.
1051 foreach ( $reservedUsernames as $reserved ) {
1052 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
1053 $reserved = wfMessage( substr( $reserved, 4 ) )->inContentLanguage()->text();
1054 }
1055 if ( $reserved == $name ) {
1056 return false;
1057 }
1058 }
1059 return true;
1060 }
1061
1062 /**
1063 * Return the users who are members of the given group(s). In case of multiple groups,
1064 * users who are members of at least one of them are returned.
1065 *
1066 * @param string|array $groups A single group name or an array of group names
1067 * @param int $limit Max number of users to return. The actual limit will never exceed 5000
1068 * records; larger values are ignored.
1069 * @param int|null $after ID the user to start after
1070 * @return UserArrayFromResult
1071 */
1072 public static function findUsersByGroup( $groups, $limit = 5000, $after = null ) {
1073 if ( $groups === [] ) {
1074 return UserArrayFromResult::newFromIDs( [] );
1075 }
1076
1077 $groups = array_unique( (array)$groups );
1078 $limit = min( 5000, $limit );
1079
1080 $conds = [ 'ug_group' => $groups ];
1081 if ( $after !== null ) {
1082 $conds[] = 'ug_user > ' . (int)$after;
1083 }
1084
1085 $dbr = wfGetDB( DB_REPLICA );
1086 $ids = $dbr->selectFieldValues(
1087 'user_groups',
1088 'ug_user',
1089 $conds,
1090 __METHOD__,
1091 [
1092 'DISTINCT' => true,
1093 'ORDER BY' => 'ug_user',
1094 'LIMIT' => $limit,
1095 ]
1096 ) ?: [];
1097 return UserArray::newFromIDs( $ids );
1098 }
1099
1100 /**
1101 * Usernames which fail to pass this function will be blocked
1102 * from new account registrations, but may be used internally
1103 * either by batch processes or by user accounts which have
1104 * already been created.
1105 *
1106 * Additional blacklisting may be added here rather than in
1107 * isValidUserName() to avoid disrupting existing accounts.
1108 *
1109 * @param string $name String to match
1110 * @return bool
1111 */
1112 public static function isCreatableName( $name ) {
1113 global $wgInvalidUsernameCharacters;
1114
1115 // Ensure that the username isn't longer than 235 bytes, so that
1116 // (at least for the builtin skins) user javascript and css files
1117 // will work. (T25080)
1118 if ( strlen( $name ) > 235 ) {
1119 wfDebugLog( 'username', __METHOD__ .
1120 ": '$name' invalid due to length" );
1121 return false;
1122 }
1123
1124 // Preg yells if you try to give it an empty string
1125 if ( $wgInvalidUsernameCharacters !== '' ) {
1126 if ( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
1127 wfDebugLog( 'username', __METHOD__ .
1128 ": '$name' invalid due to wgInvalidUsernameCharacters" );
1129 return false;
1130 }
1131 }
1132
1133 return self::isUsableName( $name );
1134 }
1135
1136 /**
1137 * Is the input a valid password for this user?
1138 *
1139 * @param string $password Desired password
1140 * @return bool
1141 */
1142 public function isValidPassword( $password ) {
1143 // simple boolean wrapper for getPasswordValidity
1144 return $this->getPasswordValidity( $password ) === true;
1145 }
1146
1147 /**
1148 * Given unvalidated password input, return error message on failure.
1149 *
1150 * @param string $password Desired password
1151 * @return bool|string|array True on success, string or array of error message on failure
1152 */
1153 public function getPasswordValidity( $password ) {
1154 $result = $this->checkPasswordValidity( $password );
1155 if ( $result->isGood() ) {
1156 return true;
1157 } else {
1158 $messages = [];
1159 foreach ( $result->getErrorsByType( 'error' ) as $error ) {
1160 $messages[] = $error['message'];
1161 }
1162 foreach ( $result->getErrorsByType( 'warning' ) as $warning ) {
1163 $messages[] = $warning['message'];
1164 }
1165 if ( count( $messages ) === 1 ) {
1166 return $messages[0];
1167 }
1168 return $messages;
1169 }
1170 }
1171
1172 /**
1173 * Check if this is a valid password for this user
1174 *
1175 * Create a Status object based on the password's validity.
1176 * The Status should be set to fatal if the user should not
1177 * be allowed to log in, and should have any errors that
1178 * would block changing the password.
1179 *
1180 * If the return value of this is not OK, the password
1181 * should not be checked. If the return value is not Good,
1182 * the password can be checked, but the user should not be
1183 * able to set their password to this.
1184 *
1185 * @param string $password Desired password
1186 * @return Status
1187 * @since 1.23
1188 */
1189 public function checkPasswordValidity( $password ) {
1190 global $wgPasswordPolicy;
1191
1192 $upp = new UserPasswordPolicy(
1193 $wgPasswordPolicy['policies'],
1194 $wgPasswordPolicy['checks']
1195 );
1196
1197 $status = Status::newGood();
1198 $result = false; // init $result to false for the internal checks
1199
1200 if ( !Hooks::run( 'isValidPassword', [ $password, &$result, $this ] ) ) {
1201 $status->error( $result );
1202 return $status;
1203 }
1204
1205 if ( $result === false ) {
1206 $status->merge( $upp->checkUserPassword( $this, $password ) );
1207 return $status;
1208 } elseif ( $result === true ) {
1209 return $status;
1210 } else {
1211 $status->error( $result );
1212 return $status; // the isValidPassword hook set a string $result and returned true
1213 }
1214 }
1215
1216 /**
1217 * Given unvalidated user input, return a canonical username, or false if
1218 * the username is invalid.
1219 * @param string $name User input
1220 * @param string|bool $validate Type of validation to use:
1221 * - false No validation
1222 * - 'valid' Valid for batch processes
1223 * - 'usable' Valid for batch processes and login
1224 * - 'creatable' Valid for batch processes, login and account creation
1225 *
1226 * @throws InvalidArgumentException
1227 * @return bool|string
1228 */
1229 public static function getCanonicalName( $name, $validate = 'valid' ) {
1230 // Force usernames to capital
1231 $name = MediaWikiServices::getInstance()->getContentLanguage()->ucfirst( $name );
1232
1233 # Reject names containing '#'; these will be cleaned up
1234 # with title normalisation, but then it's too late to
1235 # check elsewhere
1236 if ( strpos( $name, '#' ) !== false ) {
1237 return false;
1238 }
1239
1240 // Clean up name according to title rules,
1241 // but only when validation is requested (T14654)
1242 $t = ( $validate !== false ) ?
1243 Title::newFromText( $name, NS_USER ) : Title::makeTitle( NS_USER, $name );
1244 // Check for invalid titles
1245 if ( is_null( $t ) || $t->getNamespace() !== NS_USER || $t->isExternal() ) {
1246 return false;
1247 }
1248
1249 // Reject various classes of invalid names
1250 $name = AuthManager::callLegacyAuthPlugin(
1251 'getCanonicalName', [ $t->getText() ], $t->getText()
1252 );
1253
1254 switch ( $validate ) {
1255 case false:
1256 break;
1257 case 'valid':
1258 if ( !self::isValidUserName( $name ) ) {
1259 $name = false;
1260 }
1261 break;
1262 case 'usable':
1263 if ( !self::isUsableName( $name ) ) {
1264 $name = false;
1265 }
1266 break;
1267 case 'creatable':
1268 if ( !self::isCreatableName( $name ) ) {
1269 $name = false;
1270 }
1271 break;
1272 default:
1273 throw new InvalidArgumentException(
1274 'Invalid parameter value for $validate in ' . __METHOD__ );
1275 }
1276 return $name;
1277 }
1278
1279 /**
1280 * Return a random password.
1281 *
1282 * @deprecated since 1.27, use PasswordFactory::generateRandomPasswordString()
1283 * @return string New random password
1284 */
1285 public static function randomPassword() {
1286 global $wgMinimalPasswordLength;
1287 return PasswordFactory::generateRandomPasswordString( $wgMinimalPasswordLength );
1288 }
1289
1290 /**
1291 * Set cached properties to default.
1292 *
1293 * @note This no longer clears uncached lazy-initialised properties;
1294 * the constructor does that instead.
1295 *
1296 * @param string|bool $name
1297 */
1298 public function loadDefaults( $name = false ) {
1299 $this->mId = 0;
1300 $this->mName = $name;
1301 $this->mActorId = null;
1302 $this->mRealName = '';
1303 $this->mEmail = '';
1304 $this->mOptionOverrides = null;
1305 $this->mOptionsLoaded = false;
1306
1307 $loggedOut = $this->mRequest && !defined( 'MW_NO_SESSION' )
1308 ? $this->mRequest->getSession()->getLoggedOutTimestamp() : 0;
1309 if ( $loggedOut !== 0 ) {
1310 $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
1311 } else {
1312 $this->mTouched = '1'; # Allow any pages to be cached
1313 }
1314
1315 $this->mToken = null; // Don't run cryptographic functions till we need a token
1316 $this->mEmailAuthenticated = null;
1317 $this->mEmailToken = '';
1318 $this->mEmailTokenExpires = null;
1319 $this->mRegistration = wfTimestamp( TS_MW );
1320 $this->mGroupMemberships = [];
1321
1322 Hooks::run( 'UserLoadDefaults', [ $this, $name ] );
1323 }
1324
1325 /**
1326 * Return whether an item has been loaded.
1327 *
1328 * @param string $item Item to check. Current possibilities:
1329 * - id
1330 * - name
1331 * - realname
1332 * @param string $all 'all' to check if the whole object has been loaded
1333 * or any other string to check if only the item is available (e.g.
1334 * for optimisation)
1335 * @return bool
1336 */
1337 public function isItemLoaded( $item, $all = 'all' ) {
1338 return ( $this->mLoadedItems === true && $all === 'all' ) ||
1339 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
1340 }
1341
1342 /**
1343 * Set that an item has been loaded
1344 *
1345 * @param string $item
1346 */
1347 protected function setItemLoaded( $item ) {
1348 if ( is_array( $this->mLoadedItems ) ) {
1349 $this->mLoadedItems[$item] = true;
1350 }
1351 }
1352
1353 /**
1354 * Load user data from the session.
1355 *
1356 * @return bool True if the user is logged in, false otherwise.
1357 */
1358 private function loadFromSession() {
1359 // Deprecated hook
1360 $result = null;
1361 Hooks::run( 'UserLoadFromSession', [ $this, &$result ], '1.27' );
1362 if ( $result !== null ) {
1363 return $result;
1364 }
1365
1366 // MediaWiki\Session\Session already did the necessary authentication of the user
1367 // returned here, so just use it if applicable.
1368 $session = $this->getRequest()->getSession();
1369 $user = $session->getUser();
1370 if ( $user->isLoggedIn() ) {
1371 $this->loadFromUserObject( $user );
1372 if ( $user->isBlocked() ) {
1373 // If this user is autoblocked, set a cookie to track the Block. This has to be done on
1374 // every session load, because an autoblocked editor might not edit again from the same
1375 // IP address after being blocked.
1376 $this->trackBlockWithCookie();
1377 }
1378
1379 // Other code expects these to be set in the session, so set them.
1380 $session->set( 'wsUserID', $this->getId() );
1381 $session->set( 'wsUserName', $this->getName() );
1382 $session->set( 'wsToken', $this->getToken() );
1383
1384 return true;
1385 }
1386
1387 return false;
1388 }
1389
1390 /**
1391 * Set the 'BlockID' cookie depending on block type and user authentication status.
1392 */
1393 public function trackBlockWithCookie() {
1394 $block = $this->getBlock();
1395 if ( $block && $this->getRequest()->getCookie( 'BlockID' ) === null ) {
1396 $config = RequestContext::getMain()->getConfig();
1397 $shouldSetCookie = false;
1398
1399 if ( $this->isAnon() && $config->get( 'CookieSetOnIpBlock' ) ) {
1400 // If user is logged-out, set a cookie to track the Block
1401 $shouldSetCookie = in_array( $block->getType(), [
1402 Block::TYPE_IP, Block::TYPE_RANGE
1403 ] );
1404 if ( $shouldSetCookie ) {
1405 $block->setCookie( $this->getRequest()->response() );
1406
1407 // temporary measure the use of cookies on ip blocks
1408 $stats = MediaWikiServices::getInstance()->getStatsdDataFactory();
1409 $stats->increment( 'block.ipblock.setCookie.success' );
1410 }
1411 } elseif ( $this->isLoggedIn() && $config->get( 'CookieSetOnAutoblock' ) ) {
1412 $shouldSetCookie = $block->getType() === Block::TYPE_USER && $block->isAutoblocking();
1413 if ( $shouldSetCookie ) {
1414 $block->setCookie( $this->getRequest()->response() );
1415 }
1416 }
1417 }
1418 }
1419
1420 /**
1421 * Load user and user_group data from the database.
1422 * $this->mId must be set, this is how the user is identified.
1423 *
1424 * @param int $flags User::READ_* constant bitfield
1425 * @return bool True if the user exists, false if the user is anonymous
1426 */
1427 public function loadFromDatabase( $flags = self::READ_LATEST ) {
1428 // Paranoia
1429 $this->mId = intval( $this->mId );
1430
1431 if ( !$this->mId ) {
1432 // Anonymous users are not in the database
1433 $this->loadDefaults();
1434 return false;
1435 }
1436
1437 list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
1438 $db = wfGetDB( $index );
1439
1440 $userQuery = self::getQueryInfo();
1441 $s = $db->selectRow(
1442 $userQuery['tables'],
1443 $userQuery['fields'],
1444 [ 'user_id' => $this->mId ],
1445 __METHOD__,
1446 $options,
1447 $userQuery['joins']
1448 );
1449
1450 $this->queryFlagsUsed = $flags;
1451 Hooks::run( 'UserLoadFromDatabase', [ $this, &$s ] );
1452
1453 if ( $s !== false ) {
1454 // Initialise user table data
1455 $this->loadFromRow( $s );
1456 $this->mGroupMemberships = null; // deferred
1457 $this->getEditCount(); // revalidation for nulls
1458 return true;
1459 } else {
1460 // Invalid user_id
1461 $this->mId = 0;
1462 $this->loadDefaults();
1463 return false;
1464 }
1465 }
1466
1467 /**
1468 * Initialize this object from a row from the user table.
1469 *
1470 * @param stdClass $row Row from the user table to load.
1471 * @param array|null $data Further user data to load into the object
1472 *
1473 * user_groups Array of arrays or stdClass result rows out of the user_groups
1474 * table. Previously you were supposed to pass an array of strings
1475 * here, but we also need expiry info nowadays, so an array of
1476 * strings is ignored.
1477 * user_properties Array with properties out of the user_properties table
1478 */
1479 protected function loadFromRow( $row, $data = null ) {
1480 global $wgActorTableSchemaMigrationStage;
1481
1482 if ( !is_object( $row ) ) {
1483 throw new InvalidArgumentException( '$row must be an object' );
1484 }
1485
1486 $all = true;
1487
1488 $this->mGroupMemberships = null; // deferred
1489
1490 if ( $wgActorTableSchemaMigrationStage > MIGRATION_OLD ) {
1491 if ( isset( $row->actor_id ) ) {
1492 $this->mActorId = (int)$row->actor_id;
1493 if ( $this->mActorId !== 0 ) {
1494 $this->mFrom = 'actor';
1495 }
1496 $this->setItemLoaded( 'actor' );
1497 } else {
1498 $all = false;
1499 }
1500 }
1501
1502 if ( isset( $row->user_name ) && $row->user_name !== '' ) {
1503 $this->mName = $row->user_name;
1504 $this->mFrom = 'name';
1505 $this->setItemLoaded( 'name' );
1506 } else {
1507 $all = false;
1508 }
1509
1510 if ( isset( $row->user_real_name ) ) {
1511 $this->mRealName = $row->user_real_name;
1512 $this->setItemLoaded( 'realname' );
1513 } else {
1514 $all = false;
1515 }
1516
1517 if ( isset( $row->user_id ) ) {
1518 $this->mId = intval( $row->user_id );
1519 if ( $this->mId !== 0 ) {
1520 $this->mFrom = 'id';
1521 }
1522 $this->setItemLoaded( 'id' );
1523 } else {
1524 $all = false;
1525 }
1526
1527 if ( isset( $row->user_id ) && isset( $row->user_name ) && $row->user_name !== '' ) {
1528 self::$idCacheByName[$row->user_name] = $row->user_id;
1529 }
1530
1531 if ( isset( $row->user_editcount ) ) {
1532 $this->mEditCount = $row->user_editcount;
1533 } else {
1534 $all = false;
1535 }
1536
1537 if ( isset( $row->user_touched ) ) {
1538 $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
1539 } else {
1540 $all = false;
1541 }
1542
1543 if ( isset( $row->user_token ) ) {
1544 // The definition for the column is binary(32), so trim the NULs
1545 // that appends. The previous definition was char(32), so trim
1546 // spaces too.
1547 $this->mToken = rtrim( $row->user_token, " \0" );
1548 if ( $this->mToken === '' ) {
1549 $this->mToken = null;
1550 }
1551 } else {
1552 $all = false;
1553 }
1554
1555 if ( isset( $row->user_email ) ) {
1556 $this->mEmail = $row->user_email;
1557 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1558 $this->mEmailToken = $row->user_email_token;
1559 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1560 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1561 } else {
1562 $all = false;
1563 }
1564
1565 if ( $all ) {
1566 $this->mLoadedItems = true;
1567 }
1568
1569 if ( is_array( $data ) ) {
1570 if ( isset( $data['user_groups'] ) && is_array( $data['user_groups'] ) ) {
1571 if ( !count( $data['user_groups'] ) ) {
1572 $this->mGroupMemberships = [];
1573 } else {
1574 $firstGroup = reset( $data['user_groups'] );
1575 if ( is_array( $firstGroup ) || is_object( $firstGroup ) ) {
1576 $this->mGroupMemberships = [];
1577 foreach ( $data['user_groups'] as $row ) {
1578 $ugm = UserGroupMembership::newFromRow( (object)$row );
1579 $this->mGroupMemberships[$ugm->getGroup()] = $ugm;
1580 }
1581 }
1582 }
1583 }
1584 if ( isset( $data['user_properties'] ) && is_array( $data['user_properties'] ) ) {
1585 $this->loadOptions( $data['user_properties'] );
1586 }
1587 }
1588 }
1589
1590 /**
1591 * Load the data for this user object from another user object.
1592 *
1593 * @param User $user
1594 */
1595 protected function loadFromUserObject( $user ) {
1596 $user->load();
1597 foreach ( self::$mCacheVars as $var ) {
1598 $this->$var = $user->$var;
1599 }
1600 }
1601
1602 /**
1603 * Load the groups from the database if they aren't already loaded.
1604 */
1605 private function loadGroups() {
1606 if ( is_null( $this->mGroupMemberships ) ) {
1607 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
1608 ? wfGetDB( DB_MASTER )
1609 : wfGetDB( DB_REPLICA );
1610 $this->mGroupMemberships = UserGroupMembership::getMembershipsForUser(
1611 $this->mId, $db );
1612 }
1613 }
1614
1615 /**
1616 * Add the user to the group if he/she meets given criteria.
1617 *
1618 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1619 * possible to remove manually via Special:UserRights. In such case it
1620 * will not be re-added automatically. The user will also not lose the
1621 * group if they no longer meet the criteria.
1622 *
1623 * @param string $event Key in $wgAutopromoteOnce (each one has groups/criteria)
1624 *
1625 * @return array Array of groups the user has been promoted to.
1626 *
1627 * @see $wgAutopromoteOnce
1628 */
1629 public function addAutopromoteOnceGroups( $event ) {
1630 global $wgAutopromoteOnceLogInRC;
1631
1632 if ( wfReadOnly() || !$this->getId() ) {
1633 return [];
1634 }
1635
1636 $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1637 if ( !count( $toPromote ) ) {
1638 return [];
1639 }
1640
1641 if ( !$this->checkAndSetTouched() ) {
1642 return []; // raced out (bug T48834)
1643 }
1644
1645 $oldGroups = $this->getGroups(); // previous groups
1646 $oldUGMs = $this->getGroupMemberships();
1647 foreach ( $toPromote as $group ) {
1648 $this->addGroup( $group );
1649 }
1650 $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1651 $newUGMs = $this->getGroupMemberships();
1652
1653 // update groups in external authentication database
1654 Hooks::run( 'UserGroupsChanged', [ $this, $toPromote, [], false, false, $oldUGMs, $newUGMs ] );
1655 AuthManager::callLegacyAuthPlugin( 'updateExternalDBGroups', [ $this, $toPromote ] );
1656
1657 $logEntry = new ManualLogEntry( 'rights', 'autopromote' );
1658 $logEntry->setPerformer( $this );
1659 $logEntry->setTarget( $this->getUserPage() );
1660 $logEntry->setParameters( [
1661 '4::oldgroups' => $oldGroups,
1662 '5::newgroups' => $newGroups,
1663 ] );
1664 $logid = $logEntry->insert();
1665 if ( $wgAutopromoteOnceLogInRC ) {
1666 $logEntry->publish( $logid );
1667 }
1668
1669 return $toPromote;
1670 }
1671
1672 /**
1673 * Builds update conditions. Additional conditions may be added to $conditions to
1674 * protected against race conditions using a compare-and-set (CAS) mechanism
1675 * based on comparing $this->mTouched with the user_touched field.
1676 *
1677 * @param Database $db
1678 * @param array $conditions WHERE conditions for use with Database::update
1679 * @return array WHERE conditions for use with Database::update
1680 */
1681 protected function makeUpdateConditions( Database $db, array $conditions ) {
1682 if ( $this->mTouched ) {
1683 // CAS check: only update if the row wasn't changed sicne it was loaded.
1684 $conditions['user_touched'] = $db->timestamp( $this->mTouched );
1685 }
1686
1687 return $conditions;
1688 }
1689
1690 /**
1691 * Bump user_touched if it didn't change since this object was loaded
1692 *
1693 * On success, the mTouched field is updated.
1694 * The user serialization cache is always cleared.
1695 *
1696 * @return bool Whether user_touched was actually updated
1697 * @since 1.26
1698 */
1699 protected function checkAndSetTouched() {
1700 $this->load();
1701
1702 if ( !$this->mId ) {
1703 return false; // anon
1704 }
1705
1706 // Get a new user_touched that is higher than the old one
1707 $newTouched = $this->newTouchedTimestamp();
1708
1709 $dbw = wfGetDB( DB_MASTER );
1710 $dbw->update( 'user',
1711 [ 'user_touched' => $dbw->timestamp( $newTouched ) ],
1712 $this->makeUpdateConditions( $dbw, [
1713 'user_id' => $this->mId,
1714 ] ),
1715 __METHOD__
1716 );
1717 $success = ( $dbw->affectedRows() > 0 );
1718
1719 if ( $success ) {
1720 $this->mTouched = $newTouched;
1721 $this->clearSharedCache();
1722 } else {
1723 // Clears on failure too since that is desired if the cache is stale
1724 $this->clearSharedCache( 'refresh' );
1725 }
1726
1727 return $success;
1728 }
1729
1730 /**
1731 * Clear various cached data stored in this object. The cache of the user table
1732 * data (i.e. self::$mCacheVars) is not cleared unless $reloadFrom is given.
1733 *
1734 * @param bool|string $reloadFrom Reload user and user_groups table data from a
1735 * given source. May be "name", "id", "actor", "defaults", "session", or false for no reload.
1736 */
1737 public function clearInstanceCache( $reloadFrom = false ) {
1738 $this->mNewtalk = -1;
1739 $this->mDatePreference = null;
1740 $this->mBlockedby = -1; # Unset
1741 $this->mHash = false;
1742 $this->mRights = null;
1743 $this->mEffectiveGroups = null;
1744 $this->mImplicitGroups = null;
1745 $this->mGroupMemberships = null;
1746 $this->mOptions = null;
1747 $this->mOptionsLoaded = false;
1748 $this->mEditCount = null;
1749
1750 if ( $reloadFrom ) {
1751 $this->mLoadedItems = [];
1752 $this->mFrom = $reloadFrom;
1753 }
1754 }
1755
1756 /**
1757 * Combine the language default options with any site-specific options
1758 * and add the default language variants.
1759 *
1760 * @return array Array of String options
1761 */
1762 public static function getDefaultOptions() {
1763 global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgDefaultSkin;
1764
1765 static $defOpt = null;
1766 static $defOptLang = null;
1767
1768 $contLang = MediaWikiServices::getInstance()->getContentLanguage();
1769 if ( $defOpt !== null && $defOptLang === $contLang->getCode() ) {
1770 // The content language does not change (and should not change) mid-request, but the
1771 // unit tests change it anyway, and expect this method to return values relevant to the
1772 // current content language.
1773 return $defOpt;
1774 }
1775
1776 $defOpt = $wgDefaultUserOptions;
1777 // Default language setting
1778 $defOptLang = $contLang->getCode();
1779 $defOpt['language'] = $defOptLang;
1780 foreach ( LanguageConverter::$languagesWithVariants as $langCode ) {
1781 if ( $langCode === $contLang->getCode() ) {
1782 $defOpt['variant'] = $langCode;
1783 } else {
1784 $defOpt["variant-$langCode"] = $langCode;
1785 }
1786 }
1787
1788 // NOTE: don't use SearchEngineConfig::getSearchableNamespaces here,
1789 // since extensions may change the set of searchable namespaces depending
1790 // on user groups/permissions.
1791 foreach ( $wgNamespacesToBeSearchedDefault as $nsnum => $val ) {
1792 $defOpt['searchNs' . $nsnum] = (bool)$val;
1793 }
1794 $defOpt['skin'] = Skin::normalizeKey( $wgDefaultSkin );
1795
1796 Hooks::run( 'UserGetDefaultOptions', [ &$defOpt ] );
1797
1798 return $defOpt;
1799 }
1800
1801 /**
1802 * Get a given default option value.
1803 *
1804 * @param string $opt Name of option to retrieve
1805 * @return string Default option value
1806 */
1807 public static function getDefaultOption( $opt ) {
1808 $defOpts = self::getDefaultOptions();
1809 if ( isset( $defOpts[$opt] ) ) {
1810 return $defOpts[$opt];
1811 } else {
1812 return null;
1813 }
1814 }
1815
1816 /**
1817 * Get blocking information
1818 * @param bool $bFromSlave Whether to check the replica DB first.
1819 * To improve performance, non-critical checks are done against replica DBs.
1820 * Check when actually saving should be done against master.
1821 */
1822 private function getBlockedStatus( $bFromSlave = true ) {
1823 global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff, $wgSoftBlockRanges;
1824
1825 if ( -1 != $this->mBlockedby ) {
1826 return;
1827 }
1828
1829 wfDebug( __METHOD__ . ": checking...\n" );
1830
1831 // Initialize data...
1832 // Otherwise something ends up stomping on $this->mBlockedby when
1833 // things get lazy-loaded later, causing false positive block hits
1834 // due to -1 !== 0. Probably session-related... Nothing should be
1835 // overwriting mBlockedby, surely?
1836 $this->load();
1837
1838 # We only need to worry about passing the IP address to the Block generator if the
1839 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1840 # know which IP address they're actually coming from
1841 $ip = null;
1842 if ( !$this->isAllowed( 'ipblock-exempt' ) ) {
1843 // $wgUser->getName() only works after the end of Setup.php. Until
1844 // then, assume it's a logged-out user.
1845 $globalUserName = $wgUser->isSafeToLoad()
1846 ? $wgUser->getName()
1847 : IP::sanitizeIP( $wgUser->getRequest()->getIP() );
1848 if ( $this->getName() === $globalUserName ) {
1849 $ip = $this->getRequest()->getIP();
1850 }
1851 }
1852
1853 // User/IP blocking
1854 $block = Block::newFromTarget( $this, $ip, !$bFromSlave );
1855
1856 // Cookie blocking
1857 if ( !$block instanceof Block ) {
1858 $block = $this->getBlockFromCookieValue( $this->getRequest()->getCookie( 'BlockID' ) );
1859 }
1860
1861 // Proxy blocking
1862 if ( !$block instanceof Block && $ip !== null && !in_array( $ip, $wgProxyWhitelist ) ) {
1863 // Local list
1864 if ( self::isLocallyBlockedProxy( $ip ) ) {
1865 $block = new Block( [
1866 'byText' => wfMessage( 'proxyblocker' )->text(),
1867 'reason' => wfMessage( 'proxyblockreason' )->plain(),
1868 'address' => $ip,
1869 'systemBlock' => 'proxy',
1870 ] );
1871 } elseif ( $this->isAnon() && $this->isDnsBlacklisted( $ip ) ) {
1872 $block = new Block( [
1873 'byText' => wfMessage( 'sorbs' )->text(),
1874 'reason' => wfMessage( 'sorbsreason' )->plain(),
1875 'address' => $ip,
1876 'systemBlock' => 'dnsbl',
1877 ] );
1878 }
1879 }
1880
1881 // (T25343) Apply IP blocks to the contents of XFF headers, if enabled
1882 if ( !$block instanceof Block
1883 && $wgApplyIpBlocksToXff
1884 && $ip !== null
1885 && !in_array( $ip, $wgProxyWhitelist )
1886 ) {
1887 $xff = $this->getRequest()->getHeader( 'X-Forwarded-For' );
1888 $xff = array_map( 'trim', explode( ',', $xff ) );
1889 $xff = array_diff( $xff, [ $ip ] );
1890 $xffblocks = Block::getBlocksForIPList( $xff, $this->isAnon(), !$bFromSlave );
1891 $block = Block::chooseBlock( $xffblocks, $xff );
1892 if ( $block instanceof Block ) {
1893 # Mangle the reason to alert the user that the block
1894 # originated from matching the X-Forwarded-For header.
1895 $block->mReason = wfMessage( 'xffblockreason', $block->mReason )->plain();
1896 }
1897 }
1898
1899 if ( !$block instanceof Block
1900 && $ip !== null
1901 && $this->isAnon()
1902 && IP::isInRanges( $ip, $wgSoftBlockRanges )
1903 ) {
1904 $block = new Block( [
1905 'address' => $ip,
1906 'byText' => 'MediaWiki default',
1907 'reason' => wfMessage( 'softblockrangesreason', $ip )->plain(),
1908 'anonOnly' => true,
1909 'systemBlock' => 'wgSoftBlockRanges',
1910 ] );
1911 }
1912
1913 if ( $block instanceof Block ) {
1914 wfDebug( __METHOD__ . ": Found block.\n" );
1915 $this->mBlock = $block;
1916 $this->mBlockedby = $block->getByName();
1917 $this->mBlockreason = $block->mReason;
1918 $this->mHideName = $block->mHideName;
1919 $this->mAllowUsertalk = !$block->prevents( 'editownusertalk' );
1920 } else {
1921 $this->mBlock = null;
1922 $this->mBlockedby = '';
1923 $this->mBlockreason = '';
1924 $this->mHideName = 0;
1925 $this->mAllowUsertalk = false;
1926 }
1927
1928 // Avoid PHP 7.1 warning of passing $this by reference
1929 $user = $this;
1930 // Extensions
1931 Hooks::run( 'GetBlockedStatus', [ &$user ] );
1932 }
1933
1934 /**
1935 * Try to load a Block from an ID given in a cookie value.
1936 * @param string|null $blockCookieVal The cookie value to check.
1937 * @return Block|bool The Block object, or false if none could be loaded.
1938 */
1939 protected function getBlockFromCookieValue( $blockCookieVal ) {
1940 // Make sure there's something to check. The cookie value must start with a number.
1941 if ( strlen( $blockCookieVal ) < 1 || !is_numeric( substr( $blockCookieVal, 0, 1 ) ) ) {
1942 return false;
1943 }
1944 // Load the Block from the ID in the cookie.
1945 $blockCookieId = Block::getIdFromCookieValue( $blockCookieVal );
1946 if ( $blockCookieId !== null ) {
1947 // An ID was found in the cookie.
1948 $tmpBlock = Block::newFromID( $blockCookieId );
1949 if ( $tmpBlock instanceof Block ) {
1950 $config = RequestContext::getMain()->getConfig();
1951
1952 switch ( $tmpBlock->getType() ) {
1953 case Block::TYPE_USER:
1954 $blockIsValid = !$tmpBlock->isExpired() && $tmpBlock->isAutoblocking();
1955 $useBlockCookie = ( $config->get( 'CookieSetOnAutoblock' ) === true );
1956 break;
1957 case Block::TYPE_IP:
1958 case Block::TYPE_RANGE:
1959 // If block is type IP or IP range, load only if user is not logged in (T152462)
1960 $blockIsValid = !$tmpBlock->isExpired() && !$this->isLoggedIn();
1961 $useBlockCookie = ( $config->get( 'CookieSetOnIpBlock' ) === true );
1962 break;
1963 default:
1964 $blockIsValid = false;
1965 $useBlockCookie = false;
1966 }
1967
1968 if ( $blockIsValid && $useBlockCookie ) {
1969 // Use the block.
1970 return $tmpBlock;
1971 } else {
1972 // If the block is not valid, remove the cookie.
1973 Block::clearCookie( $this->getRequest()->response() );
1974 }
1975 } else {
1976 // If the block doesn't exist, remove the cookie.
1977 Block::clearCookie( $this->getRequest()->response() );
1978 }
1979 }
1980 return false;
1981 }
1982
1983 /**
1984 * Whether the given IP is in a DNS blacklist.
1985 *
1986 * @param string $ip IP to check
1987 * @param bool $checkWhitelist Whether to check the whitelist first
1988 * @return bool True if blacklisted.
1989 */
1990 public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1991 global $wgEnableDnsBlacklist, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1992
1993 if ( !$wgEnableDnsBlacklist ) {
1994 return false;
1995 }
1996
1997 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) ) {
1998 return false;
1999 }
2000
2001 return $this->inDnsBlacklist( $ip, $wgDnsBlacklistUrls );
2002 }
2003
2004 /**
2005 * Whether the given IP is in a given DNS blacklist.
2006 *
2007 * @param string $ip IP to check
2008 * @param string|array $bases Array of Strings: URL of the DNS blacklist
2009 * @return bool True if blacklisted.
2010 */
2011 public function inDnsBlacklist( $ip, $bases ) {
2012 $found = false;
2013 // @todo FIXME: IPv6 ??? (https://bugs.php.net/bug.php?id=33170)
2014 if ( IP::isIPv4( $ip ) ) {
2015 // Reverse IP, T23255
2016 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
2017
2018 foreach ( (array)$bases as $base ) {
2019 // Make hostname
2020 // If we have an access key, use that too (ProjectHoneypot, etc.)
2021 $basename = $base;
2022 if ( is_array( $base ) ) {
2023 if ( count( $base ) >= 2 ) {
2024 // Access key is 1, base URL is 0
2025 $host = "{$base[1]}.$ipReversed.{$base[0]}";
2026 } else {
2027 $host = "$ipReversed.{$base[0]}";
2028 }
2029 $basename = $base[0];
2030 } else {
2031 $host = "$ipReversed.$base";
2032 }
2033
2034 // Send query
2035 $ipList = gethostbynamel( $host );
2036
2037 if ( $ipList ) {
2038 wfDebugLog( 'dnsblacklist', "Hostname $host is {$ipList[0]}, it's a proxy says $basename!" );
2039 $found = true;
2040 break;
2041 } else {
2042 wfDebugLog( 'dnsblacklist', "Requested $host, not found in $basename." );
2043 }
2044 }
2045 }
2046
2047 return $found;
2048 }
2049
2050 /**
2051 * Check if an IP address is in the local proxy list
2052 *
2053 * @param string $ip
2054 *
2055 * @return bool
2056 */
2057 public static function isLocallyBlockedProxy( $ip ) {
2058 global $wgProxyList;
2059
2060 if ( !$wgProxyList ) {
2061 return false;
2062 }
2063
2064 if ( !is_array( $wgProxyList ) ) {
2065 // Load values from the specified file
2066 $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
2067 }
2068
2069 $resultProxyList = [];
2070 $deprecatedIPEntries = [];
2071
2072 // backward compatibility: move all ip addresses in keys to values
2073 foreach ( $wgProxyList as $key => $value ) {
2074 $keyIsIP = IP::isIPAddress( $key );
2075 $valueIsIP = IP::isIPAddress( $value );
2076 if ( $keyIsIP && !$valueIsIP ) {
2077 $deprecatedIPEntries[] = $key;
2078 $resultProxyList[] = $key;
2079 } elseif ( $keyIsIP && $valueIsIP ) {
2080 $deprecatedIPEntries[] = $key;
2081 $resultProxyList[] = $key;
2082 $resultProxyList[] = $value;
2083 } else {
2084 $resultProxyList[] = $value;
2085 }
2086 }
2087
2088 if ( $deprecatedIPEntries ) {
2089 wfDeprecated(
2090 'IP addresses in the keys of $wgProxyList (found the following IP addresses in keys: ' .
2091 implode( ', ', $deprecatedIPEntries ) . ', please move them to values)', '1.30' );
2092 }
2093
2094 $proxyListIPSet = new IPSet( $resultProxyList );
2095 return $proxyListIPSet->match( $ip );
2096 }
2097
2098 /**
2099 * Is this user subject to rate limiting?
2100 *
2101 * @return bool True if rate limited
2102 */
2103 public function isPingLimitable() {
2104 global $wgRateLimitsExcludedIPs;
2105 if ( IP::isInRanges( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
2106 // No other good way currently to disable rate limits
2107 // for specific IPs. :P
2108 // But this is a crappy hack and should die.
2109 return false;
2110 }
2111 return !$this->isAllowed( 'noratelimit' );
2112 }
2113
2114 /**
2115 * Primitive rate limits: enforce maximum actions per time period
2116 * to put a brake on flooding.
2117 *
2118 * The method generates both a generic profiling point and a per action one
2119 * (suffix being "-$action".
2120 *
2121 * @note When using a shared cache like memcached, IP-address
2122 * last-hit counters will be shared across wikis.
2123 *
2124 * @param string $action Action to enforce; 'edit' if unspecified
2125 * @param int $incrBy Positive amount to increment counter by [defaults to 1]
2126 * @return bool True if a rate limiter was tripped
2127 */
2128 public function pingLimiter( $action = 'edit', $incrBy = 1 ) {
2129 // Avoid PHP 7.1 warning of passing $this by reference
2130 $user = $this;
2131 // Call the 'PingLimiter' hook
2132 $result = false;
2133 if ( !Hooks::run( 'PingLimiter', [ &$user, $action, &$result, $incrBy ] ) ) {
2134 return $result;
2135 }
2136
2137 global $wgRateLimits;
2138 if ( !isset( $wgRateLimits[$action] ) ) {
2139 return false;
2140 }
2141
2142 $limits = array_merge(
2143 [ '&can-bypass' => true ],
2144 $wgRateLimits[$action]
2145 );
2146
2147 // Some groups shouldn't trigger the ping limiter, ever
2148 if ( $limits['&can-bypass'] && !$this->isPingLimitable() ) {
2149 return false;
2150 }
2151
2152 $keys = [];
2153 $id = $this->getId();
2154 $userLimit = false;
2155 $isNewbie = $this->isNewbie();
2156 $cache = ObjectCache::getLocalClusterInstance();
2157
2158 if ( $id == 0 ) {
2159 // limits for anons
2160 if ( isset( $limits['anon'] ) ) {
2161 $keys[$cache->makeKey( 'limiter', $action, 'anon' )] = $limits['anon'];
2162 }
2163 } else {
2164 // limits for logged-in users
2165 if ( isset( $limits['user'] ) ) {
2166 $userLimit = $limits['user'];
2167 }
2168 }
2169
2170 // limits for anons and for newbie logged-in users
2171 if ( $isNewbie ) {
2172 // ip-based limits
2173 if ( isset( $limits['ip'] ) ) {
2174 $ip = $this->getRequest()->getIP();
2175 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
2176 }
2177 // subnet-based limits
2178 if ( isset( $limits['subnet'] ) ) {
2179 $ip = $this->getRequest()->getIP();
2180 $subnet = IP::getSubnet( $ip );
2181 if ( $subnet !== false ) {
2182 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
2183 }
2184 }
2185 }
2186
2187 // Check for group-specific permissions
2188 // If more than one group applies, use the group with the highest limit ratio (max/period)
2189 foreach ( $this->getGroups() as $group ) {
2190 if ( isset( $limits[$group] ) ) {
2191 if ( $userLimit === false
2192 || $limits[$group][0] / $limits[$group][1] > $userLimit[0] / $userLimit[1]
2193 ) {
2194 $userLimit = $limits[$group];
2195 }
2196 }
2197 }
2198
2199 // limits for newbie logged-in users (override all the normal user limits)
2200 if ( $id !== 0 && $isNewbie && isset( $limits['newbie'] ) ) {
2201 $userLimit = $limits['newbie'];
2202 }
2203
2204 // Set the user limit key
2205 if ( $userLimit !== false ) {
2206 list( $max, $period ) = $userLimit;
2207 wfDebug( __METHOD__ . ": effective user limit: $max in {$period}s\n" );
2208 $keys[$cache->makeKey( 'limiter', $action, 'user', $id )] = $userLimit;
2209 }
2210
2211 // ip-based limits for all ping-limitable users
2212 if ( isset( $limits['ip-all'] ) ) {
2213 $ip = $this->getRequest()->getIP();
2214 // ignore if user limit is more permissive
2215 if ( $isNewbie || $userLimit === false
2216 || $limits['ip-all'][0] / $limits['ip-all'][1] > $userLimit[0] / $userLimit[1] ) {
2217 $keys["mediawiki:limiter:$action:ip-all:$ip"] = $limits['ip-all'];
2218 }
2219 }
2220
2221 // subnet-based limits for all ping-limitable users
2222 if ( isset( $limits['subnet-all'] ) ) {
2223 $ip = $this->getRequest()->getIP();
2224 $subnet = IP::getSubnet( $ip );
2225 if ( $subnet !== false ) {
2226 // ignore if user limit is more permissive
2227 if ( $isNewbie || $userLimit === false
2228 || $limits['ip-all'][0] / $limits['ip-all'][1]
2229 > $userLimit[0] / $userLimit[1] ) {
2230 $keys["mediawiki:limiter:$action:subnet-all:$subnet"] = $limits['subnet-all'];
2231 }
2232 }
2233 }
2234
2235 $triggered = false;
2236 foreach ( $keys as $key => $limit ) {
2237 list( $max, $period ) = $limit;
2238 $summary = "(limit $max in {$period}s)";
2239 $count = $cache->get( $key );
2240 // Already pinged?
2241 if ( $count ) {
2242 if ( $count >= $max ) {
2243 wfDebugLog( 'ratelimit', "User '{$this->getName()}' " .
2244 "(IP {$this->getRequest()->getIP()}) tripped $key at $count $summary" );
2245 $triggered = true;
2246 } else {
2247 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
2248 }
2249 } else {
2250 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
2251 if ( $incrBy > 0 ) {
2252 $cache->add( $key, 0, intval( $period ) ); // first ping
2253 }
2254 }
2255 if ( $incrBy > 0 ) {
2256 $cache->incr( $key, $incrBy );
2257 }
2258 }
2259
2260 return $triggered;
2261 }
2262
2263 /**
2264 * Check if user is blocked
2265 *
2266 * @param bool $bFromSlave Whether to check the replica DB instead of
2267 * the master. Hacked from false due to horrible probs on site.
2268 * @return bool True if blocked, false otherwise
2269 */
2270 public function isBlocked( $bFromSlave = true ) {
2271 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
2272 }
2273
2274 /**
2275 * Get the block affecting the user, or null if the user is not blocked
2276 *
2277 * @param bool $bFromSlave Whether to check the replica DB instead of the master
2278 * @return Block|null
2279 */
2280 public function getBlock( $bFromSlave = true ) {
2281 $this->getBlockedStatus( $bFromSlave );
2282 return $this->mBlock instanceof Block ? $this->mBlock : null;
2283 }
2284
2285 /**
2286 * Check if user is blocked from editing a particular article
2287 *
2288 * @param Title $title Title to check
2289 * @param bool $bFromSlave Whether to check the replica DB instead of the master
2290 * @return bool
2291 */
2292 public function isBlockedFrom( $title, $bFromSlave = false ) {
2293 global $wgBlockAllowsUTEdit;
2294
2295 $blocked = $this->isBlocked( $bFromSlave );
2296 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
2297 // If a user's name is suppressed, they cannot make edits anywhere
2298 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName()
2299 && $title->getNamespace() == NS_USER_TALK ) {
2300 $blocked = false;
2301 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
2302 }
2303
2304 Hooks::run( 'UserIsBlockedFrom', [ $this, $title, &$blocked, &$allowUsertalk ] );
2305
2306 return $blocked;
2307 }
2308
2309 /**
2310 * If user is blocked, return the name of the user who placed the block
2311 * @return string Name of blocker
2312 */
2313 public function blockedBy() {
2314 $this->getBlockedStatus();
2315 return $this->mBlockedby;
2316 }
2317
2318 /**
2319 * If user is blocked, return the specified reason for the block
2320 * @return string Blocking reason
2321 */
2322 public function blockedFor() {
2323 $this->getBlockedStatus();
2324 return $this->mBlockreason;
2325 }
2326
2327 /**
2328 * If user is blocked, return the ID for the block
2329 * @return int Block ID
2330 */
2331 public function getBlockId() {
2332 $this->getBlockedStatus();
2333 return ( $this->mBlock ? $this->mBlock->getId() : false );
2334 }
2335
2336 /**
2337 * Check if user is blocked on all wikis.
2338 * Do not use for actual edit permission checks!
2339 * This is intended for quick UI checks.
2340 *
2341 * @param string $ip IP address, uses current client if none given
2342 * @return bool True if blocked, false otherwise
2343 */
2344 public function isBlockedGlobally( $ip = '' ) {
2345 return $this->getGlobalBlock( $ip ) instanceof Block;
2346 }
2347
2348 /**
2349 * Check if user is blocked on all wikis.
2350 * Do not use for actual edit permission checks!
2351 * This is intended for quick UI checks.
2352 *
2353 * @param string $ip IP address, uses current client if none given
2354 * @return Block|null Block object if blocked, null otherwise
2355 * @throws FatalError
2356 * @throws MWException
2357 */
2358 public function getGlobalBlock( $ip = '' ) {
2359 if ( $this->mGlobalBlock !== null ) {
2360 return $this->mGlobalBlock ?: null;
2361 }
2362 // User is already an IP?
2363 if ( IP::isIPAddress( $this->getName() ) ) {
2364 $ip = $this->getName();
2365 } elseif ( !$ip ) {
2366 $ip = $this->getRequest()->getIP();
2367 }
2368 // Avoid PHP 7.1 warning of passing $this by reference
2369 $user = $this;
2370 $blocked = false;
2371 $block = null;
2372 Hooks::run( 'UserIsBlockedGlobally', [ &$user, $ip, &$blocked, &$block ] );
2373
2374 if ( $blocked && $block === null ) {
2375 // back-compat: UserIsBlockedGlobally didn't have $block param first
2376 $block = new Block( [
2377 'address' => $ip,
2378 'systemBlock' => 'global-block'
2379 ] );
2380 }
2381
2382 $this->mGlobalBlock = $blocked ? $block : false;
2383 return $this->mGlobalBlock ?: null;
2384 }
2385
2386 /**
2387 * Check if user account is locked
2388 *
2389 * @return bool True if locked, false otherwise
2390 */
2391 public function isLocked() {
2392 if ( $this->mLocked !== null ) {
2393 return $this->mLocked;
2394 }
2395 // Avoid PHP 7.1 warning of passing $this by reference
2396 $user = $this;
2397 $authUser = AuthManager::callLegacyAuthPlugin( 'getUserInstance', [ &$user ], null );
2398 $this->mLocked = $authUser && $authUser->isLocked();
2399 Hooks::run( 'UserIsLocked', [ $this, &$this->mLocked ] );
2400 return $this->mLocked;
2401 }
2402
2403 /**
2404 * Check if user account is hidden
2405 *
2406 * @return bool True if hidden, false otherwise
2407 */
2408 public function isHidden() {
2409 if ( $this->mHideName !== null ) {
2410 return $this->mHideName;
2411 }
2412 $this->getBlockedStatus();
2413 if ( !$this->mHideName ) {
2414 // Avoid PHP 7.1 warning of passing $this by reference
2415 $user = $this;
2416 $authUser = AuthManager::callLegacyAuthPlugin( 'getUserInstance', [ &$user ], null );
2417 $this->mHideName = $authUser && $authUser->isHidden();
2418 Hooks::run( 'UserIsHidden', [ $this, &$this->mHideName ] );
2419 }
2420 return $this->mHideName;
2421 }
2422
2423 /**
2424 * Get the user's ID.
2425 * @return int The user's ID; 0 if the user is anonymous or nonexistent
2426 */
2427 public function getId() {
2428 if ( $this->mId === null && $this->mName !== null && self::isIP( $this->mName ) ) {
2429 // Special case, we know the user is anonymous
2430 return 0;
2431 } elseif ( !$this->isItemLoaded( 'id' ) ) {
2432 // Don't load if this was initialized from an ID
2433 $this->load();
2434 }
2435
2436 return (int)$this->mId;
2437 }
2438
2439 /**
2440 * Set the user and reload all fields according to a given ID
2441 * @param int $v User ID to reload
2442 */
2443 public function setId( $v ) {
2444 $this->mId = $v;
2445 $this->clearInstanceCache( 'id' );
2446 }
2447
2448 /**
2449 * Get the user name, or the IP of an anonymous user
2450 * @return string User's name or IP address
2451 */
2452 public function getName() {
2453 if ( $this->isItemLoaded( 'name', 'only' ) ) {
2454 // Special case optimisation
2455 return $this->mName;
2456 } else {
2457 $this->load();
2458 if ( $this->mName === false ) {
2459 // Clean up IPs
2460 $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
2461 }
2462 return $this->mName;
2463 }
2464 }
2465
2466 /**
2467 * Set the user name.
2468 *
2469 * This does not reload fields from the database according to the given
2470 * name. Rather, it is used to create a temporary "nonexistent user" for
2471 * later addition to the database. It can also be used to set the IP
2472 * address for an anonymous user to something other than the current
2473 * remote IP.
2474 *
2475 * @note User::newFromName() has roughly the same function, when the named user
2476 * does not exist.
2477 * @param string $str New user name to set
2478 */
2479 public function setName( $str ) {
2480 $this->load();
2481 $this->mName = $str;
2482 }
2483
2484 /**
2485 * Get the user's actor ID.
2486 * @since 1.31
2487 * @param IDatabase|null $dbw Assign a new actor ID, using this DB handle, if none exists
2488 * @return int The actor's ID, or 0 if no actor ID exists and $dbw was null
2489 */
2490 public function getActorId( IDatabase $dbw = null ) {
2491 global $wgActorTableSchemaMigrationStage;
2492
2493 if ( $wgActorTableSchemaMigrationStage <= MIGRATION_OLD ) {
2494 return 0;
2495 }
2496
2497 if ( !$this->isItemLoaded( 'actor' ) ) {
2498 $this->load();
2499 }
2500
2501 // Currently $this->mActorId might be null if $this was loaded from a
2502 // cache entry that was written when $wgActorTableSchemaMigrationStage
2503 // was MIGRATION_OLD. Once that is no longer a possibility (i.e. when
2504 // User::VERSION is incremented after $wgActorTableSchemaMigrationStage
2505 // has been removed), that condition may be removed.
2506 if ( $this->mActorId === null || !$this->mActorId && $dbw ) {
2507 $q = [
2508 'actor_user' => $this->getId() ?: null,
2509 'actor_name' => (string)$this->getName(),
2510 ];
2511 if ( $dbw ) {
2512 if ( $q['actor_user'] === null && self::isUsableName( $q['actor_name'] ) ) {
2513 throw new CannotCreateActorException(
2514 'Cannot create an actor for a usable name that is not an existing user'
2515 );
2516 }
2517 if ( $q['actor_name'] === '' ) {
2518 throw new CannotCreateActorException( 'Cannot create an actor for a user with no name' );
2519 }
2520 $dbw->insert( 'actor', $q, __METHOD__, [ 'IGNORE' ] );
2521 if ( $dbw->affectedRows() ) {
2522 $this->mActorId = (int)$dbw->insertId();
2523 } else {
2524 // Outdated cache?
2525 list( , $options ) = DBAccessObjectUtils::getDBOptions( $this->queryFlagsUsed );
2526 $this->mActorId = (int)$dbw->selectField( 'actor', 'actor_id', $q, __METHOD__, $options );
2527 if ( !$this->mActorId ) {
2528 throw new CannotCreateActorException(
2529 "Cannot create actor ID for user_id={$this->getId()} user_name={$this->getName()}"
2530 );
2531 }
2532 }
2533 $this->invalidateCache();
2534 } else {
2535 list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $this->queryFlagsUsed );
2536 $db = wfGetDB( $index );
2537 $this->mActorId = (int)$db->selectField( 'actor', 'actor_id', $q, __METHOD__, $options );
2538 }
2539 $this->setItemLoaded( 'actor' );
2540 }
2541
2542 return (int)$this->mActorId;
2543 }
2544
2545 /**
2546 * Get the user's name escaped by underscores.
2547 * @return string Username escaped by underscores.
2548 */
2549 public function getTitleKey() {
2550 return str_replace( ' ', '_', $this->getName() );
2551 }
2552
2553 /**
2554 * Check if the user has new messages.
2555 * @return bool True if the user has new messages
2556 */
2557 public function getNewtalk() {
2558 $this->load();
2559
2560 // Load the newtalk status if it is unloaded (mNewtalk=-1)
2561 if ( $this->mNewtalk === -1 ) {
2562 $this->mNewtalk = false; # reset talk page status
2563
2564 // Check memcached separately for anons, who have no
2565 // entire User object stored in there.
2566 if ( !$this->mId ) {
2567 global $wgDisableAnonTalk;
2568 if ( $wgDisableAnonTalk ) {
2569 // Anon newtalk disabled by configuration.
2570 $this->mNewtalk = false;
2571 } else {
2572 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName() );
2573 }
2574 } else {
2575 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
2576 }
2577 }
2578
2579 return (bool)$this->mNewtalk;
2580 }
2581
2582 /**
2583 * Return the data needed to construct links for new talk page message
2584 * alerts. If there are new messages, this will return an associative array
2585 * with the following data:
2586 * wiki: The database name of the wiki
2587 * link: Root-relative link to the user's talk page
2588 * rev: The last talk page revision that the user has seen or null. This
2589 * is useful for building diff links.
2590 * If there are no new messages, it returns an empty array.
2591 * @note This function was designed to accomodate multiple talk pages, but
2592 * currently only returns a single link and revision.
2593 * @return array
2594 */
2595 public function getNewMessageLinks() {
2596 // Avoid PHP 7.1 warning of passing $this by reference
2597 $user = $this;
2598 $talks = [];
2599 if ( !Hooks::run( 'UserRetrieveNewTalks', [ &$user, &$talks ] ) ) {
2600 return $talks;
2601 } elseif ( !$this->getNewtalk() ) {
2602 return [];
2603 }
2604 $utp = $this->getTalkPage();
2605 $dbr = wfGetDB( DB_REPLICA );
2606 // Get the "last viewed rev" timestamp from the oldest message notification
2607 $timestamp = $dbr->selectField( 'user_newtalk',
2608 'MIN(user_last_timestamp)',
2609 $this->isAnon() ? [ 'user_ip' => $this->getName() ] : [ 'user_id' => $this->getId() ],
2610 __METHOD__ );
2611 $rev = $timestamp ? Revision::loadFromTimestamp( $dbr, $utp, $timestamp ) : null;
2612 return [ [ 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL(), 'rev' => $rev ] ];
2613 }
2614
2615 /**
2616 * Get the revision ID for the last talk page revision viewed by the talk
2617 * page owner.
2618 * @return int|null Revision ID or null
2619 */
2620 public function getNewMessageRevisionId() {
2621 $newMessageRevisionId = null;
2622 $newMessageLinks = $this->getNewMessageLinks();
2623 if ( $newMessageLinks ) {
2624 // Note: getNewMessageLinks() never returns more than a single link
2625 // and it is always for the same wiki, but we double-check here in
2626 // case that changes some time in the future.
2627 if ( count( $newMessageLinks ) === 1
2628 && $newMessageLinks[0]['wiki'] === wfWikiID()
2629 && $newMessageLinks[0]['rev']
2630 ) {
2631 /** @var Revision $newMessageRevision */
2632 $newMessageRevision = $newMessageLinks[0]['rev'];
2633 $newMessageRevisionId = $newMessageRevision->getId();
2634 }
2635 }
2636 return $newMessageRevisionId;
2637 }
2638
2639 /**
2640 * Internal uncached check for new messages
2641 *
2642 * @see getNewtalk()
2643 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2644 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2645 * @return bool True if the user has new messages
2646 */
2647 protected function checkNewtalk( $field, $id ) {
2648 $dbr = wfGetDB( DB_REPLICA );
2649
2650 $ok = $dbr->selectField( 'user_newtalk', $field, [ $field => $id ], __METHOD__ );
2651
2652 return $ok !== false;
2653 }
2654
2655 /**
2656 * Add or update the new messages flag
2657 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2658 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2659 * @param Revision|null $curRev New, as yet unseen revision of the user talk page. Ignored if null.
2660 * @return bool True if successful, false otherwise
2661 */
2662 protected function updateNewtalk( $field, $id, $curRev = null ) {
2663 // Get timestamp of the talk page revision prior to the current one
2664 $prevRev = $curRev ? $curRev->getPrevious() : false;
2665 $ts = $prevRev ? $prevRev->getTimestamp() : null;
2666 // Mark the user as having new messages since this revision
2667 $dbw = wfGetDB( DB_MASTER );
2668 $dbw->insert( 'user_newtalk',
2669 [ $field => $id, 'user_last_timestamp' => $dbw->timestampOrNull( $ts ) ],
2670 __METHOD__,
2671 'IGNORE' );
2672 if ( $dbw->affectedRows() ) {
2673 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
2674 return true;
2675 } else {
2676 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
2677 return false;
2678 }
2679 }
2680
2681 /**
2682 * Clear the new messages flag for the given user
2683 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2684 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2685 * @return bool True if successful, false otherwise
2686 */
2687 protected function deleteNewtalk( $field, $id ) {
2688 $dbw = wfGetDB( DB_MASTER );
2689 $dbw->delete( 'user_newtalk',
2690 [ $field => $id ],
2691 __METHOD__ );
2692 if ( $dbw->affectedRows() ) {
2693 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
2694 return true;
2695 } else {
2696 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
2697 return false;
2698 }
2699 }
2700
2701 /**
2702 * Update the 'You have new messages!' status.
2703 * @param bool $val Whether the user has new messages
2704 * @param Revision|null $curRev New, as yet unseen revision of the user talk
2705 * page. Ignored if null or !$val.
2706 */
2707 public function setNewtalk( $val, $curRev = null ) {
2708 if ( wfReadOnly() ) {
2709 return;
2710 }
2711
2712 $this->load();
2713 $this->mNewtalk = $val;
2714
2715 if ( $this->isAnon() ) {
2716 $field = 'user_ip';
2717 $id = $this->getName();
2718 } else {
2719 $field = 'user_id';
2720 $id = $this->getId();
2721 }
2722
2723 if ( $val ) {
2724 $changed = $this->updateNewtalk( $field, $id, $curRev );
2725 } else {
2726 $changed = $this->deleteNewtalk( $field, $id );
2727 }
2728
2729 if ( $changed ) {
2730 $this->invalidateCache();
2731 }
2732 }
2733
2734 /**
2735 * Generate a current or new-future timestamp to be stored in the
2736 * user_touched field when we update things.
2737 * @return string Timestamp in TS_MW format
2738 */
2739 private function newTouchedTimestamp() {
2740 global $wgClockSkewFudge;
2741
2742 $time = wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
2743 if ( $this->mTouched && $time <= $this->mTouched ) {
2744 $time = wfTimestamp( TS_MW, wfTimestamp( TS_UNIX, $this->mTouched ) + 1 );
2745 }
2746
2747 return $time;
2748 }
2749
2750 /**
2751 * Clear user data from memcached
2752 *
2753 * Use after applying updates to the database; caller's
2754 * responsibility to update user_touched if appropriate.
2755 *
2756 * Called implicitly from invalidateCache() and saveSettings().
2757 *
2758 * @param string $mode Use 'refresh' to clear now; otherwise before DB commit
2759 */
2760 public function clearSharedCache( $mode = 'changed' ) {
2761 if ( !$this->getId() ) {
2762 return;
2763 }
2764
2765 $cache = ObjectCache::getMainWANInstance();
2766 $key = $this->getCacheKey( $cache );
2767 if ( $mode === 'refresh' ) {
2768 $cache->delete( $key, 1 );
2769 } else {
2770 $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
2771 if ( $lb->hasOrMadeRecentMasterChanges() ) {
2772 $lb->getConnection( DB_MASTER )->onTransactionPreCommitOrIdle(
2773 function () use ( $cache, $key ) {
2774 $cache->delete( $key );
2775 },
2776 __METHOD__
2777 );
2778 } else {
2779 $cache->delete( $key );
2780 }
2781 }
2782 }
2783
2784 /**
2785 * Immediately touch the user data cache for this account
2786 *
2787 * Calls touch() and removes account data from memcached
2788 */
2789 public function invalidateCache() {
2790 $this->touch();
2791 $this->clearSharedCache();
2792 }
2793
2794 /**
2795 * Update the "touched" timestamp for the user
2796 *
2797 * This is useful on various login/logout events when making sure that
2798 * a browser or proxy that has multiple tenants does not suffer cache
2799 * pollution where the new user sees the old users content. The value
2800 * of getTouched() is checked when determining 304 vs 200 responses.
2801 * Unlike invalidateCache(), this preserves the User object cache and
2802 * avoids database writes.
2803 *
2804 * @since 1.25
2805 */
2806 public function touch() {
2807 $id = $this->getId();
2808 if ( $id ) {
2809 $cache = MediaWikiServices::getInstance()->getMainWANObjectCache();
2810 $key = $cache->makeKey( 'user-quicktouched', 'id', $id );
2811 $cache->touchCheckKey( $key );
2812 $this->mQuickTouched = null;
2813 }
2814 }
2815
2816 /**
2817 * Validate the cache for this account.
2818 * @param string $timestamp A timestamp in TS_MW format
2819 * @return bool
2820 */
2821 public function validateCache( $timestamp ) {
2822 return ( $timestamp >= $this->getTouched() );
2823 }
2824
2825 /**
2826 * Get the user touched timestamp
2827 *
2828 * Use this value only to validate caches via inequalities
2829 * such as in the case of HTTP If-Modified-Since response logic
2830 *
2831 * @return string TS_MW Timestamp
2832 */
2833 public function getTouched() {
2834 $this->load();
2835
2836 if ( $this->mId ) {
2837 if ( $this->mQuickTouched === null ) {
2838 $cache = MediaWikiServices::getInstance()->getMainWANObjectCache();
2839 $key = $cache->makeKey( 'user-quicktouched', 'id', $this->mId );
2840
2841 $this->mQuickTouched = wfTimestamp( TS_MW, $cache->getCheckKeyTime( $key ) );
2842 }
2843
2844 return max( $this->mTouched, $this->mQuickTouched );
2845 }
2846
2847 return $this->mTouched;
2848 }
2849
2850 /**
2851 * Get the user_touched timestamp field (time of last DB updates)
2852 * @return string TS_MW Timestamp
2853 * @since 1.26
2854 */
2855 public function getDBTouched() {
2856 $this->load();
2857
2858 return $this->mTouched;
2859 }
2860
2861 /**
2862 * Set the password and reset the random token.
2863 * Calls through to authentication plugin if necessary;
2864 * will have no effect if the auth plugin refuses to
2865 * pass the change through or if the legal password
2866 * checks fail.
2867 *
2868 * As a special case, setting the password to null
2869 * wipes it, so the account cannot be logged in until
2870 * a new password is set, for instance via e-mail.
2871 *
2872 * @deprecated since 1.27, use AuthManager instead
2873 * @param string $str New password to set
2874 * @throws PasswordError On failure
2875 * @return bool
2876 */
2877 public function setPassword( $str ) {
2878 return $this->setPasswordInternal( $str );
2879 }
2880
2881 /**
2882 * Set the password and reset the random token unconditionally.
2883 *
2884 * @deprecated since 1.27, use AuthManager instead
2885 * @param string|null $str New password to set or null to set an invalid
2886 * password hash meaning that the user will not be able to log in
2887 * through the web interface.
2888 */
2889 public function setInternalPassword( $str ) {
2890 $this->setPasswordInternal( $str );
2891 }
2892
2893 /**
2894 * Actually set the password and such
2895 * @since 1.27 cannot set a password for a user not in the database
2896 * @param string|null $str New password to set or null to set an invalid
2897 * password hash meaning that the user will not be able to log in
2898 * through the web interface.
2899 * @return bool Success
2900 */
2901 private function setPasswordInternal( $str ) {
2902 $manager = AuthManager::singleton();
2903
2904 // If the user doesn't exist yet, fail
2905 if ( !$manager->userExists( $this->getName() ) ) {
2906 throw new LogicException( 'Cannot set a password for a user that is not in the database.' );
2907 }
2908
2909 $status = $this->changeAuthenticationData( [
2910 'username' => $this->getName(),
2911 'password' => $str,
2912 'retype' => $str,
2913 ] );
2914 if ( !$status->isGood() ) {
2915 \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' )
2916 ->info( __METHOD__ . ': Password change rejected: '
2917 . $status->getWikiText( null, null, 'en' ) );
2918 return false;
2919 }
2920
2921 $this->setOption( 'watchlisttoken', false );
2922 SessionManager::singleton()->invalidateSessionsForUser( $this );
2923
2924 return true;
2925 }
2926
2927 /**
2928 * Changes credentials of the user.
2929 *
2930 * This is a convenience wrapper around AuthManager::changeAuthenticationData.
2931 * Note that this can return a status that isOK() but not isGood() on certain types of failures,
2932 * e.g. when no provider handled the change.
2933 *
2934 * @param array $data A set of authentication data in fieldname => value format. This is the
2935 * same data you would pass the changeauthenticationdata API - 'username', 'password' etc.
2936 * @return Status
2937 * @since 1.27
2938 */
2939 public function changeAuthenticationData( array $data ) {
2940 $manager = AuthManager::singleton();
2941 $reqs = $manager->getAuthenticationRequests( AuthManager::ACTION_CHANGE, $this );
2942 $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
2943
2944 $status = Status::newGood( 'ignored' );
2945 foreach ( $reqs as $req ) {
2946 $status->merge( $manager->allowsAuthenticationDataChange( $req ), true );
2947 }
2948 if ( $status->getValue() === 'ignored' ) {
2949 $status->warning( 'authenticationdatachange-ignored' );
2950 }
2951
2952 if ( $status->isGood() ) {
2953 foreach ( $reqs as $req ) {
2954 $manager->changeAuthenticationData( $req );
2955 }
2956 }
2957 return $status;
2958 }
2959
2960 /**
2961 * Get the user's current token.
2962 * @param bool $forceCreation Force the generation of a new token if the
2963 * user doesn't have one (default=true for backwards compatibility).
2964 * @return string|null Token
2965 */
2966 public function getToken( $forceCreation = true ) {
2967 global $wgAuthenticationTokenVersion;
2968
2969 $this->load();
2970 if ( !$this->mToken && $forceCreation ) {
2971 $this->setToken();
2972 }
2973
2974 if ( !$this->mToken ) {
2975 // The user doesn't have a token, return null to indicate that.
2976 return null;
2977 } elseif ( $this->mToken === self::INVALID_TOKEN ) {
2978 // We return a random value here so existing token checks are very
2979 // likely to fail.
2980 return MWCryptRand::generateHex( self::TOKEN_LENGTH );
2981 } elseif ( $wgAuthenticationTokenVersion === null ) {
2982 // $wgAuthenticationTokenVersion not in use, so return the raw secret
2983 return $this->mToken;
2984 } else {
2985 // $wgAuthenticationTokenVersion in use, so hmac it.
2986 $ret = MWCryptHash::hmac( $wgAuthenticationTokenVersion, $this->mToken, false );
2987
2988 // The raw hash can be overly long. Shorten it up.
2989 $len = max( 32, self::TOKEN_LENGTH );
2990 if ( strlen( $ret ) < $len ) {
2991 // Should never happen, even md5 is 128 bits
2992 throw new \UnexpectedValueException( 'Hmac returned less than 128 bits' );
2993 }
2994 return substr( $ret, -$len );
2995 }
2996 }
2997
2998 /**
2999 * Set the random token (used for persistent authentication)
3000 * Called from loadDefaults() among other places.
3001 *
3002 * @param string|bool $token If specified, set the token to this value
3003 */
3004 public function setToken( $token = false ) {
3005 $this->load();
3006 if ( $this->mToken === self::INVALID_TOKEN ) {
3007 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
3008 ->debug( __METHOD__ . ": Ignoring attempt to set token for system user \"$this\"" );
3009 } elseif ( !$token ) {
3010 $this->mToken = MWCryptRand::generateHex( self::TOKEN_LENGTH );
3011 } else {
3012 $this->mToken = $token;
3013 }
3014 }
3015
3016 /**
3017 * Set the password for a password reminder or new account email
3018 *
3019 * @deprecated Removed in 1.27. Use PasswordReset instead.
3020 * @param string $str New password to set or null to set an invalid
3021 * password hash meaning that the user will not be able to use it
3022 * @param bool $throttle If true, reset the throttle timestamp to the present
3023 */
3024 public function setNewpassword( $str, $throttle = true ) {
3025 throw new BadMethodCallException( __METHOD__ . ' has been removed in 1.27' );
3026 }
3027
3028 /**
3029 * Get the user's e-mail address
3030 * @return string User's email address
3031 */
3032 public function getEmail() {
3033 $this->load();
3034 Hooks::run( 'UserGetEmail', [ $this, &$this->mEmail ] );
3035 return $this->mEmail;
3036 }
3037
3038 /**
3039 * Get the timestamp of the user's e-mail authentication
3040 * @return string TS_MW timestamp
3041 */
3042 public function getEmailAuthenticationTimestamp() {
3043 $this->load();
3044 Hooks::run( 'UserGetEmailAuthenticationTimestamp', [ $this, &$this->mEmailAuthenticated ] );
3045 return $this->mEmailAuthenticated;
3046 }
3047
3048 /**
3049 * Set the user's e-mail address
3050 * @param string $str New e-mail address
3051 */
3052 public function setEmail( $str ) {
3053 $this->load();
3054 if ( $str == $this->mEmail ) {
3055 return;
3056 }
3057 $this->invalidateEmail();
3058 $this->mEmail = $str;
3059 Hooks::run( 'UserSetEmail', [ $this, &$this->mEmail ] );
3060 }
3061