d6d4db25f32cf5fb0b6a04a05f485d2f015c0aff
[lhc/web/wiklou.git] / includes / user / User.php
1 <?php
2 /**
3 * Implements the User class for the %MediaWiki software.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 use MediaWiki\MediaWikiServices;
24 use MediaWiki\Session\SessionManager;
25 use MediaWiki\Session\Token;
26 use MediaWiki\Auth\AuthManager;
27 use MediaWiki\Auth\AuthenticationResponse;
28 use MediaWiki\Auth\AuthenticationRequest;
29 use MediaWiki\User\UserIdentity;
30 use Wikimedia\IPSet;
31 use Wikimedia\ScopedCallback;
32 use Wikimedia\Rdbms\Database;
33 use Wikimedia\Rdbms\DBExpectedError;
34 use Wikimedia\Rdbms\IDatabase;
35
36 /**
37 * The User object encapsulates all of the user-specific settings (user_id,
38 * name, rights, email address, options, last login time). Client
39 * classes use the getXXX() functions to access these fields. These functions
40 * do all the work of determining whether the user is logged in,
41 * whether the requested option can be satisfied from cookies or
42 * whether a database query is needed. Most of the settings needed
43 * for rendering normal pages are set in the cookie to minimize use
44 * of the database.
45 */
46 class User implements IDBAccessObject, UserIdentity {
47 /**
48 * @const int Number of characters in user_token field.
49 */
50 const TOKEN_LENGTH = 32;
51
52 /**
53 * @const string An invalid value for user_token
54 */
55 const INVALID_TOKEN = '*** INVALID ***';
56
57 /**
58 * Global constant made accessible as class constants so that autoloader
59 * magic can be used.
60 * @deprecated since 1.27, use \MediaWiki\Session\Token::SUFFIX
61 */
62 const EDIT_TOKEN_SUFFIX = Token::SUFFIX;
63
64 /**
65 * @const int Serialized record version.
66 */
67 const VERSION = 12;
68
69 /**
70 * Exclude user options that are set to their default value.
71 * @since 1.25
72 */
73 const GETOPTIONS_EXCLUDE_DEFAULTS = 1;
74
75 /**
76 * @since 1.27
77 */
78 const CHECK_USER_RIGHTS = true;
79
80 /**
81 * @since 1.27
82 */
83 const IGNORE_USER_RIGHTS = false;
84
85 /**
86 * Array of Strings List of member variables which are saved to the
87 * shared cache (memcached). Any operation which changes the
88 * corresponding database fields must call a cache-clearing function.
89 * @showinitializer
90 */
91 protected static $mCacheVars = [
92 // user table
93 'mId',
94 'mName',
95 'mRealName',
96 'mEmail',
97 'mTouched',
98 'mToken',
99 'mEmailAuthenticated',
100 'mEmailToken',
101 'mEmailTokenExpires',
102 'mRegistration',
103 'mEditCount',
104 // user_groups table
105 'mGroupMemberships',
106 // user_properties table
107 'mOptionOverrides',
108 // actor table
109 'mActorId',
110 ];
111
112 /**
113 * Array of Strings Core rights.
114 * Each of these should have a corresponding message of the form
115 * "right-$right".
116 * @showinitializer
117 */
118 protected static $mCoreRights = [
119 'apihighlimits',
120 'applychangetags',
121 'autoconfirmed',
122 'autocreateaccount',
123 'autopatrol',
124 'bigdelete',
125 'block',
126 'blockemail',
127 'bot',
128 'browsearchive',
129 'changetags',
130 'createaccount',
131 'createpage',
132 'createtalk',
133 'delete',
134 'deletechangetags',
135 'deletedhistory',
136 'deletedtext',
137 'deletelogentry',
138 'deleterevision',
139 'edit',
140 'editcontentmodel',
141 'editinterface',
142 'editprotected',
143 'editmyoptions',
144 'editmyprivateinfo',
145 'editmyusercss',
146 'editmyuserjson',
147 'editmyuserjs',
148 'editmywatchlist',
149 'editsemiprotected',
150 'editsitecss',
151 'editsitejson',
152 'editsitejs',
153 'editusercss',
154 'edituserjson',
155 'edituserjs',
156 'hideuser',
157 'import',
158 'importupload',
159 'ipblock-exempt',
160 'managechangetags',
161 'markbotedits',
162 'mergehistory',
163 'minoredit',
164 'move',
165 'movefile',
166 'move-categorypages',
167 'move-rootuserpages',
168 'move-subpages',
169 'nominornewtalk',
170 'noratelimit',
171 'override-export-depth',
172 'pagelang',
173 'patrol',
174 'patrolmarks',
175 'protect',
176 'purge',
177 'read',
178 'reupload',
179 'reupload-own',
180 'reupload-shared',
181 'rollback',
182 'sendemail',
183 'siteadmin',
184 'suppressionlog',
185 'suppressredirect',
186 'suppressrevision',
187 'unblockself',
188 'undelete',
189 'unwatchedpages',
190 'upload',
191 'upload_by_url',
192 'userrights',
193 'userrights-interwiki',
194 'viewmyprivateinfo',
195 'viewmywatchlist',
196 'viewsuppressed',
197 'writeapi',
198 ];
199
200 /**
201 * String Cached results of getAllRights()
202 */
203 protected static $mAllRights = false;
204
205 /** Cache variables */
206 // @{
207 /** @var int */
208 public $mId;
209 /** @var string */
210 public $mName;
211 /** @var int|null */
212 protected $mActorId;
213 /** @var string */
214 public $mRealName;
215
216 /** @var string */
217 public $mEmail;
218 /** @var string TS_MW timestamp from the DB */
219 public $mTouched;
220 /** @var string TS_MW timestamp from cache */
221 protected $mQuickTouched;
222 /** @var string */
223 protected $mToken;
224 /** @var string */
225 public $mEmailAuthenticated;
226 /** @var string */
227 protected $mEmailToken;
228 /** @var string */
229 protected $mEmailTokenExpires;
230 /** @var string */
231 protected $mRegistration;
232 /** @var int */
233 protected $mEditCount;
234 /** @var UserGroupMembership[] Associative array of (group name => UserGroupMembership object) */
235 protected $mGroupMemberships;
236 /** @var array */
237 protected $mOptionOverrides;
238 // @}
239
240 /**
241 * Bool Whether the cache variables have been loaded.
242 */
243 // @{
244 public $mOptionsLoaded;
245
246 /**
247 * Array with already loaded items or true if all items have been loaded.
248 */
249 protected $mLoadedItems = [];
250 // @}
251
252 /**
253 * String Initialization data source if mLoadedItems!==true. May be one of:
254 * - 'defaults' anonymous user initialised from class defaults
255 * - 'name' initialise from mName
256 * - 'id' initialise from mId
257 * - 'actor' initialise from mActorId
258 * - 'session' log in from session if possible
259 *
260 * Use the User::newFrom*() family of functions to set this.
261 */
262 public $mFrom;
263
264 /**
265 * Lazy-initialized variables, invalidated with clearInstanceCache
266 */
267 protected $mNewtalk;
268 /** @var string */
269 protected $mDatePreference;
270 /** @var string */
271 public $mBlockedby;
272 /** @var string */
273 protected $mHash;
274 /** @var array */
275 public $mRights;
276 /** @var string */
277 protected $mBlockreason;
278 /** @var array */
279 protected $mEffectiveGroups;
280 /** @var array */
281 protected $mImplicitGroups;
282 /** @var array */
283 protected $mFormerGroups;
284 /** @var Block */
285 protected $mGlobalBlock;
286 /** @var bool */
287 protected $mLocked;
288 /** @var bool */
289 public $mHideName;
290 /** @var array */
291 public $mOptions;
292
293 /** @var WebRequest */
294 private $mRequest;
295
296 /** @var Block */
297 public $mBlock;
298
299 /** @var bool */
300 protected $mAllowUsertalk;
301
302 /** @var Block */
303 private $mBlockedFromCreateAccount = false;
304
305 /** @var int User::READ_* constant bitfield used to load data */
306 protected $queryFlagsUsed = self::READ_NORMAL;
307
308 public static $idCacheByName = [];
309
310 /**
311 * Lightweight constructor for an anonymous user.
312 * Use the User::newFrom* factory functions for other kinds of users.
313 *
314 * @see newFromName()
315 * @see newFromId()
316 * @see newFromActorId()
317 * @see newFromConfirmationCode()
318 * @see newFromSession()
319 * @see newFromRow()
320 */
321 public function __construct() {
322 $this->clearInstanceCache( 'defaults' );
323 }
324
325 /**
326 * @return string
327 */
328 public function __toString() {
329 return (string)$this->getName();
330 }
331
332 /**
333 * Test if it's safe to load this User object.
334 *
335 * You should typically check this before using $wgUser or
336 * RequestContext::getUser in a method that might be called before the
337 * system has been fully initialized. If the object is unsafe, you should
338 * use an anonymous user:
339 * \code
340 * $user = $wgUser->isSafeToLoad() ? $wgUser : new User;
341 * \endcode
342 *
343 * @since 1.27
344 * @return bool
345 */
346 public function isSafeToLoad() {
347 global $wgFullyInitialised;
348
349 // The user is safe to load if:
350 // * MW_NO_SESSION is undefined AND $wgFullyInitialised is true (safe to use session data)
351 // * mLoadedItems === true (already loaded)
352 // * mFrom !== 'session' (sessions not involved at all)
353
354 return ( !defined( 'MW_NO_SESSION' ) && $wgFullyInitialised ) ||
355 $this->mLoadedItems === true || $this->mFrom !== 'session';
356 }
357
358 /**
359 * Load the user table data for this object from the source given by mFrom.
360 *
361 * @param int $flags User::READ_* constant bitfield
362 */
363 public function load( $flags = self::READ_NORMAL ) {
364 global $wgFullyInitialised;
365
366 if ( $this->mLoadedItems === true ) {
367 return;
368 }
369
370 // Set it now to avoid infinite recursion in accessors
371 $oldLoadedItems = $this->mLoadedItems;
372 $this->mLoadedItems = true;
373 $this->queryFlagsUsed = $flags;
374
375 // If this is called too early, things are likely to break.
376 if ( !$wgFullyInitialised && $this->mFrom === 'session' ) {
377 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
378 ->warning( 'User::loadFromSession called before the end of Setup.php', [
379 'exception' => new Exception( 'User::loadFromSession called before the end of Setup.php' ),
380 ] );
381 $this->loadDefaults();
382 $this->mLoadedItems = $oldLoadedItems;
383 return;
384 }
385
386 switch ( $this->mFrom ) {
387 case 'defaults':
388 $this->loadDefaults();
389 break;
390 case 'name':
391 // Make sure this thread sees its own changes
392 $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
393 if ( $lb->hasOrMadeRecentMasterChanges() ) {
394 $flags |= self::READ_LATEST;
395 $this->queryFlagsUsed = $flags;
396 }
397
398 $this->mId = self::idFromName( $this->mName, $flags );
399 if ( !$this->mId ) {
400 // Nonexistent user placeholder object
401 $this->loadDefaults( $this->mName );
402 } else {
403 $this->loadFromId( $flags );
404 }
405 break;
406 case 'id':
407 // Make sure this thread sees its own changes, if the ID isn't 0
408 if ( $this->mId != 0 ) {
409 $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
410 if ( $lb->hasOrMadeRecentMasterChanges() ) {
411 $flags |= self::READ_LATEST;
412 $this->queryFlagsUsed = $flags;
413 }
414 }
415
416 $this->loadFromId( $flags );
417 break;
418 case 'actor':
419 // Make sure this thread sees its own changes
420 $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
421 if ( $lb->hasOrMadeRecentMasterChanges() ) {
422 $flags |= self::READ_LATEST;
423 $this->queryFlagsUsed = $flags;
424 }
425
426 list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
427 $row = wfGetDB( $index )->selectRow(
428 'actor',
429 [ 'actor_user', 'actor_name' ],
430 [ 'actor_id' => $this->mActorId ],
431 __METHOD__,
432 $options
433 );
434
435 if ( !$row ) {
436 // Ugh.
437 $this->loadDefaults();
438 } elseif ( $row->actor_user ) {
439 $this->mId = $row->actor_user;
440 $this->loadFromId( $flags );
441 } else {
442 $this->loadDefaults( $row->actor_name );
443 }
444 break;
445 case 'session':
446 if ( !$this->loadFromSession() ) {
447 // Loading from session failed. Load defaults.
448 $this->loadDefaults();
449 }
450 Hooks::run( 'UserLoadAfterLoadFromSession', [ $this ] );
451 break;
452 default:
453 throw new UnexpectedValueException(
454 "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
455 }
456 }
457
458 /**
459 * Load user table data, given mId has already been set.
460 * @param int $flags User::READ_* constant bitfield
461 * @return bool False if the ID does not exist, true otherwise
462 */
463 public function loadFromId( $flags = self::READ_NORMAL ) {
464 if ( $this->mId == 0 ) {
465 // Anonymous users are not in the database (don't need cache)
466 $this->loadDefaults();
467 return false;
468 }
469
470 // Try cache (unless this needs data from the master DB).
471 // NOTE: if this thread called saveSettings(), the cache was cleared.
472 $latest = DBAccessObjectUtils::hasFlags( $flags, self::READ_LATEST );
473 if ( $latest ) {
474 if ( !$this->loadFromDatabase( $flags ) ) {
475 // Can't load from ID
476 return false;
477 }
478 } else {
479 $this->loadFromCache();
480 }
481
482 $this->mLoadedItems = true;
483 $this->queryFlagsUsed = $flags;
484
485 return true;
486 }
487
488 /**
489 * @since 1.27
490 * @param string $wikiId
491 * @param int $userId
492 */
493 public static function purge( $wikiId, $userId ) {
494 $cache = ObjectCache::getMainWANInstance();
495 $key = $cache->makeGlobalKey( 'user', 'id', $wikiId, $userId );
496 $cache->delete( $key );
497 }
498
499 /**
500 * @since 1.27
501 * @param WANObjectCache $cache
502 * @return string
503 */
504 protected function getCacheKey( WANObjectCache $cache ) {
505 return $cache->makeGlobalKey( 'user', 'id', wfWikiID(), $this->mId );
506 }
507
508 /**
509 * @param WANObjectCache $cache
510 * @return string[]
511 * @since 1.28
512 */
513 public function getMutableCacheKeys( WANObjectCache $cache ) {
514 $id = $this->getId();
515
516 return $id ? [ $this->getCacheKey( $cache ) ] : [];
517 }
518
519 /**
520 * Load user data from shared cache, given mId has already been set.
521 *
522 * @return bool True
523 * @since 1.25
524 */
525 protected function loadFromCache() {
526 $cache = ObjectCache::getMainWANInstance();
527 $data = $cache->getWithSetCallback(
528 $this->getCacheKey( $cache ),
529 $cache::TTL_HOUR,
530 function ( $oldValue, &$ttl, array &$setOpts ) use ( $cache ) {
531 $setOpts += Database::getCacheSetOptions( wfGetDB( DB_REPLICA ) );
532 wfDebug( "User: cache miss for user {$this->mId}\n" );
533
534 $this->loadFromDatabase( self::READ_NORMAL );
535 $this->loadGroups();
536 $this->loadOptions();
537
538 $data = [];
539 foreach ( self::$mCacheVars as $name ) {
540 $data[$name] = $this->$name;
541 }
542
543 $ttl = $cache->adaptiveTTL( wfTimestamp( TS_UNIX, $this->mTouched ), $ttl );
544
545 // if a user group membership is about to expire, the cache needs to
546 // expire at that time (T163691)
547 foreach ( $this->mGroupMemberships as $ugm ) {
548 if ( $ugm->getExpiry() ) {
549 $secondsUntilExpiry = wfTimestamp( TS_UNIX, $ugm->getExpiry() ) - time();
550 if ( $secondsUntilExpiry > 0 && $secondsUntilExpiry < $ttl ) {
551 $ttl = $secondsUntilExpiry;
552 }
553 }
554 }
555
556 return $data;
557 },
558 [ 'pcTTL' => $cache::TTL_PROC_LONG, 'version' => self::VERSION ]
559 );
560
561 // Restore from cache
562 foreach ( self::$mCacheVars as $name ) {
563 $this->$name = $data[$name];
564 }
565
566 return true;
567 }
568
569 /** @name newFrom*() static factory methods */
570 // @{
571
572 /**
573 * Static factory method for creation from username.
574 *
575 * This is slightly less efficient than newFromId(), so use newFromId() if
576 * you have both an ID and a name handy.
577 *
578 * @param string $name Username, validated by Title::newFromText()
579 * @param string|bool $validate Validate username. Takes the same parameters as
580 * User::getCanonicalName(), except that true is accepted as an alias
581 * for 'valid', for BC.
582 *
583 * @return User|bool User object, or false if the username is invalid
584 * (e.g. if it contains illegal characters or is an IP address). If the
585 * username is not present in the database, the result will be a user object
586 * with a name, zero user ID and default settings.
587 */
588 public static function newFromName( $name, $validate = 'valid' ) {
589 if ( $validate === true ) {
590 $validate = 'valid';
591 }
592 $name = self::getCanonicalName( $name, $validate );
593 if ( $name === false ) {
594 return false;
595 } else {
596 // Create unloaded user object
597 $u = new User;
598 $u->mName = $name;
599 $u->mFrom = 'name';
600 $u->setItemLoaded( 'name' );
601 return $u;
602 }
603 }
604
605 /**
606 * Static factory method for creation from a given user ID.
607 *
608 * @param int $id Valid user ID
609 * @return User The corresponding User object
610 */
611 public static function newFromId( $id ) {
612 $u = new User;
613 $u->mId = $id;
614 $u->mFrom = 'id';
615 $u->setItemLoaded( 'id' );
616 return $u;
617 }
618
619 /**
620 * Static factory method for creation from a given actor ID.
621 *
622 * @since 1.31
623 * @param int $id Valid actor ID
624 * @return User The corresponding User object
625 */
626 public static function newFromActorId( $id ) {
627 global $wgActorTableSchemaMigrationStage;
628
629 if ( $wgActorTableSchemaMigrationStage <= MIGRATION_OLD ) {
630 throw new BadMethodCallException(
631 'Cannot use ' . __METHOD__ . ' when $wgActorTableSchemaMigrationStage is MIGRATION_OLD'
632 );
633 }
634
635 $u = new User;
636 $u->mActorId = $id;
637 $u->mFrom = 'actor';
638 $u->setItemLoaded( 'actor' );
639 return $u;
640 }
641
642 /**
643 * Returns a User object corresponding to the given UserIdentity.
644 *
645 * @since 1.32
646 *
647 * @param UserIdentity $identity
648 *
649 * @return User
650 */
651 public static function newFromIdentity( UserIdentity $identity ) {
652 if ( $identity instanceof User ) {
653 return $identity;
654 }
655
656 return self::newFromAnyId(
657 $identity->getId() === 0 ? null : $identity->getId(),
658 $identity->getName() === '' ? null : $identity->getName(),
659 $identity->getActorId() === 0 ? null : $identity->getActorId()
660 );
661 }
662
663 /**
664 * Static factory method for creation from an ID, name, and/or actor ID
665 *
666 * This does not check that the ID, name, and actor ID all correspond to
667 * the same user.
668 *
669 * @since 1.31
670 * @param int|null $userId User ID, if known
671 * @param string|null $userName User name, if known
672 * @param int|null $actorId Actor ID, if known
673 * @return User
674 */
675 public static function newFromAnyId( $userId, $userName, $actorId ) {
676 global $wgActorTableSchemaMigrationStage;
677
678 $user = new User;
679 $user->mFrom = 'defaults';
680
681 if ( $wgActorTableSchemaMigrationStage > MIGRATION_OLD && $actorId !== null ) {
682 $user->mActorId = (int)$actorId;
683 if ( $user->mActorId !== 0 ) {
684 $user->mFrom = 'actor';
685 }
686 $user->setItemLoaded( 'actor' );
687 }
688
689 if ( $userName !== null && $userName !== '' ) {
690 $user->mName = $userName;
691 $user->mFrom = 'name';
692 $user->setItemLoaded( 'name' );
693 }
694
695 if ( $userId !== null ) {
696 $user->mId = (int)$userId;
697 if ( $user->mId !== 0 ) {
698 $user->mFrom = 'id';
699 }
700 $user->setItemLoaded( 'id' );
701 }
702
703 if ( $user->mFrom === 'defaults' ) {
704 throw new InvalidArgumentException(
705 'Cannot create a user with no name, no ID, and no actor ID'
706 );
707 }
708
709 return $user;
710 }
711
712 /**
713 * Factory method to fetch whichever user has a given email confirmation code.
714 * This code is generated when an account is created or its e-mail address
715 * has changed.
716 *
717 * If the code is invalid or has expired, returns NULL.
718 *
719 * @param string $code Confirmation code
720 * @param int $flags User::READ_* bitfield
721 * @return User|null
722 */
723 public static function newFromConfirmationCode( $code, $flags = 0 ) {
724 $db = ( $flags & self::READ_LATEST ) == self::READ_LATEST
725 ? wfGetDB( DB_MASTER )
726 : wfGetDB( DB_REPLICA );
727
728 $id = $db->selectField(
729 'user',
730 'user_id',
731 [
732 'user_email_token' => md5( $code ),
733 'user_email_token_expires > ' . $db->addQuotes( $db->timestamp() ),
734 ]
735 );
736
737 return $id ? self::newFromId( $id ) : null;
738 }
739
740 /**
741 * Create a new user object using data from session. If the login
742 * credentials are invalid, the result is an anonymous user.
743 *
744 * @param WebRequest|null $request Object to use; $wgRequest will be used if omitted.
745 * @return User
746 */
747 public static function newFromSession( WebRequest $request = null ) {
748 $user = new User;
749 $user->mFrom = 'session';
750 $user->mRequest = $request;
751 return $user;
752 }
753
754 /**
755 * Create a new user object from a user row.
756 * The row should have the following fields from the user table in it:
757 * - either user_name or user_id to load further data if needed (or both)
758 * - user_real_name
759 * - all other fields (email, etc.)
760 * It is useless to provide the remaining fields if either user_id,
761 * user_name and user_real_name are not provided because the whole row
762 * will be loaded once more from the database when accessing them.
763 *
764 * @param stdClass $row A row from the user table
765 * @param array|null $data Further data to load into the object
766 * (see User::loadFromRow for valid keys)
767 * @return User
768 */
769 public static function newFromRow( $row, $data = null ) {
770 $user = new User;
771 $user->loadFromRow( $row, $data );
772 return $user;
773 }
774
775 /**
776 * Static factory method for creation of a "system" user from username.
777 *
778 * A "system" user is an account that's used to attribute logged actions
779 * taken by MediaWiki itself, as opposed to a bot or human user. Examples
780 * might include the 'Maintenance script' or 'Conversion script' accounts
781 * used by various scripts in the maintenance/ directory or accounts such
782 * as 'MediaWiki message delivery' used by the MassMessage extension.
783 *
784 * This can optionally create the user if it doesn't exist, and "steal" the
785 * account if it does exist.
786 *
787 * "Stealing" an existing user is intended to make it impossible for normal
788 * authentication processes to use the account, effectively disabling the
789 * account for normal use:
790 * - Email is invalidated, to prevent account recovery by emailing a
791 * temporary password and to disassociate the account from the existing
792 * human.
793 * - The token is set to a magic invalid value, to kill existing sessions
794 * and to prevent $this->setToken() calls from resetting the token to a
795 * valid value.
796 * - SessionManager is instructed to prevent new sessions for the user, to
797 * do things like deauthorizing OAuth consumers.
798 * - AuthManager is instructed to revoke access, to invalidate or remove
799 * passwords and other credentials.
800 *
801 * @param string $name Username
802 * @param array $options Options are:
803 * - validate: As for User::getCanonicalName(), default 'valid'
804 * - create: Whether to create the user if it doesn't already exist, default true
805 * - steal: Whether to "disable" the account for normal use if it already
806 * exists, default false
807 * @return User|null
808 * @since 1.27
809 */
810 public static function newSystemUser( $name, $options = [] ) {
811 $options += [
812 'validate' => 'valid',
813 'create' => true,
814 'steal' => false,
815 ];
816
817 $name = self::getCanonicalName( $name, $options['validate'] );
818 if ( $name === false ) {
819 return null;
820 }
821
822 $dbr = wfGetDB( DB_REPLICA );
823 $userQuery = self::getQueryInfo();
824 $row = $dbr->selectRow(
825 $userQuery['tables'],
826 $userQuery['fields'],
827 [ 'user_name' => $name ],
828 __METHOD__,
829 [],
830 $userQuery['joins']
831 );
832 if ( !$row ) {
833 // Try the master database...
834 $dbw = wfGetDB( DB_MASTER );
835 $row = $dbw->selectRow(
836 $userQuery['tables'],
837 $userQuery['fields'],
838 [ 'user_name' => $name ],
839 __METHOD__,
840 [],
841 $userQuery['joins']
842 );
843 }
844
845 if ( !$row ) {
846 // No user. Create it?
847 return $options['create']
848 ? self::createNew( $name, [ 'token' => self::INVALID_TOKEN ] )
849 : null;
850 }
851
852 $user = self::newFromRow( $row );
853
854 // A user is considered to exist as a non-system user if it can
855 // authenticate, or has an email set, or has a non-invalid token.
856 if ( $user->mEmail || $user->mToken !== self::INVALID_TOKEN ||
857 AuthManager::singleton()->userCanAuthenticate( $name )
858 ) {
859 // User exists. Steal it?
860 if ( !$options['steal'] ) {
861 return null;
862 }
863
864 AuthManager::singleton()->revokeAccessForUser( $name );
865
866 $user->invalidateEmail();
867 $user->mToken = self::INVALID_TOKEN;
868 $user->saveSettings();
869 SessionManager::singleton()->preventSessionsForUser( $user->getName() );
870 }
871
872 return $user;
873 }
874
875 // @}
876
877 /**
878 * Get the username corresponding to a given user ID
879 * @param int $id User ID
880 * @return string|bool The corresponding username
881 */
882 public static function whoIs( $id ) {
883 return UserCache::singleton()->getProp( $id, 'name' );
884 }
885
886 /**
887 * Get the real name of a user given their user ID
888 *
889 * @param int $id User ID
890 * @return string|bool The corresponding user's real name
891 */
892 public static function whoIsReal( $id ) {
893 return UserCache::singleton()->getProp( $id, 'real_name' );
894 }
895
896 /**
897 * Get database id given a user name
898 * @param string $name Username
899 * @param int $flags User::READ_* constant bitfield
900 * @return int|null The corresponding user's ID, or null if user is nonexistent
901 */
902 public static function idFromName( $name, $flags = self::READ_NORMAL ) {
903 $nt = Title::makeTitleSafe( NS_USER, $name );
904 if ( is_null( $nt ) ) {
905 // Illegal name
906 return null;
907 }
908
909 if ( !( $flags & self::READ_LATEST ) && array_key_exists( $name, self::$idCacheByName ) ) {
910 return self::$idCacheByName[$name];
911 }
912
913 list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
914 $db = wfGetDB( $index );
915
916 $s = $db->selectRow(
917 'user',
918 [ 'user_id' ],
919 [ 'user_name' => $nt->getText() ],
920 __METHOD__,
921 $options
922 );
923
924 if ( $s === false ) {
925 $result = null;
926 } else {
927 $result = $s->user_id;
928 }
929
930 self::$idCacheByName[$name] = $result;
931
932 if ( count( self::$idCacheByName ) > 1000 ) {
933 self::$idCacheByName = [];
934 }
935
936 return $result;
937 }
938
939 /**
940 * Reset the cache used in idFromName(). For use in tests.
941 */
942 public static function resetIdByNameCache() {
943 self::$idCacheByName = [];
944 }
945
946 /**
947 * Does the string match an anonymous IP address?
948 *
949 * This function exists for username validation, in order to reject
950 * usernames which are similar in form to IP addresses. Strings such
951 * as 300.300.300.300 will return true because it looks like an IP
952 * address, despite not being strictly valid.
953 *
954 * We match "\d{1,3}\.\d{1,3}\.\d{1,3}\.xxx" as an anonymous IP
955 * address because the usemod software would "cloak" anonymous IP
956 * addresses like this, if we allowed accounts like this to be created
957 * new users could get the old edits of these anonymous users.
958 *
959 * @param string $name Name to match
960 * @return bool
961 */
962 public static function isIP( $name ) {
963 return preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/', $name )
964 || IP::isIPv6( $name );
965 }
966
967 /**
968 * Is the user an IP range?
969 *
970 * @since 1.30
971 * @return bool
972 */
973 public function isIPRange() {
974 return IP::isValidRange( $this->mName );
975 }
976
977 /**
978 * Is the input a valid username?
979 *
980 * Checks if the input is a valid username, we don't want an empty string,
981 * an IP address, anything that contains slashes (would mess up subpages),
982 * is longer than the maximum allowed username size or doesn't begin with
983 * a capital letter.
984 *
985 * @param string $name Name to match
986 * @return bool
987 */
988 public static function isValidUserName( $name ) {
989 global $wgMaxNameChars;
990
991 if ( $name == ''
992 || self::isIP( $name )
993 || strpos( $name, '/' ) !== false
994 || strlen( $name ) > $wgMaxNameChars
995 || $name != MediaWikiServices::getInstance()->getContentLanguage()->ucfirst( $name )
996 ) {
997 return false;
998 }
999
1000 // Ensure that the name can't be misresolved as a different title,
1001 // such as with extra namespace keys at the start.
1002 $parsed = Title::newFromText( $name );
1003 if ( is_null( $parsed )
1004 || $parsed->getNamespace()
1005 || strcmp( $name, $parsed->getPrefixedText() ) ) {
1006 return false;
1007 }
1008
1009 // Check an additional blacklist of troublemaker characters.
1010 // Should these be merged into the title char list?
1011 $unicodeBlacklist = '/[' .
1012 '\x{0080}-\x{009f}' . # iso-8859-1 control chars
1013 '\x{00a0}' . # non-breaking space
1014 '\x{2000}-\x{200f}' . # various whitespace
1015 '\x{2028}-\x{202f}' . # breaks and control chars
1016 '\x{3000}' . # ideographic space
1017 '\x{e000}-\x{f8ff}' . # private use
1018 ']/u';
1019 if ( preg_match( $unicodeBlacklist, $name ) ) {
1020 return false;
1021 }
1022
1023 return true;
1024 }
1025
1026 /**
1027 * Usernames which fail to pass this function will be blocked
1028 * from user login and new account registrations, but may be used
1029 * internally by batch processes.
1030 *
1031 * If an account already exists in this form, login will be blocked
1032 * by a failure to pass this function.
1033 *
1034 * @param string $name Name to match
1035 * @return bool
1036 */
1037 public static function isUsableName( $name ) {
1038 global $wgReservedUsernames;
1039 // Must be a valid username, obviously ;)
1040 if ( !self::isValidUserName( $name ) ) {
1041 return false;
1042 }
1043
1044 static $reservedUsernames = false;
1045 if ( !$reservedUsernames ) {
1046 $reservedUsernames = $wgReservedUsernames;
1047 Hooks::run( 'UserGetReservedNames', [ &$reservedUsernames ] );
1048 }
1049
1050 // Certain names may be reserved for batch processes.
1051 foreach ( $reservedUsernames as $reserved ) {
1052 if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
1053 $reserved = wfMessage( substr( $reserved, 4 ) )->inContentLanguage()->text();
1054 }
1055 if ( $reserved == $name ) {
1056 return false;
1057 }
1058 }
1059 return true;
1060 }
1061
1062 /**
1063 * Return the users who are members of the given group(s). In case of multiple groups,
1064 * users who are members of at least one of them are returned.
1065 *
1066 * @param string|array $groups A single group name or an array of group names
1067 * @param int $limit Max number of users to return. The actual limit will never exceed 5000
1068 * records; larger values are ignored.
1069 * @param int|null $after ID the user to start after
1070 * @return UserArrayFromResult
1071 */
1072 public static function findUsersByGroup( $groups, $limit = 5000, $after = null ) {
1073 if ( $groups === [] ) {
1074 return UserArrayFromResult::newFromIDs( [] );
1075 }
1076
1077 $groups = array_unique( (array)$groups );
1078 $limit = min( 5000, $limit );
1079
1080 $conds = [ 'ug_group' => $groups ];
1081 if ( $after !== null ) {
1082 $conds[] = 'ug_user > ' . (int)$after;
1083 }
1084
1085 $dbr = wfGetDB( DB_REPLICA );
1086 $ids = $dbr->selectFieldValues(
1087 'user_groups',
1088 'ug_user',
1089 $conds,
1090 __METHOD__,
1091 [
1092 'DISTINCT' => true,
1093 'ORDER BY' => 'ug_user',
1094 'LIMIT' => $limit,
1095 ]
1096 ) ?: [];
1097 return UserArray::newFromIDs( $ids );
1098 }
1099
1100 /**
1101 * Usernames which fail to pass this function will be blocked
1102 * from new account registrations, but may be used internally
1103 * either by batch processes or by user accounts which have
1104 * already been created.
1105 *
1106 * Additional blacklisting may be added here rather than in
1107 * isValidUserName() to avoid disrupting existing accounts.
1108 *
1109 * @param string $name String to match
1110 * @return bool
1111 */
1112 public static function isCreatableName( $name ) {
1113 global $wgInvalidUsernameCharacters;
1114
1115 // Ensure that the username isn't longer than 235 bytes, so that
1116 // (at least for the builtin skins) user javascript and css files
1117 // will work. (T25080)
1118 if ( strlen( $name ) > 235 ) {
1119 wfDebugLog( 'username', __METHOD__ .
1120 ": '$name' invalid due to length" );
1121 return false;
1122 }
1123
1124 // Preg yells if you try to give it an empty string
1125 if ( $wgInvalidUsernameCharacters !== '' ) {
1126 if ( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
1127 wfDebugLog( 'username', __METHOD__ .
1128 ": '$name' invalid due to wgInvalidUsernameCharacters" );
1129 return false;
1130 }
1131 }
1132
1133 return self::isUsableName( $name );
1134 }
1135
1136 /**
1137 * Is the input a valid password for this user?
1138 *
1139 * @param string $password Desired password
1140 * @return bool
1141 */
1142 public function isValidPassword( $password ) {
1143 // simple boolean wrapper for getPasswordValidity
1144 return $this->getPasswordValidity( $password ) === true;
1145 }
1146
1147 /**
1148 * Given unvalidated password input, return error message on failure.
1149 *
1150 * @param string $password Desired password
1151 * @return bool|string|array True on success, string or array of error message on failure
1152 */
1153 public function getPasswordValidity( $password ) {
1154 $result = $this->checkPasswordValidity( $password );
1155 if ( $result->isGood() ) {
1156 return true;
1157 } else {
1158 $messages = [];
1159 foreach ( $result->getErrorsByType( 'error' ) as $error ) {
1160 $messages[] = $error['message'];
1161 }
1162 foreach ( $result->getErrorsByType( 'warning' ) as $warning ) {
1163 $messages[] = $warning['message'];
1164 }
1165 if ( count( $messages ) === 1 ) {
1166 return $messages[0];
1167 }
1168 return $messages;
1169 }
1170 }
1171
1172 /**
1173 * Check if this is a valid password for this user
1174 *
1175 * Create a Status object based on the password's validity.
1176 * The Status should be set to fatal if the user should not
1177 * be allowed to log in, and should have any errors that
1178 * would block changing the password.
1179 *
1180 * If the return value of this is not OK, the password
1181 * should not be checked. If the return value is not Good,
1182 * the password can be checked, but the user should not be
1183 * able to set their password to this.
1184 *
1185 * @param string $password Desired password
1186 * @return Status
1187 * @since 1.23
1188 */
1189 public function checkPasswordValidity( $password ) {
1190 global $wgPasswordPolicy;
1191
1192 $upp = new UserPasswordPolicy(
1193 $wgPasswordPolicy['policies'],
1194 $wgPasswordPolicy['checks']
1195 );
1196
1197 $status = Status::newGood();
1198 $result = false; // init $result to false for the internal checks
1199
1200 if ( !Hooks::run( 'isValidPassword', [ $password, &$result, $this ] ) ) {
1201 $status->error( $result );
1202 return $status;
1203 }
1204
1205 if ( $result === false ) {
1206 $status->merge( $upp->checkUserPassword( $this, $password ) );
1207 return $status;
1208 } elseif ( $result === true ) {
1209 return $status;
1210 } else {
1211 $status->error( $result );
1212 return $status; // the isValidPassword hook set a string $result and returned true
1213 }
1214 }
1215
1216 /**
1217 * Given unvalidated user input, return a canonical username, or false if
1218 * the username is invalid.
1219 * @param string $name User input
1220 * @param string|bool $validate Type of validation to use:
1221 * - false No validation
1222 * - 'valid' Valid for batch processes
1223 * - 'usable' Valid for batch processes and login
1224 * - 'creatable' Valid for batch processes, login and account creation
1225 *
1226 * @throws InvalidArgumentException
1227 * @return bool|string
1228 */
1229 public static function getCanonicalName( $name, $validate = 'valid' ) {
1230 // Force usernames to capital
1231 $name = MediaWikiServices::getInstance()->getContentLanguage()->ucfirst( $name );
1232
1233 # Reject names containing '#'; these will be cleaned up
1234 # with title normalisation, but then it's too late to
1235 # check elsewhere
1236 if ( strpos( $name, '#' ) !== false ) {
1237 return false;
1238 }
1239
1240 // Clean up name according to title rules,
1241 // but only when validation is requested (T14654)
1242 $t = ( $validate !== false ) ?
1243 Title::newFromText( $name, NS_USER ) : Title::makeTitle( NS_USER, $name );
1244 // Check for invalid titles
1245 if ( is_null( $t ) || $t->getNamespace() !== NS_USER || $t->isExternal() ) {
1246 return false;
1247 }
1248
1249 // Reject various classes of invalid names
1250 $name = AuthManager::callLegacyAuthPlugin(
1251 'getCanonicalName', [ $t->getText() ], $t->getText()
1252 );
1253
1254 switch ( $validate ) {
1255 case false:
1256 break;
1257 case 'valid':
1258 if ( !self::isValidUserName( $name ) ) {
1259 $name = false;
1260 }
1261 break;
1262 case 'usable':
1263 if ( !self::isUsableName( $name ) ) {
1264 $name = false;
1265 }
1266 break;
1267 case 'creatable':
1268 if ( !self::isCreatableName( $name ) ) {
1269 $name = false;
1270 }
1271 break;
1272 default:
1273 throw new InvalidArgumentException(
1274 'Invalid parameter value for $validate in ' . __METHOD__ );
1275 }
1276 return $name;
1277 }
1278
1279 /**
1280 * Return a random password.
1281 *
1282 * @deprecated since 1.27, use PasswordFactory::generateRandomPasswordString()
1283 * @return string New random password
1284 */
1285 public static function randomPassword() {
1286 global $wgMinimalPasswordLength;
1287 return PasswordFactory::generateRandomPasswordString( $wgMinimalPasswordLength );
1288 }
1289
1290 /**
1291 * Set cached properties to default.
1292 *
1293 * @note This no longer clears uncached lazy-initialised properties;
1294 * the constructor does that instead.
1295 *
1296 * @param string|bool $name
1297 */
1298 public function loadDefaults( $name = false ) {
1299 $this->mId = 0;
1300 $this->mName = $name;
1301 $this->mActorId = null;
1302 $this->mRealName = '';
1303 $this->mEmail = '';
1304 $this->mOptionOverrides = null;
1305 $this->mOptionsLoaded = false;
1306
1307 $loggedOut = $this->mRequest && !defined( 'MW_NO_SESSION' )
1308 ? $this->mRequest->getSession()->getLoggedOutTimestamp() : 0;
1309 if ( $loggedOut !== 0 ) {
1310 $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
1311 } else {
1312 $this->mTouched = '1'; # Allow any pages to be cached
1313 }
1314
1315 $this->mToken = null; // Don't run cryptographic functions till we need a token
1316 $this->mEmailAuthenticated = null;
1317 $this->mEmailToken = '';
1318 $this->mEmailTokenExpires = null;
1319 $this->mRegistration = wfTimestamp( TS_MW );
1320 $this->mGroupMemberships = [];
1321
1322 Hooks::run( 'UserLoadDefaults', [ $this, $name ] );
1323 }
1324
1325 /**
1326 * Return whether an item has been loaded.
1327 *
1328 * @param string $item Item to check. Current possibilities:
1329 * - id
1330 * - name
1331 * - realname
1332 * @param string $all 'all' to check if the whole object has been loaded
1333 * or any other string to check if only the item is available (e.g.
1334 * for optimisation)
1335 * @return bool
1336 */
1337 public function isItemLoaded( $item, $all = 'all' ) {
1338 return ( $this->mLoadedItems === true && $all === 'all' ) ||
1339 ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
1340 }
1341
1342 /**
1343 * Set that an item has been loaded
1344 *
1345 * @param string $item
1346 */
1347 protected function setItemLoaded( $item ) {
1348 if ( is_array( $this->mLoadedItems ) ) {
1349 $this->mLoadedItems[$item] = true;
1350 }
1351 }
1352
1353 /**
1354 * Load user data from the session.
1355 *
1356 * @return bool True if the user is logged in, false otherwise.
1357 */
1358 private function loadFromSession() {
1359 // Deprecated hook
1360 $result = null;
1361 Hooks::run( 'UserLoadFromSession', [ $this, &$result ], '1.27' );
1362 if ( $result !== null ) {
1363 return $result;
1364 }
1365
1366 // MediaWiki\Session\Session already did the necessary authentication of the user
1367 // returned here, so just use it if applicable.
1368 $session = $this->getRequest()->getSession();
1369 $user = $session->getUser();
1370 if ( $user->isLoggedIn() ) {
1371 $this->loadFromUserObject( $user );
1372 if ( $user->isBlocked() ) {
1373 // If this user is autoblocked, set a cookie to track the Block. This has to be done on
1374 // every session load, because an autoblocked editor might not edit again from the same
1375 // IP address after being blocked.
1376 $this->trackBlockWithCookie();
1377 }
1378
1379 // Other code expects these to be set in the session, so set them.
1380 $session->set( 'wsUserID', $this->getId() );
1381 $session->set( 'wsUserName', $this->getName() );
1382 $session->set( 'wsToken', $this->getToken() );
1383
1384 return true;
1385 }
1386
1387 return false;
1388 }
1389
1390 /**
1391 * Set the 'BlockID' cookie depending on block type and user authentication status.
1392 */
1393 public function trackBlockWithCookie() {
1394 $block = $this->getBlock();
1395 if ( $block && $this->getRequest()->getCookie( 'BlockID' ) === null ) {
1396 $config = RequestContext::getMain()->getConfig();
1397 $shouldSetCookie = false;
1398
1399 if ( $this->isAnon() && $config->get( 'CookieSetOnIpBlock' ) ) {
1400 // If user is logged-out, set a cookie to track the Block
1401 $shouldSetCookie = in_array( $block->getType(), [
1402 Block::TYPE_IP, Block::TYPE_RANGE
1403 ] );
1404 if ( $shouldSetCookie ) {
1405 $block->setCookie( $this->getRequest()->response() );
1406
1407 // temporary measure the use of cookies on ip blocks
1408 $stats = MediaWikiServices::getInstance()->getStatsdDataFactory();
1409 $stats->increment( 'block.ipblock.setCookie.success' );
1410 }
1411 } elseif ( $this->isLoggedIn() && $config->get( 'CookieSetOnAutoblock' ) ) {
1412 $shouldSetCookie = $block->getType() === Block::TYPE_USER && $block->isAutoblocking();
1413 if ( $shouldSetCookie ) {
1414 $block->setCookie( $this->getRequest()->response() );
1415 }
1416 }
1417 }
1418 }
1419
1420 /**
1421 * Load user and user_group data from the database.
1422 * $this->mId must be set, this is how the user is identified.
1423 *
1424 * @param int $flags User::READ_* constant bitfield
1425 * @return bool True if the user exists, false if the user is anonymous
1426 */
1427 public function loadFromDatabase( $flags = self::READ_LATEST ) {
1428 // Paranoia
1429 $this->mId = intval( $this->mId );
1430
1431 if ( !$this->mId ) {
1432 // Anonymous users are not in the database
1433 $this->loadDefaults();
1434 return false;
1435 }
1436
1437 list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $flags );
1438 $db = wfGetDB( $index );
1439
1440 $userQuery = self::getQueryInfo();
1441 $s = $db->selectRow(
1442 $userQuery['tables'],
1443 $userQuery['fields'],
1444 [ 'user_id' => $this->mId ],
1445 __METHOD__,
1446 $options,
1447 $userQuery['joins']
1448 );
1449
1450 $this->queryFlagsUsed = $flags;
1451 Hooks::run( 'UserLoadFromDatabase', [ $this, &$s ] );
1452
1453 if ( $s !== false ) {
1454 // Initialise user table data
1455 $this->loadFromRow( $s );
1456 $this->mGroupMemberships = null; // deferred
1457 $this->getEditCount(); // revalidation for nulls
1458 return true;
1459 } else {
1460 // Invalid user_id
1461 $this->mId = 0;
1462 $this->loadDefaults();
1463 return false;
1464 }
1465 }
1466
1467 /**
1468 * Initialize this object from a row from the user table.
1469 *
1470 * @param stdClass $row Row from the user table to load.
1471 * @param array|null $data Further user data to load into the object
1472 *
1473 * user_groups Array of arrays or stdClass result rows out of the user_groups
1474 * table. Previously you were supposed to pass an array of strings
1475 * here, but we also need expiry info nowadays, so an array of
1476 * strings is ignored.
1477 * user_properties Array with properties out of the user_properties table
1478 */
1479 protected function loadFromRow( $row, $data = null ) {
1480 global $wgActorTableSchemaMigrationStage;
1481
1482 if ( !is_object( $row ) ) {
1483 throw new InvalidArgumentException( '$row must be an object' );
1484 }
1485
1486 $all = true;
1487
1488 $this->mGroupMemberships = null; // deferred
1489
1490 if ( $wgActorTableSchemaMigrationStage > MIGRATION_OLD ) {
1491 if ( isset( $row->actor_id ) ) {
1492 $this->mActorId = (int)$row->actor_id;
1493 if ( $this->mActorId !== 0 ) {
1494 $this->mFrom = 'actor';
1495 }
1496 $this->setItemLoaded( 'actor' );
1497 } else {
1498 $all = false;
1499 }
1500 }
1501
1502 if ( isset( $row->user_name ) && $row->user_name !== '' ) {
1503 $this->mName = $row->user_name;
1504 $this->mFrom = 'name';
1505 $this->setItemLoaded( 'name' );
1506 } else {
1507 $all = false;
1508 }
1509
1510 if ( isset( $row->user_real_name ) ) {
1511 $this->mRealName = $row->user_real_name;
1512 $this->setItemLoaded( 'realname' );
1513 } else {
1514 $all = false;
1515 }
1516
1517 if ( isset( $row->user_id ) ) {
1518 $this->mId = intval( $row->user_id );
1519 if ( $this->mId !== 0 ) {
1520 $this->mFrom = 'id';
1521 }
1522 $this->setItemLoaded( 'id' );
1523 } else {
1524 $all = false;
1525 }
1526
1527 if ( isset( $row->user_id ) && isset( $row->user_name ) && $row->user_name !== '' ) {
1528 self::$idCacheByName[$row->user_name] = $row->user_id;
1529 }
1530
1531 if ( isset( $row->user_editcount ) ) {
1532 $this->mEditCount = $row->user_editcount;
1533 } else {
1534 $all = false;
1535 }
1536
1537 if ( isset( $row->user_touched ) ) {
1538 $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
1539 } else {
1540 $all = false;
1541 }
1542
1543 if ( isset( $row->user_token ) ) {
1544 // The definition for the column is binary(32), so trim the NULs
1545 // that appends. The previous definition was char(32), so trim
1546 // spaces too.
1547 $this->mToken = rtrim( $row->user_token, " \0" );
1548 if ( $this->mToken === '' ) {
1549 $this->mToken = null;
1550 }
1551 } else {
1552 $all = false;
1553 }
1554
1555 if ( isset( $row->user_email ) ) {
1556 $this->mEmail = $row->user_email;
1557 $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
1558 $this->mEmailToken = $row->user_email_token;
1559 $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
1560 $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
1561 } else {
1562 $all = false;
1563 }
1564
1565 if ( $all ) {
1566 $this->mLoadedItems = true;
1567 }
1568
1569 if ( is_array( $data ) ) {
1570 if ( isset( $data['user_groups'] ) && is_array( $data['user_groups'] ) ) {
1571 if ( !count( $data['user_groups'] ) ) {
1572 $this->mGroupMemberships = [];
1573 } else {
1574 $firstGroup = reset( $data['user_groups'] );
1575 if ( is_array( $firstGroup ) || is_object( $firstGroup ) ) {
1576 $this->mGroupMemberships = [];
1577 foreach ( $data['user_groups'] as $row ) {
1578 $ugm = UserGroupMembership::newFromRow( (object)$row );
1579 $this->mGroupMemberships[$ugm->getGroup()] = $ugm;
1580 }
1581 }
1582 }
1583 }
1584 if ( isset( $data['user_properties'] ) && is_array( $data['user_properties'] ) ) {
1585 $this->loadOptions( $data['user_properties'] );
1586 }
1587 }
1588 }
1589
1590 /**
1591 * Load the data for this user object from another user object.
1592 *
1593 * @param User $user
1594 */
1595 protected function loadFromUserObject( $user ) {
1596 $user->load();
1597 foreach ( self::$mCacheVars as $var ) {
1598 $this->$var = $user->$var;
1599 }
1600 }
1601
1602 /**
1603 * Load the groups from the database if they aren't already loaded.
1604 */
1605 private function loadGroups() {
1606 if ( is_null( $this->mGroupMemberships ) ) {
1607 $db = ( $this->queryFlagsUsed & self::READ_LATEST )
1608 ? wfGetDB( DB_MASTER )
1609 : wfGetDB( DB_REPLICA );
1610 $this->mGroupMemberships = UserGroupMembership::getMembershipsForUser(
1611 $this->mId, $db );
1612 }
1613 }
1614
1615 /**
1616 * Add the user to the group if he/she meets given criteria.
1617 *
1618 * Contrary to autopromotion by \ref $wgAutopromote, the group will be
1619 * possible to remove manually via Special:UserRights. In such case it
1620 * will not be re-added automatically. The user will also not lose the
1621 * group if they no longer meet the criteria.
1622 *
1623 * @param string $event Key in $wgAutopromoteOnce (each one has groups/criteria)
1624 *
1625 * @return array Array of groups the user has been promoted to.
1626 *
1627 * @see $wgAutopromoteOnce
1628 */
1629 public function addAutopromoteOnceGroups( $event ) {
1630 global $wgAutopromoteOnceLogInRC;
1631
1632 if ( wfReadOnly() || !$this->getId() ) {
1633 return [];
1634 }
1635
1636 $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
1637 if ( !count( $toPromote ) ) {
1638 return [];
1639 }
1640
1641 if ( !$this->checkAndSetTouched() ) {
1642 return []; // raced out (bug T48834)
1643 }
1644
1645 $oldGroups = $this->getGroups(); // previous groups
1646 $oldUGMs = $this->getGroupMemberships();
1647 foreach ( $toPromote as $group ) {
1648 $this->addGroup( $group );
1649 }
1650 $newGroups = array_merge( $oldGroups, $toPromote ); // all groups
1651 $newUGMs = $this->getGroupMemberships();
1652
1653 // update groups in external authentication database
1654 Hooks::run( 'UserGroupsChanged', [ $this, $toPromote, [], false, false, $oldUGMs, $newUGMs ] );
1655 AuthManager::callLegacyAuthPlugin( 'updateExternalDBGroups', [ $this, $toPromote ] );
1656
1657 $logEntry = new ManualLogEntry( 'rights', 'autopromote' );
1658 $logEntry->setPerformer( $this );
1659 $logEntry->setTarget( $this->getUserPage() );
1660 $logEntry->setParameters( [
1661 '4::oldgroups' => $oldGroups,
1662 '5::newgroups' => $newGroups,
1663 ] );
1664 $logid = $logEntry->insert();
1665 if ( $wgAutopromoteOnceLogInRC ) {
1666 $logEntry->publish( $logid );
1667 }
1668
1669 return $toPromote;
1670 }
1671
1672 /**
1673 * Builds update conditions. Additional conditions may be added to $conditions to
1674 * protected against race conditions using a compare-and-set (CAS) mechanism
1675 * based on comparing $this->mTouched with the user_touched field.
1676 *
1677 * @param Database $db
1678 * @param array $conditions WHERE conditions for use with Database::update
1679 * @return array WHERE conditions for use with Database::update
1680 */
1681 protected function makeUpdateConditions( Database $db, array $conditions ) {
1682 if ( $this->mTouched ) {
1683 // CAS check: only update if the row wasn't changed sicne it was loaded.
1684 $conditions['user_touched'] = $db->timestamp( $this->mTouched );
1685 }
1686
1687 return $conditions;
1688 }
1689
1690 /**
1691 * Bump user_touched if it didn't change since this object was loaded
1692 *
1693 * On success, the mTouched field is updated.
1694 * The user serialization cache is always cleared.
1695 *
1696 * @return bool Whether user_touched was actually updated
1697 * @since 1.26
1698 */
1699 protected function checkAndSetTouched() {
1700 $this->load();
1701
1702 if ( !$this->mId ) {
1703 return false; // anon
1704 }
1705
1706 // Get a new user_touched that is higher than the old one
1707 $newTouched = $this->newTouchedTimestamp();
1708
1709 $dbw = wfGetDB( DB_MASTER );
1710 $dbw->update( 'user',
1711 [ 'user_touched' => $dbw->timestamp( $newTouched ) ],
1712 $this->makeUpdateConditions( $dbw, [
1713 'user_id' => $this->mId,
1714 ] ),
1715 __METHOD__
1716 );
1717 $success = ( $dbw->affectedRows() > 0 );
1718
1719 if ( $success ) {
1720 $this->mTouched = $newTouched;
1721 $this->clearSharedCache();
1722 } else {
1723 // Clears on failure too since that is desired if the cache is stale
1724 $this->clearSharedCache( 'refresh' );
1725 }
1726
1727 return $success;
1728 }
1729
1730 /**
1731 * Clear various cached data stored in this object. The cache of the user table
1732 * data (i.e. self::$mCacheVars) is not cleared unless $reloadFrom is given.
1733 *
1734 * @param bool|string $reloadFrom Reload user and user_groups table data from a
1735 * given source. May be "name", "id", "actor", "defaults", "session", or false for no reload.
1736 */
1737 public function clearInstanceCache( $reloadFrom = false ) {
1738 $this->mNewtalk = -1;
1739 $this->mDatePreference = null;
1740 $this->mBlockedby = -1; # Unset
1741 $this->mHash = false;
1742 $this->mRights = null;
1743 $this->mEffectiveGroups = null;
1744 $this->mImplicitGroups = null;
1745 $this->mGroupMemberships = null;
1746 $this->mOptions = null;
1747 $this->mOptionsLoaded = false;
1748 $this->mEditCount = null;
1749
1750 if ( $reloadFrom ) {
1751 $this->mLoadedItems = [];
1752 $this->mFrom = $reloadFrom;
1753 }
1754 }
1755
1756 /**
1757 * Combine the language default options with any site-specific options
1758 * and add the default language variants.
1759 *
1760 * @return array Array of String options
1761 */
1762 public static function getDefaultOptions() {
1763 global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgDefaultSkin;
1764
1765 static $defOpt = null;
1766 static $defOptLang = null;
1767
1768 $contLang = MediaWikiServices::getInstance()->getContentLanguage();
1769 if ( $defOpt !== null && $defOptLang === $contLang->getCode() ) {
1770 // The content language does not change (and should not change) mid-request, but the
1771 // unit tests change it anyway, and expect this method to return values relevant to the
1772 // current content language.
1773 return $defOpt;
1774 }
1775
1776 $defOpt = $wgDefaultUserOptions;
1777 // Default language setting
1778 $defOptLang = $contLang->getCode();
1779 $defOpt['language'] = $defOptLang;
1780 foreach ( LanguageConverter::$languagesWithVariants as $langCode ) {
1781 if ( $langCode === $contLang->getCode() ) {
1782 $defOpt['variant'] = $langCode;
1783 } else {
1784 $defOpt["variant-$langCode"] = $langCode;
1785 }
1786 }
1787
1788 // NOTE: don't use SearchEngineConfig::getSearchableNamespaces here,
1789 // since extensions may change the set of searchable namespaces depending
1790 // on user groups/permissions.
1791 foreach ( $wgNamespacesToBeSearchedDefault as $nsnum => $val ) {
1792 $defOpt['searchNs' . $nsnum] = (bool)$val;
1793 }
1794 $defOpt['skin'] = Skin::normalizeKey( $wgDefaultSkin );
1795
1796 Hooks::run( 'UserGetDefaultOptions', [ &$defOpt ] );
1797
1798 return $defOpt;
1799 }
1800
1801 /**
1802 * Get a given default option value.
1803 *
1804 * @param string $opt Name of option to retrieve
1805 * @return string Default option value
1806 */
1807 public static function getDefaultOption( $opt ) {
1808 $defOpts = self::getDefaultOptions();
1809 if ( isset( $defOpts[$opt] ) ) {
1810 return $defOpts[$opt];
1811 } else {
1812 return null;
1813 }
1814 }
1815
1816 /**
1817 * Get blocking information
1818 * @param bool $bFromSlave Whether to check the replica DB first.
1819 * To improve performance, non-critical checks are done against replica DBs.
1820 * Check when actually saving should be done against master.
1821 */
1822 private function getBlockedStatus( $bFromSlave = true ) {
1823 global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff, $wgSoftBlockRanges;
1824
1825 if ( -1 != $this->mBlockedby ) {
1826 return;
1827 }
1828
1829 wfDebug( __METHOD__ . ": checking...\n" );
1830
1831 // Initialize data...
1832 // Otherwise something ends up stomping on $this->mBlockedby when
1833 // things get lazy-loaded later, causing false positive block hits
1834 // due to -1 !== 0. Probably session-related... Nothing should be
1835 // overwriting mBlockedby, surely?
1836 $this->load();
1837
1838 # We only need to worry about passing the IP address to the Block generator if the
1839 # user is not immune to autoblocks/hardblocks, and they are the current user so we
1840 # know which IP address they're actually coming from
1841 $ip = null;
1842 if ( !$this->isAllowed( 'ipblock-exempt' ) ) {
1843 // $wgUser->getName() only works after the end of Setup.php. Until
1844 // then, assume it's a logged-out user.
1845 $globalUserName = $wgUser->isSafeToLoad()
1846 ? $wgUser->getName()
1847 : IP::sanitizeIP( $wgUser->getRequest()->getIP() );
1848 if ( $this->getName() === $globalUserName ) {
1849 $ip = $this->getRequest()->getIP();
1850 }
1851 }
1852
1853 // User/IP blocking
1854 $block = Block::newFromTarget( $this, $ip, !$bFromSlave );
1855
1856 // Cookie blocking
1857 if ( !$block instanceof Block ) {
1858 $block = $this->getBlockFromCookieValue( $this->getRequest()->getCookie( 'BlockID' ) );
1859 }
1860
1861 // Proxy blocking
1862 if ( !$block instanceof Block && $ip !== null && !in_array( $ip, $wgProxyWhitelist ) ) {
1863 // Local list
1864 if ( self::isLocallyBlockedProxy( $ip ) ) {
1865 $block = new Block( [
1866 'byText' => wfMessage( 'proxyblocker' )->text(),
1867 'reason' => wfMessage( 'proxyblockreason' )->plain(),
1868 'address' => $ip,
1869 'systemBlock' => 'proxy',
1870 ] );
1871 } elseif ( $this->isAnon() && $this->isDnsBlacklisted( $ip ) ) {
1872 $block = new Block( [
1873 'byText' => wfMessage( 'sorbs' )->text(),
1874 'reason' => wfMessage( 'sorbsreason' )->plain(),
1875 'address' => $ip,
1876 'systemBlock' => 'dnsbl',
1877 ] );
1878 }
1879 }
1880
1881 // (T25343) Apply IP blocks to the contents of XFF headers, if enabled
1882 if ( !$block instanceof Block
1883 && $wgApplyIpBlocksToXff
1884 && $ip !== null
1885 && !in_array( $ip, $wgProxyWhitelist )
1886 ) {
1887 $xff = $this->getRequest()->getHeader( 'X-Forwarded-For' );
1888 $xff = array_map( 'trim', explode( ',', $xff ) );
1889 $xff = array_diff( $xff, [ $ip ] );
1890 $xffblocks = Block::getBlocksForIPList( $xff, $this->isAnon(), !$bFromSlave );
1891 $block = Block::chooseBlock( $xffblocks, $xff );
1892 if ( $block instanceof Block ) {
1893 # Mangle the reason to alert the user that the block
1894 # originated from matching the X-Forwarded-For header.
1895 $block->mReason = wfMessage( 'xffblockreason', $block->mReason )->plain();
1896 }
1897 }
1898
1899 if ( !$block instanceof Block
1900 && $ip !== null
1901 && $this->isAnon()
1902 && IP::isInRanges( $ip, $wgSoftBlockRanges )
1903 ) {
1904 $block = new Block( [
1905 'address' => $ip,
1906 'byText' => 'MediaWiki default',
1907 'reason' => wfMessage( 'softblockrangesreason', $ip )->plain(),
1908 'anonOnly' => true,
1909 'systemBlock' => 'wgSoftBlockRanges',
1910 ] );
1911 }
1912
1913 if ( $block instanceof Block ) {
1914 wfDebug( __METHOD__ . ": Found block.\n" );
1915 $this->mBlock = $block;
1916 $this->mBlockedby = $block->getByName();
1917 $this->mBlockreason = $block->mReason;
1918 $this->mHideName = $block->mHideName;
1919 $this->mAllowUsertalk = !$block->prevents( 'editownusertalk' );
1920 } else {
1921 $this->mBlock = null;
1922 $this->mBlockedby = '';
1923 $this->mBlockreason = '';
1924 $this->mHideName = 0;
1925 $this->mAllowUsertalk = false;
1926 }
1927
1928 // Avoid PHP 7.1 warning of passing $this by reference
1929 $user = $this;
1930 // Extensions
1931 Hooks::run( 'GetBlockedStatus', [ &$user ] );
1932 }
1933
1934 /**
1935 * Try to load a Block from an ID given in a cookie value.
1936 * @param string|null $blockCookieVal The cookie value to check.
1937 * @return Block|bool The Block object, or false if none could be loaded.
1938 */
1939 protected function getBlockFromCookieValue( $blockCookieVal ) {
1940 // Make sure there's something to check. The cookie value must start with a number.
1941 if ( strlen( $blockCookieVal ) < 1 || !is_numeric( substr( $blockCookieVal, 0, 1 ) ) ) {
1942 return false;
1943 }
1944 // Load the Block from the ID in the cookie.
1945 $blockCookieId = Block::getIdFromCookieValue( $blockCookieVal );
1946 if ( $blockCookieId !== null ) {
1947 // An ID was found in the cookie.
1948 $tmpBlock = Block::newFromID( $blockCookieId );
1949 if ( $tmpBlock instanceof Block ) {
1950 $config = RequestContext::getMain()->getConfig();
1951
1952 switch ( $tmpBlock->getType() ) {
1953 case Block::TYPE_USER:
1954 $blockIsValid = !$tmpBlock->isExpired() && $tmpBlock->isAutoblocking();
1955 $useBlockCookie = ( $config->get( 'CookieSetOnAutoblock' ) === true );
1956 break;
1957 case Block::TYPE_IP:
1958 case Block::TYPE_RANGE:
1959 // If block is type IP or IP range, load only if user is not logged in (T152462)
1960 $blockIsValid = !$tmpBlock->isExpired() && !$this->isLoggedIn();
1961 $useBlockCookie = ( $config->get( 'CookieSetOnIpBlock' ) === true );
1962 break;
1963 default:
1964 $blockIsValid = false;
1965 $useBlockCookie = false;
1966 }
1967
1968 if ( $blockIsValid && $useBlockCookie ) {
1969 // Use the block.
1970 return $tmpBlock;
1971 } else {
1972 // If the block is not valid, remove the cookie.
1973 Block::clearCookie( $this->getRequest()->response() );
1974 }
1975 } else {
1976 // If the block doesn't exist, remove the cookie.
1977 Block::clearCookie( $this->getRequest()->response() );
1978 }
1979 }
1980 return false;
1981 }
1982
1983 /**
1984 * Whether the given IP is in a DNS blacklist.
1985 *
1986 * @param string $ip IP to check
1987 * @param bool $checkWhitelist Whether to check the whitelist first
1988 * @return bool True if blacklisted.
1989 */
1990 public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
1991 global $wgEnableDnsBlacklist, $wgDnsBlacklistUrls, $wgProxyWhitelist;
1992
1993 if ( !$wgEnableDnsBlacklist ) {
1994 return false;
1995 }
1996
1997 if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) ) {
1998 return false;
1999 }
2000
2001 return $this->inDnsBlacklist( $ip, $wgDnsBlacklistUrls );
2002 }
2003
2004 /**
2005 * Whether the given IP is in a given DNS blacklist.
2006 *
2007 * @param string $ip IP to check
2008 * @param string|array $bases Array of Strings: URL of the DNS blacklist
2009 * @return bool True if blacklisted.
2010 */
2011 public function inDnsBlacklist( $ip, $bases ) {
2012 $found = false;
2013 // @todo FIXME: IPv6 ??? (https://bugs.php.net/bug.php?id=33170)
2014 if ( IP::isIPv4( $ip ) ) {
2015 // Reverse IP, T23255
2016 $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
2017
2018 foreach ( (array)$bases as $base ) {
2019 // Make hostname
2020 // If we have an access key, use that too (ProjectHoneypot, etc.)
2021 $basename = $base;
2022 if ( is_array( $base ) ) {
2023 if ( count( $base ) >= 2 ) {
2024 // Access key is 1, base URL is 0
2025 $host = "{$base[1]}.$ipReversed.{$base[0]}";
2026 } else {
2027 $host = "$ipReversed.{$base[0]}";
2028 }
2029 $basename = $base[0];
2030 } else {
2031 $host = "$ipReversed.$base";
2032 }
2033
2034 // Send query
2035 $ipList = gethostbynamel( $host );
2036
2037 if ( $ipList ) {
2038 wfDebugLog( 'dnsblacklist', "Hostname $host is {$ipList[0]}, it's a proxy says $basename!" );
2039 $found = true;
2040 break;
2041 } else {
2042 wfDebugLog( 'dnsblacklist', "Requested $host, not found in $basename." );
2043 }
2044 }
2045 }
2046
2047 return $found;
2048 }
2049
2050 /**
2051 * Check if an IP address is in the local proxy list
2052 *
2053 * @param string $ip
2054 *
2055 * @return bool
2056 */
2057 public static function isLocallyBlockedProxy( $ip ) {
2058 global $wgProxyList;
2059
2060 if ( !$wgProxyList ) {
2061 return false;
2062 }
2063
2064 if ( !is_array( $wgProxyList ) ) {
2065 // Load values from the specified file
2066 $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
2067 }
2068
2069 $resultProxyList = [];
2070 $deprecatedIPEntries = [];
2071
2072 // backward compatibility: move all ip addresses in keys to values
2073 foreach ( $wgProxyList as $key => $value ) {
2074 $keyIsIP = IP::isIPAddress( $key );
2075 $valueIsIP = IP::isIPAddress( $value );
2076 if ( $keyIsIP && !$valueIsIP ) {
2077 $deprecatedIPEntries[] = $key;
2078 $resultProxyList[] = $key;
2079 } elseif ( $keyIsIP && $valueIsIP ) {
2080 $deprecatedIPEntries[] = $key;
2081 $resultProxyList[] = $key;
2082 $resultProxyList[] = $value;
2083 } else {
2084 $resultProxyList[] = $value;
2085 }
2086 }
2087
2088 if ( $deprecatedIPEntries ) {
2089 wfDeprecated(
2090 'IP addresses in the keys of $wgProxyList (found the following IP addresses in keys: ' .
2091 implode( ', ', $deprecatedIPEntries ) . ', please move them to values)', '1.30' );
2092 }
2093
2094 $proxyListIPSet = new IPSet( $resultProxyList );
2095 return $proxyListIPSet->match( $ip );
2096 }
2097
2098 /**
2099 * Is this user subject to rate limiting?
2100 *
2101 * @return bool True if rate limited
2102 */
2103 public function isPingLimitable() {
2104 global $wgRateLimitsExcludedIPs;
2105 if ( IP::isInRanges( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
2106 // No other good way currently to disable rate limits
2107 // for specific IPs. :P
2108 // But this is a crappy hack and should die.
2109 return false;
2110 }
2111 return !$this->isAllowed( 'noratelimit' );
2112 }
2113
2114 /**
2115 * Primitive rate limits: enforce maximum actions per time period
2116 * to put a brake on flooding.
2117 *
2118 * The method generates both a generic profiling point and a per action one
2119 * (suffix being "-$action".
2120 *
2121 * @note When using a shared cache like memcached, IP-address
2122 * last-hit counters will be shared across wikis.
2123 *
2124 * @param string $action Action to enforce; 'edit' if unspecified
2125 * @param int $incrBy Positive amount to increment counter by [defaults to 1]
2126 * @return bool True if a rate limiter was tripped
2127 */
2128 public function pingLimiter( $action = 'edit', $incrBy = 1 ) {
2129 // Avoid PHP 7.1 warning of passing $this by reference
2130 $user = $this;
2131 // Call the 'PingLimiter' hook
2132 $result = false;
2133 if ( !Hooks::run( 'PingLimiter', [ &$user, $action, &$result, $incrBy ] ) ) {
2134 return $result;
2135 }
2136
2137 global $wgRateLimits;
2138 if ( !isset( $wgRateLimits[$action] ) ) {
2139 return false;
2140 }
2141
2142 $limits = array_merge(
2143 [ '&can-bypass' => true ],
2144 $wgRateLimits[$action]
2145 );
2146
2147 // Some groups shouldn't trigger the ping limiter, ever
2148 if ( $limits['&can-bypass'] && !$this->isPingLimitable() ) {
2149 return false;
2150 }
2151
2152 $keys = [];
2153 $id = $this->getId();
2154 $userLimit = false;
2155 $isNewbie = $this->isNewbie();
2156 $cache = ObjectCache::getLocalClusterInstance();
2157
2158 if ( $id == 0 ) {
2159 // limits for anons
2160 if ( isset( $limits['anon'] ) ) {
2161 $keys[$cache->makeKey( 'limiter', $action, 'anon' )] = $limits['anon'];
2162 }
2163 } else {
2164 // limits for logged-in users
2165 if ( isset( $limits['user'] ) ) {
2166 $userLimit = $limits['user'];
2167 }
2168 // limits for newbie logged-in users
2169 if ( $isNewbie && isset( $limits['newbie'] ) ) {
2170 $keys[$cache->makeKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
2171 }
2172 }
2173
2174 // limits for anons and for newbie logged-in users
2175 if ( $isNewbie ) {
2176 // ip-based limits
2177 if ( isset( $limits['ip'] ) ) {
2178 $ip = $this->getRequest()->getIP();
2179 $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
2180 }
2181 // subnet-based limits
2182 if ( isset( $limits['subnet'] ) ) {
2183 $ip = $this->getRequest()->getIP();
2184 $subnet = IP::getSubnet( $ip );
2185 if ( $subnet !== false ) {
2186 $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
2187 }
2188 }
2189 }
2190
2191 // Check for group-specific permissions
2192 // If more than one group applies, use the group with the highest limit ratio (max/period)
2193 foreach ( $this->getGroups() as $group ) {
2194 if ( isset( $limits[$group] ) ) {
2195 if ( $userLimit === false
2196 || $limits[$group][0] / $limits[$group][1] > $userLimit[0] / $userLimit[1]
2197 ) {
2198 $userLimit = $limits[$group];
2199 }
2200 }
2201 }
2202
2203 // Set the user limit key
2204 if ( $userLimit !== false ) {
2205 list( $max, $period ) = $userLimit;
2206 wfDebug( __METHOD__ . ": effective user limit: $max in {$period}s\n" );
2207 $keys[$cache->makeKey( 'limiter', $action, 'user', $id )] = $userLimit;
2208 }
2209
2210 // ip-based limits for all ping-limitable users
2211 if ( isset( $limits['ip-all'] ) ) {
2212 $ip = $this->getRequest()->getIP();
2213 // ignore if user limit is more permissive
2214 if ( $isNewbie || $userLimit === false
2215 || $limits['ip-all'][0] / $limits['ip-all'][1] > $userLimit[0] / $userLimit[1] ) {
2216 $keys["mediawiki:limiter:$action:ip-all:$ip"] = $limits['ip-all'];
2217 }
2218 }
2219
2220 // subnet-based limits for all ping-limitable users
2221 if ( isset( $limits['subnet-all'] ) ) {
2222 $ip = $this->getRequest()->getIP();
2223 $subnet = IP::getSubnet( $ip );
2224 if ( $subnet !== false ) {
2225 // ignore if user limit is more permissive
2226 if ( $isNewbie || $userLimit === false
2227 || $limits['ip-all'][0] / $limits['ip-all'][1]
2228 > $userLimit[0] / $userLimit[1] ) {
2229 $keys["mediawiki:limiter:$action:subnet-all:$subnet"] = $limits['subnet-all'];
2230 }
2231 }
2232 }
2233
2234 $triggered = false;
2235 foreach ( $keys as $key => $limit ) {
2236 list( $max, $period ) = $limit;
2237 $summary = "(limit $max in {$period}s)";
2238 $count = $cache->get( $key );
2239 // Already pinged?
2240 if ( $count ) {
2241 if ( $count >= $max ) {
2242 wfDebugLog( 'ratelimit', "User '{$this->getName()}' " .
2243 "(IP {$this->getRequest()->getIP()}) tripped $key at $count $summary" );
2244 $triggered = true;
2245 } else {
2246 wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
2247 }
2248 } else {
2249 wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
2250 if ( $incrBy > 0 ) {
2251 $cache->add( $key, 0, intval( $period ) ); // first ping
2252 }
2253 }
2254 if ( $incrBy > 0 ) {
2255 $cache->incr( $key, $incrBy );
2256 }
2257 }
2258
2259 return $triggered;
2260 }
2261
2262 /**
2263 * Check if user is blocked
2264 *
2265 * @param bool $bFromSlave Whether to check the replica DB instead of
2266 * the master. Hacked from false due to horrible probs on site.
2267 * @return bool True if blocked, false otherwise
2268 */
2269 public function isBlocked( $bFromSlave = true ) {
2270 return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
2271 }
2272
2273 /**
2274 * Get the block affecting the user, or null if the user is not blocked
2275 *
2276 * @param bool $bFromSlave Whether to check the replica DB instead of the master
2277 * @return Block|null
2278 */
2279 public function getBlock( $bFromSlave = true ) {
2280 $this->getBlockedStatus( $bFromSlave );
2281 return $this->mBlock instanceof Block ? $this->mBlock : null;
2282 }
2283
2284 /**
2285 * Check if user is blocked from editing a particular article
2286 *
2287 * @param Title $title Title to check
2288 * @param bool $bFromSlave Whether to check the replica DB instead of the master
2289 * @return bool
2290 */
2291 public function isBlockedFrom( $title, $bFromSlave = false ) {
2292 global $wgBlockAllowsUTEdit;
2293
2294 $blocked = $this->isBlocked( $bFromSlave );
2295 $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
2296 // If a user's name is suppressed, they cannot make edits anywhere
2297 if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName()
2298 && $title->getNamespace() == NS_USER_TALK ) {
2299 $blocked = false;
2300 wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
2301 }
2302
2303 Hooks::run( 'UserIsBlockedFrom', [ $this, $title, &$blocked, &$allowUsertalk ] );
2304
2305 return $blocked;
2306 }
2307
2308 /**
2309 * If user is blocked, return the name of the user who placed the block
2310 * @return string Name of blocker
2311 */
2312 public function blockedBy() {
2313 $this->getBlockedStatus();
2314 return $this->mBlockedby;
2315 }
2316
2317 /**
2318 * If user is blocked, return the specified reason for the block
2319 * @return string Blocking reason
2320 */
2321 public function blockedFor() {
2322 $this->getBlockedStatus();
2323 return $this->mBlockreason;
2324 }
2325
2326 /**
2327 * If user is blocked, return the ID for the block
2328 * @return int Block ID
2329 */
2330 public function getBlockId() {
2331 $this->getBlockedStatus();
2332 return ( $this->mBlock ? $this->mBlock->getId() : false );
2333 }
2334
2335 /**
2336 * Check if user is blocked on all wikis.
2337 * Do not use for actual edit permission checks!
2338 * This is intended for quick UI checks.
2339 *
2340 * @param string $ip IP address, uses current client if none given
2341 * @return bool True if blocked, false otherwise
2342 */
2343 public function isBlockedGlobally( $ip = '' ) {
2344 return $this->getGlobalBlock( $ip ) instanceof Block;
2345 }
2346
2347 /**
2348 * Check if user is blocked on all wikis.
2349 * Do not use for actual edit permission checks!
2350 * This is intended for quick UI checks.
2351 *
2352 * @param string $ip IP address, uses current client if none given
2353 * @return Block|null Block object if blocked, null otherwise
2354 * @throws FatalError
2355 * @throws MWException
2356 */
2357 public function getGlobalBlock( $ip = '' ) {
2358 if ( $this->mGlobalBlock !== null ) {
2359 return $this->mGlobalBlock ?: null;
2360 }
2361 // User is already an IP?
2362 if ( IP::isIPAddress( $this->getName() ) ) {
2363 $ip = $this->getName();
2364 } elseif ( !$ip ) {
2365 $ip = $this->getRequest()->getIP();
2366 }
2367 // Avoid PHP 7.1 warning of passing $this by reference
2368 $user = $this;
2369 $blocked = false;
2370 $block = null;
2371 Hooks::run( 'UserIsBlockedGlobally', [ &$user, $ip, &$blocked, &$block ] );
2372
2373 if ( $blocked && $block === null ) {
2374 // back-compat: UserIsBlockedGlobally didn't have $block param first
2375 $block = new Block( [
2376 'address' => $ip,
2377 'systemBlock' => 'global-block'
2378 ] );
2379 }
2380
2381 $this->mGlobalBlock = $blocked ? $block : false;
2382 return $this->mGlobalBlock ?: null;
2383 }
2384
2385 /**
2386 * Check if user account is locked
2387 *
2388 * @return bool True if locked, false otherwise
2389 */
2390 public function isLocked() {
2391 if ( $this->mLocked !== null ) {
2392 return $this->mLocked;
2393 }
2394 // Avoid PHP 7.1 warning of passing $this by reference
2395 $user = $this;
2396 $authUser = AuthManager::callLegacyAuthPlugin( 'getUserInstance', [ &$user ], null );
2397 $this->mLocked = $authUser && $authUser->isLocked();
2398 Hooks::run( 'UserIsLocked', [ $this, &$this->mLocked ] );
2399 return $this->mLocked;
2400 }
2401
2402 /**
2403 * Check if user account is hidden
2404 *
2405 * @return bool True if hidden, false otherwise
2406 */
2407 public function isHidden() {
2408 if ( $this->mHideName !== null ) {
2409 return $this->mHideName;
2410 }
2411 $this->getBlockedStatus();
2412 if ( !$this->mHideName ) {
2413 // Avoid PHP 7.1 warning of passing $this by reference
2414 $user = $this;
2415 $authUser = AuthManager::callLegacyAuthPlugin( 'getUserInstance', [ &$user ], null );
2416 $this->mHideName = $authUser && $authUser->isHidden();
2417 Hooks::run( 'UserIsHidden', [ $this, &$this->mHideName ] );
2418 }
2419 return $this->mHideName;
2420 }
2421
2422 /**
2423 * Get the user's ID.
2424 * @return int The user's ID; 0 if the user is anonymous or nonexistent
2425 */
2426 public function getId() {
2427 if ( $this->mId === null && $this->mName !== null && self::isIP( $this->mName ) ) {
2428 // Special case, we know the user is anonymous
2429 return 0;
2430 } elseif ( !$this->isItemLoaded( 'id' ) ) {
2431 // Don't load if this was initialized from an ID
2432 $this->load();
2433 }
2434
2435 return (int)$this->mId;
2436 }
2437
2438 /**
2439 * Set the user and reload all fields according to a given ID
2440 * @param int $v User ID to reload
2441 */
2442 public function setId( $v ) {
2443 $this->mId = $v;
2444 $this->clearInstanceCache( 'id' );
2445 }
2446
2447 /**
2448 * Get the user name, or the IP of an anonymous user
2449 * @return string User's name or IP address
2450 */
2451 public function getName() {
2452 if ( $this->isItemLoaded( 'name', 'only' ) ) {
2453 // Special case optimisation
2454 return $this->mName;
2455 } else {
2456 $this->load();
2457 if ( $this->mName === false ) {
2458 // Clean up IPs
2459 $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
2460 }
2461 return $this->mName;
2462 }
2463 }
2464
2465 /**
2466 * Set the user name.
2467 *
2468 * This does not reload fields from the database according to the given
2469 * name. Rather, it is used to create a temporary "nonexistent user" for
2470 * later addition to the database. It can also be used to set the IP
2471 * address for an anonymous user to something other than the current
2472 * remote IP.
2473 *
2474 * @note User::newFromName() has roughly the same function, when the named user
2475 * does not exist.
2476 * @param string $str New user name to set
2477 */
2478 public function setName( $str ) {
2479 $this->load();
2480 $this->mName = $str;
2481 }
2482
2483 /**
2484 * Get the user's actor ID.
2485 * @since 1.31
2486 * @param IDatabase|null $dbw Assign a new actor ID, using this DB handle, if none exists
2487 * @return int The actor's ID, or 0 if no actor ID exists and $dbw was null
2488 */
2489 public function getActorId( IDatabase $dbw = null ) {
2490 global $wgActorTableSchemaMigrationStage;
2491
2492 if ( $wgActorTableSchemaMigrationStage <= MIGRATION_OLD ) {
2493 return 0;
2494 }
2495
2496 if ( !$this->isItemLoaded( 'actor' ) ) {
2497 $this->load();
2498 }
2499
2500 // Currently $this->mActorId might be null if $this was loaded from a
2501 // cache entry that was written when $wgActorTableSchemaMigrationStage
2502 // was MIGRATION_OLD. Once that is no longer a possibility (i.e. when
2503 // User::VERSION is incremented after $wgActorTableSchemaMigrationStage
2504 // has been removed), that condition may be removed.
2505 if ( $this->mActorId === null || !$this->mActorId && $dbw ) {
2506 $q = [
2507 'actor_user' => $this->getId() ?: null,
2508 'actor_name' => (string)$this->getName(),
2509 ];
2510 if ( $dbw ) {
2511 if ( $q['actor_user'] === null && self::isUsableName( $q['actor_name'] ) ) {
2512 throw new CannotCreateActorException(
2513 'Cannot create an actor for a usable name that is not an existing user'
2514 );
2515 }
2516 if ( $q['actor_name'] === '' ) {
2517 throw new CannotCreateActorException( 'Cannot create an actor for a user with no name' );
2518 }
2519 $dbw->insert( 'actor', $q, __METHOD__, [ 'IGNORE' ] );
2520 if ( $dbw->affectedRows() ) {
2521 $this->mActorId = (int)$dbw->insertId();
2522 } else {
2523 // Outdated cache?
2524 list( , $options ) = DBAccessObjectUtils::getDBOptions( $this->queryFlagsUsed );
2525 $this->mActorId = (int)$dbw->selectField( 'actor', 'actor_id', $q, __METHOD__, $options );
2526 if ( !$this->mActorId ) {
2527 throw new CannotCreateActorException(
2528 "Cannot create actor ID for user_id={$this->getId()} user_name={$this->getName()}"
2529 );
2530 }
2531 }
2532 $this->invalidateCache();
2533 } else {
2534 list( $index, $options ) = DBAccessObjectUtils::getDBOptions( $this->queryFlagsUsed );
2535 $db = wfGetDB( $index );
2536 $this->mActorId = (int)$db->selectField( 'actor', 'actor_id', $q, __METHOD__, $options );
2537 }
2538 $this->setItemLoaded( 'actor' );
2539 }
2540
2541 return (int)$this->mActorId;
2542 }
2543
2544 /**
2545 * Get the user's name escaped by underscores.
2546 * @return string Username escaped by underscores.
2547 */
2548 public function getTitleKey() {
2549 return str_replace( ' ', '_', $this->getName() );
2550 }
2551
2552 /**
2553 * Check if the user has new messages.
2554 * @return bool True if the user has new messages
2555 */
2556 public function getNewtalk() {
2557 $this->load();
2558
2559 // Load the newtalk status if it is unloaded (mNewtalk=-1)
2560 if ( $this->mNewtalk === -1 ) {
2561 $this->mNewtalk = false; # reset talk page status
2562
2563 // Check memcached separately for anons, who have no
2564 // entire User object stored in there.
2565 if ( !$this->mId ) {
2566 global $wgDisableAnonTalk;
2567 if ( $wgDisableAnonTalk ) {
2568 // Anon newtalk disabled by configuration.
2569 $this->mNewtalk = false;
2570 } else {
2571 $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName() );
2572 }
2573 } else {
2574 $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
2575 }
2576 }
2577
2578 return (bool)$this->mNewtalk;
2579 }
2580
2581 /**
2582 * Return the data needed to construct links for new talk page message
2583 * alerts. If there are new messages, this will return an associative array
2584 * with the following data:
2585 * wiki: The database name of the wiki
2586 * link: Root-relative link to the user's talk page
2587 * rev: The last talk page revision that the user has seen or null. This
2588 * is useful for building diff links.
2589 * If there are no new messages, it returns an empty array.
2590 * @note This function was designed to accomodate multiple talk pages, but
2591 * currently only returns a single link and revision.
2592 * @return array
2593 */
2594 public function getNewMessageLinks() {
2595 // Avoid PHP 7.1 warning of passing $this by reference
2596 $user = $this;
2597 $talks = [];
2598 if ( !Hooks::run( 'UserRetrieveNewTalks', [ &$user, &$talks ] ) ) {
2599 return $talks;
2600 } elseif ( !$this->getNewtalk() ) {
2601 return [];
2602 }
2603 $utp = $this->getTalkPage();
2604 $dbr = wfGetDB( DB_REPLICA );
2605 // Get the "last viewed rev" timestamp from the oldest message notification
2606 $timestamp = $dbr->selectField( 'user_newtalk',
2607 'MIN(user_last_timestamp)',
2608 $this->isAnon() ? [ 'user_ip' => $this->getName() ] : [ 'user_id' => $this->getId() ],
2609 __METHOD__ );
2610 $rev = $timestamp ? Revision::loadFromTimestamp( $dbr, $utp, $timestamp ) : null;
2611 return [ [ 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL(), 'rev' => $rev ] ];
2612 }
2613
2614 /**
2615 * Get the revision ID for the last talk page revision viewed by the talk
2616 * page owner.
2617 * @return int|null Revision ID or null
2618 */
2619 public function getNewMessageRevisionId() {
2620 $newMessageRevisionId = null;
2621 $newMessageLinks = $this->getNewMessageLinks();
2622 if ( $newMessageLinks ) {
2623 // Note: getNewMessageLinks() never returns more than a single link
2624 // and it is always for the same wiki, but we double-check here in
2625 // case that changes some time in the future.
2626 if ( count( $newMessageLinks ) === 1
2627 && $newMessageLinks[0]['wiki'] === wfWikiID()
2628 && $newMessageLinks[0]['rev']
2629 ) {
2630 /** @var Revision $newMessageRevision */
2631 $newMessageRevision = $newMessageLinks[0]['rev'];
2632 $newMessageRevisionId = $newMessageRevision->getId();
2633 }
2634 }
2635 return $newMessageRevisionId;
2636 }
2637
2638 /**
2639 * Internal uncached check for new messages
2640 *
2641 * @see getNewtalk()
2642 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2643 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2644 * @return bool True if the user has new messages
2645 */
2646 protected function checkNewtalk( $field, $id ) {
2647 $dbr = wfGetDB( DB_REPLICA );
2648
2649 $ok = $dbr->selectField( 'user_newtalk', $field, [ $field => $id ], __METHOD__ );
2650
2651 return $ok !== false;
2652 }
2653
2654 /**
2655 * Add or update the new messages flag
2656 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2657 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2658 * @param Revision|null $curRev New, as yet unseen revision of the user talk page. Ignored if null.
2659 * @return bool True if successful, false otherwise
2660 */
2661 protected function updateNewtalk( $field, $id, $curRev = null ) {
2662 // Get timestamp of the talk page revision prior to the current one
2663 $prevRev = $curRev ? $curRev->getPrevious() : false;
2664 $ts = $prevRev ? $prevRev->getTimestamp() : null;
2665 // Mark the user as having new messages since this revision
2666 $dbw = wfGetDB( DB_MASTER );
2667 $dbw->insert( 'user_newtalk',
2668 [ $field => $id, 'user_last_timestamp' => $dbw->timestampOrNull( $ts ) ],
2669 __METHOD__,
2670 'IGNORE' );
2671 if ( $dbw->affectedRows() ) {
2672 wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
2673 return true;
2674 } else {
2675 wfDebug( __METHOD__ . " already set ($field, $id)\n" );
2676 return false;
2677 }
2678 }
2679
2680 /**
2681 * Clear the new messages flag for the given user
2682 * @param string $field 'user_ip' for anonymous users, 'user_id' otherwise
2683 * @param string|int $id User's IP address for anonymous users, User ID otherwise
2684 * @return bool True if successful, false otherwise
2685 */
2686 protected function deleteNewtalk( $field, $id ) {
2687 $dbw = wfGetDB( DB_MASTER );
2688 $dbw->delete( 'user_newtalk',
2689 [ $field => $id ],
2690 __METHOD__ );
2691 if ( $dbw->affectedRows() ) {
2692 wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
2693 return true;
2694 } else {
2695 wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
2696 return false;
2697 }
2698 }
2699
2700 /**
2701 * Update the 'You have new messages!' status.
2702 * @param bool $val Whether the user has new messages
2703 * @param Revision|null $curRev New, as yet unseen revision of the user talk
2704 * page. Ignored if null or !$val.
2705 */
2706 public function setNewtalk( $val, $curRev = null ) {
2707 if ( wfReadOnly() ) {
2708 return;
2709 }
2710
2711 $this->load();
2712 $this->mNewtalk = $val;
2713
2714 if ( $this->isAnon() ) {
2715 $field = 'user_ip';
2716 $id = $this->getName();
2717 } else {
2718 $field = 'user_id';
2719 $id = $this->getId();
2720 }
2721
2722 if ( $val ) {
2723 $changed = $this->updateNewtalk( $field, $id, $curRev );
2724 } else {
2725 $changed = $this->deleteNewtalk( $field, $id );
2726 }
2727
2728 if ( $changed ) {
2729 $this->invalidateCache();
2730 }
2731 }
2732
2733 /**
2734 * Generate a current or new-future timestamp to be stored in the
2735 * user_touched field when we update things.
2736 * @return string Timestamp in TS_MW format
2737 */
2738 private function newTouchedTimestamp() {
2739 global $wgClockSkewFudge;
2740
2741 $time = wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
2742 if ( $this->mTouched && $time <= $this->mTouched ) {
2743 $time = wfTimestamp( TS_MW, wfTimestamp( TS_UNIX, $this->mTouched ) + 1 );
2744 }
2745
2746 return $time;
2747 }
2748
2749 /**
2750 * Clear user data from memcached
2751 *
2752 * Use after applying updates to the database; caller's
2753 * responsibility to update user_touched if appropriate.
2754 *
2755 * Called implicitly from invalidateCache() and saveSettings().
2756 *
2757 * @param string $mode Use 'refresh' to clear now; otherwise before DB commit
2758 */
2759 public function clearSharedCache( $mode = 'changed' ) {
2760 if ( !$this->getId() ) {
2761 return;
2762 }
2763
2764 $cache = ObjectCache::getMainWANInstance();
2765 $key = $this->getCacheKey( $cache );
2766 if ( $mode === 'refresh' ) {
2767 $cache->delete( $key, 1 );
2768 } else {
2769 $lb = MediaWikiServices::getInstance()->getDBLoadBalancer();
2770 if ( $lb->hasOrMadeRecentMasterChanges() ) {
2771 $lb->getConnection( DB_MASTER )->onTransactionPreCommitOrIdle(
2772 function () use ( $cache, $key ) {
2773 $cache->delete( $key );
2774 },
2775 __METHOD__
2776 );
2777 } else {
2778 $cache->delete( $key );
2779 }
2780 }
2781 }
2782
2783 /**
2784 * Immediately touch the user data cache for this account
2785 *
2786 * Calls touch() and removes account data from memcached
2787 */
2788 public function invalidateCache() {
2789 $this->touch();
2790 $this->clearSharedCache();
2791 }
2792
2793 /**
2794 * Update the "touched" timestamp for the user
2795 *
2796 * This is useful on various login/logout events when making sure that
2797 * a browser or proxy that has multiple tenants does not suffer cache
2798 * pollution where the new user sees the old users content. The value
2799 * of getTouched() is checked when determining 304 vs 200 responses.
2800 * Unlike invalidateCache(), this preserves the User object cache and
2801 * avoids database writes.
2802 *
2803 * @since 1.25
2804 */
2805 public function touch() {
2806 $id = $this->getId();
2807 if ( $id ) {
2808 $cache = MediaWikiServices::getInstance()->getMainWANObjectCache();
2809 $key = $cache->makeKey( 'user-quicktouched', 'id', $id );
2810 $cache->touchCheckKey( $key );
2811 $this->mQuickTouched = null;
2812 }
2813 }
2814
2815 /**
2816 * Validate the cache for this account.
2817 * @param string $timestamp A timestamp in TS_MW format
2818 * @return bool
2819 */
2820 public function validateCache( $timestamp ) {
2821 return ( $timestamp >= $this->getTouched() );
2822 }
2823
2824 /**
2825 * Get the user touched timestamp
2826 *
2827 * Use this value only to validate caches via inequalities
2828 * such as in the case of HTTP If-Modified-Since response logic
2829 *
2830 * @return string TS_MW Timestamp
2831 */
2832 public function getTouched() {
2833 $this->load();
2834
2835 if ( $this->mId ) {
2836 if ( $this->mQuickTouched === null ) {
2837 $cache = MediaWikiServices::getInstance()->getMainWANObjectCache();
2838 $key = $cache->makeKey( 'user-quicktouched', 'id', $this->mId );
2839
2840 $this->mQuickTouched = wfTimestamp( TS_MW, $cache->getCheckKeyTime( $key ) );
2841 }
2842
2843 return max( $this->mTouched, $this->mQuickTouched );
2844 }
2845
2846 return $this->mTouched;
2847 }
2848
2849 /**
2850 * Get the user_touched timestamp field (time of last DB updates)
2851 * @return string TS_MW Timestamp
2852 * @since 1.26
2853 */
2854 public function getDBTouched() {
2855 $this->load();
2856
2857 return $this->mTouched;
2858 }
2859
2860 /**
2861 * Set the password and reset the random token.
2862 * Calls through to authentication plugin if necessary;
2863 * will have no effect if the auth plugin refuses to
2864 * pass the change through or if the legal password
2865 * checks fail.
2866 *
2867 * As a special case, setting the password to null
2868 * wipes it, so the account cannot be logged in until
2869 * a new password is set, for instance via e-mail.
2870 *
2871 * @deprecated since 1.27, use AuthManager instead
2872 * @param string $str New password to set
2873 * @throws PasswordError On failure
2874 * @return bool
2875 */
2876 public function setPassword( $str ) {
2877 return $this->setPasswordInternal( $str );
2878 }
2879
2880 /**
2881 * Set the password and reset the random token unconditionally.
2882 *
2883 * @deprecated since 1.27, use AuthManager instead
2884 * @param string|null $str New password to set or null to set an invalid
2885 * password hash meaning that the user will not be able to log in
2886 * through the web interface.
2887 */
2888 public function setInternalPassword( $str ) {
2889 $this->setPasswordInternal( $str );
2890 }
2891
2892 /**
2893 * Actually set the password and such
2894 * @since 1.27 cannot set a password for a user not in the database
2895 * @param string|null $str New password to set or null to set an invalid
2896 * password hash meaning that the user will not be able to log in
2897 * through the web interface.
2898 * @return bool Success
2899 */
2900 private function setPasswordInternal( $str ) {
2901 $manager = AuthManager::singleton();
2902
2903 // If the user doesn't exist yet, fail
2904 if ( !$manager->userExists( $this->getName() ) ) {
2905 throw new LogicException( 'Cannot set a password for a user that is not in the database.' );
2906 }
2907
2908 $status = $this->changeAuthenticationData( [
2909 'username' => $this->getName(),
2910 'password' => $str,
2911 'retype' => $str,
2912 ] );
2913 if ( !$status->isGood() ) {
2914 \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' )
2915 ->info( __METHOD__ . ': Password change rejected: '
2916 . $status->getWikiText( null, null, 'en' ) );
2917 return false;
2918 }
2919
2920 $this->setOption( 'watchlisttoken', false );
2921 SessionManager::singleton()->invalidateSessionsForUser( $this );
2922
2923 return true;
2924 }
2925
2926 /**
2927 * Changes credentials of the user.
2928 *
2929 * This is a convenience wrapper around AuthManager::changeAuthenticationData.
2930 * Note that this can return a status that isOK() but not isGood() on certain types of failures,
2931 * e.g. when no provider handled the change.
2932 *
2933 * @param array $data A set of authentication data in fieldname => value format. This is the
2934 * same data you would pass the changeauthenticationdata API - 'username', 'password' etc.
2935 * @return Status
2936 * @since 1.27
2937 */
2938 public function changeAuthenticationData( array $data ) {
2939 $manager = AuthManager::singleton();
2940 $reqs = $manager->getAuthenticationRequests( AuthManager::ACTION_CHANGE, $this );
2941 $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
2942
2943 $status = Status::newGood( 'ignored' );
2944 foreach ( $reqs as $req ) {
2945 $status->merge( $manager->allowsAuthenticationDataChange( $req ), true );
2946 }
2947 if ( $status->getValue() === 'ignored' ) {
2948 $status->warning( 'authenticationdatachange-ignored' );
2949 }
2950
2951 if ( $status->isGood() ) {
2952 foreach ( $reqs as $req ) {
2953 $manager->changeAuthenticationData( $req );
2954 }
2955 }
2956 return $status;
2957 }
2958
2959 /**
2960 * Get the user's current token.
2961 * @param bool $forceCreation Force the generation of a new token if the
2962 * user doesn't have one (default=true for backwards compatibility).
2963 * @return string|null Token
2964 */
2965 public function getToken( $forceCreation = true ) {
2966 global $wgAuthenticationTokenVersion;
2967
2968 $this->load();
2969 if ( !$this->mToken && $forceCreation ) {
2970 $this->setToken();
2971 }
2972
2973 if ( !$this->mToken ) {
2974 // The user doesn't have a token, return null to indicate that.
2975 return null;
2976 } elseif ( $this->mToken === self::INVALID_TOKEN ) {
2977 // We return a random value here so existing token checks are very
2978 // likely to fail.
2979 return MWCryptRand::generateHex( self::TOKEN_LENGTH );
2980 } elseif ( $wgAuthenticationTokenVersion === null ) {
2981 // $wgAuthenticationTokenVersion not in use, so return the raw secret
2982 return $this->mToken;
2983 } else {
2984 // $wgAuthenticationTokenVersion in use, so hmac it.
2985 $ret = MWCryptHash::hmac( $wgAuthenticationTokenVersion, $this->mToken, false );
2986
2987 // The raw hash can be overly long. Shorten it up.
2988 $len = max( 32, self::TOKEN_LENGTH );
2989 if ( strlen( $ret ) < $len ) {
2990 // Should never happen, even md5 is 128 bits
2991 throw new \UnexpectedValueException( 'Hmac returned less than 128 bits' );
2992 }
2993 return substr( $ret, -$len );
2994 }
2995 }
2996
2997 /**
2998 * Set the random token (used for persistent authentication)
2999 * Called from loadDefaults() among other places.
3000 *
3001 * @param string|bool $token If specified, set the token to this value
3002 */
3003 public function setToken( $token = false ) {
3004 $this->load();
3005 if ( $this->mToken === self::INVALID_TOKEN ) {
3006 \MediaWiki\Logger\LoggerFactory::getInstance( 'session' )
3007 ->debug( __METHOD__ . ": Ignoring attempt to set token for system user \"$this\"" );
3008 } elseif ( !$token ) {
3009 $this->mToken = MWCryptRand::generateHex( self::TOKEN_LENGTH );
3010 } else {
3011 $this->mToken = $token;
3012 }
3013 }
3014
3015 /**
3016 * Set the password for a password reminder or new account email
3017 *
3018 * @deprecated Removed in 1.27. Use PasswordReset instead.
3019 * @param string $str New password to set or null to set an invalid
3020 * password hash meaning that the user will not be able to use it
3021 * @param bool $throttle If true, reset the throttle timestamp to the present
3022 */
3023 public function setNewpassword( $str, $throttle = true ) {
3024 throw new BadMethodCallException( __METHOD__ . ' has been removed in 1.27' );
3025 }
3026
3027 /**
3028 * Get the user's e-mail address
3029 * @return string User's email address
3030 */
3031 public function getEmail() {
3032 $this->load();
3033 Hooks::run( 'UserGetEmail', [ $this, &$this->mEmail ] );
3034 return $this->mEmail;
3035 }
3036
3037 /**
3038 * Get the timestamp of the user's e-mail authentication
3039 * @return string TS_MW timestamp
3040 */
3041 public function getEmailAuthenticationTimestamp() {
3042 $this->load();
3043 Hooks::run( 'UserGetEmailAuthenticationTimestamp', [ $this, &$this->mEmailAuthenticated ] );
3044 return $this->mEmailAuthenticated;
3045 }
3046
3047 /**
3048 * Set the user's e-mail address
3049 * @param string $str New e-mail address
3050 */
3051 public function setEmail( $str ) {
3052 $this->load();
3053 if ( $str == $this->mEmail ) {
3054 return;
3055 }
3056 $this->invalidateEmail();
3057 $this->mEmail = $str;
3058 Hooks::run( 'UserSetEmail', [ $this, &$this->mEmail ] );
3059 }
3060
3061 /**
3062 * Set the user's e-mail address and a confirmation mail if needed.
3063 *
3064 * @since 1.20
3065 * @param string $str New e-mail address
3066 * @return Status
3067 */
3068 public function setEmailWithConfirmation( $str ) {
3069 global $wgEnableEmail, $wgEmailAuthentication;
3070
3071 if ( !$wgEnableEmail ) {
3072 return Status::newFatal( 'emaildisabled' );
3073 }
3074
3075 $oldaddr = $this->getEmail();
3076 if ( $str === $oldaddr ) {
3077 return Status::newGood( true );
3078 }
3079
3080 $type = $oldaddr != '' ? 'changed' : 'set';
3081 $notificationResult = null;
3082
3083 if ( $wgEmailAuthentication ) {
3084 // Send the user an email notifying the user of the change in registered
3085 // email address on their previous email address
3086 if ( $type == 'changed' ) {
3087 $change = $str != '' ? 'changed' : 'removed';
3088 $notificationResult = $this->sendMail(
3089 wfMessage( 'notificationemail_subject_' . $change )->text(),
3090 wfMessage( 'notificationemail_body_' . $change,
3091 $this->getRequest()->getIP(),
3092 $this->getName(),
3093 $str )->text()
3094 );
3095 }
3096 }
3097
3098 $this->setEmail( $str );
3099
3100 if ( $str !== '' && $wgEmailAuthentication ) {
3101 // Send a confirmation request to the new address if needed
3102 $result = $this->sendConfirmationMail( $type );
3103
3104 if ( $notificationResult !== null ) {
3105 $result->merge( $notificationResult );
3106 }
3107
3108 if ( $result->isGood() ) {
3109 // Say to the caller that a confirmation and notification mail has been sent
3110 $result->value = 'eauth';
3111 }
3112 } else {
3113 $result = Status::newGood( true );
3114 }
3115
3116 return $result;
3117 }
3118
3119 /**
3120 * Get the user's real name
3121 * @return string User's real name
3122 */
3123 public function getRealName() {
3124 if ( !$this->isItemLoaded( 'realname' ) ) {
3125 $this->load();
3126 }
3127
3128 return $this->mRealName;
3129 }
3130
3131 /**
3132 * Set the user's real name
3133 * @param string $str New real name
3134 */
3135 public function setRealName( $str ) {
3136 $this->load();
3137 $this->mRealName = $str;
3138 }
3139
3140 /**
3141 * Get the user's current setting for a given option.
3142 *
3143 * @param string $oname The option to check
3144 * @param string|array|null $defaultOverride A default value returned if the option does not exist
3145 * @param bool $ignoreHidden Whether to ignore the effects of $wgHiddenPrefs
3146 * @return string|array|int|null User's current value for the option
3147 * @see getBoolOption()
3148 * @see getIntOption()
3149 */
3150 public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
3151 global $wgHiddenPrefs;
3152 $this->loadOptions();
3153
3154 # We want 'disabled' preferences to always behave as the default value for
3155 # users, even if they have set the option explicitly in their settings (ie they
3156 # set it, and then it was disabled removing their ability to change it). But
3157 # we don't want to erase the preferences in the database in case the preference
3158 # is re-enabled again. So don't touch $mOptions, just override the returned value
3159 if ( !$ignoreHidden && in_array( $oname, $wgHiddenPrefs ) ) {
3160 return self::getDefaultOption( $oname );
3161 }
3162
3163 if ( array_key_exists( $oname, $this->mOptions ) ) {
3164 return $this->mOptions[$oname];
3165 } else {
3166 return $defaultOverride;
3167 }
3168 }
3169
3170 /**
3171 * Get all user's options
3172 *
3173 * @param int $flags Bitwise combination of:
3174 * User::GETOPTIONS_EXCLUDE_DEFAULTS Exclude user options that are set
3175 * to the default value. (Since 1.25)
3176 * @return array
3177 */
3178 public function getOptions( $flags = 0 ) {
3179 global $wgHiddenPrefs;
3180 $this->loadOptions();
3181 $options = $this->mOptions;
3182
3183 # We want 'disabled' preferences to always behave as the default value for
3184 # users, even if they have set the option explicitly in their settings (ie they
3185 # set it, and then it was disabled removing their ability to change it). But
3186 # we don't want to erase the preferences in the database in case the preference
3187 # is re-enabled again. So don't touch $mOptions, just override the returned value
3188 foreach ( $wgHiddenPrefs as $pref ) {
3189 $default = self::getDefaultOption( $pref );
3190 if ( $default !== null ) {
3191 $options[$pref] = $default;
3192 }
3193 }
3194
3195 if ( $flags & self::GETOPTIONS_EXCLUDE_DEFAULTS ) {
3196 $options = array_diff_assoc( $options, self::getDefaultOptions() );
3197 }
3198
3199 return $options;
3200 }
3201
3202 /**
3203 * Get the user's current setting for a given option, as a boolean value.
3204 *
3205 * @param string $oname The option to check
3206 * @return bool User's current value for the option
3207 * @see getOption()
3208 */
3209 public function getBoolOption( $oname ) {
3210 return (bool)$this->getOption( $oname );
3211 }
3212
3213 /**
3214 * Get the user's current setting for a given option, as an integer value.
3215 *
3216 * @param string $oname The option to check
3217 * @param int $defaultOverride A default value returned if the option does not exist
3218 * @return int User's current value for the option
3219 * @see getOption()
3220 */
3221 public function getIntOption( $oname, $defaultOverride = 0 ) {
3222 $val = $this->getOption( $oname );
3223 if ( $val == '' ) {
3224 $val = $defaultOverride;
3225 }
3226 return intval( $val );
3227 }
3228
3229 /**
3230 * Set the given option for a user.
3231 *
3232 * You need to call saveSettings() to actually write to the database.
3233 *
3234 * @param string $oname The option to set
3235 * @param mixed $val New value to set
3236 */
3237 public function setOption( $oname, $val ) {
3238 $this->loadOptions();
3239
3240 // Explicitly NULL values should refer to defaults
3241 if ( is_null( $val ) ) {
3242 $val = self::getDefaultOption( $oname );
3243 }
3244
3245 $this->mOptions[$oname] = $val;
3246 }
3247
3248 /**
3249 * Get a token stored in the preferences (like the watchlist one),
3250 * resetting it if it's empty (and saving changes).
3251 *
3252 * @param string $oname The option name to retrieve the token from
3253 * @return string|bool User's current value for the option, or false if this option is disabled.
3254 * @see resetTokenFromOption()
3255 * @see getOption()
3256 * @deprecated since 1.26 Applications should use the OAuth extension
3257 */
3258 public function getTokenFromOption( $oname ) {
3259 global $wgHiddenPrefs;
3260
3261 $id = $this->getId();
3262 if ( !$id || in_array( $oname, $wgHiddenPrefs ) ) {
3263 return false;
3264 }
3265
3266 $token = $this->getOption( $oname );
3267 if ( !$token ) {
3268 // Default to a value based on the user token to avoid space
3269 // wasted on storing tokens for all users. When this option
3270 // is set manually by the user, only then is it stored.
3271 $token = hash_hmac( 'sha1', "$oname:$id", $this->getToken() );
3272 }
3273
3274 return $token;
3275 }
3276
3277 /**
3278 * Reset a token stored in the preferences (like the watchlist one).
3279 * *Does not* save user's preferences (similarly to setOption()).
3280 *
3281 * @param string $oname The option name to reset the token in
3282 * @return string|bool New token value, or false if this option is disabled.
3283 * @see getTokenFromOption()
3284 * @see setOption()
3285 */
3286 public function resetTokenFromOption( $oname ) {
3287 global $wgHiddenPrefs;
3288 if ( in_array( $oname, $wgHiddenPrefs ) ) {
3289 return false;
3290 }
3291
3292 $token = MWCryptRand::generateHex( 40 );
3293 $this->setOption( $oname, $token );
3294 return $token;
3295 }
3296
3297 /**
3298 * Return a list of the types of user options currently returned by
3299 * User::getOptionKinds().
3300 *
3301 * Currently, the option kinds are:
3302 * - 'registered' - preferences which are registered in core MediaWiki or
3303 * by extensions using the UserGetDefaultOptions hook.
3304 * - 'registered-multiselect' - as above, using the 'multiselect' type.
3305 * - 'registered-checkmatrix' - as above, using the 'checkmatrix' type.
3306 * - 'userjs' - preferences with names starting with 'userjs-', intended to
3307 * be used by user scripts.
3308 * - 'special' - "preferences" that are not accessible via User::getOptions
3309 * or User::setOptions.
3310 * - 'unused' - preferences about which MediaWiki doesn't know anything.
3311 * These are usually legacy options, removed in newer versions.
3312 *
3313 * The API (and possibly others) use this function to determine the possible
3314 * option types for validation purposes, so make sure to update this when a
3315 * new option kind is added.
3316 *
3317 * @see User::getOptionKinds
3318 * @return array Option kinds
3319 */
3320 public static function listOptionKinds() {
3321 return [
3322 'registered',
3323 'registered-multiselect',
3324 'registered-checkmatrix',
3325 'userjs',
3326 'special',
3327 'unused'
3328 ];
3329 }
3330
3331 /**
3332 * Return an associative array mapping preferences keys to the kind of a preference they're
3333 * used for. Different kinds are handled differently when setting or reading preferences.
3334 *
3335 * See User::listOptionKinds for the list of valid option types that can be provided.
3336 *
3337 * @see User::listOptionKinds
3338 * @param IContextSource $context
3339 * @param array|null $options Assoc. array with options keys to check as keys.
3340 * Defaults to $this->mOptions.
3341 * @return array The key => kind mapping data
3342 */
3343 public function getOptionKinds( IContextSource $context, $options = null ) {
3344 $this->loadOptions();
3345 if ( $options === null ) {
3346 $options = $this->mOptions;
3347 }
3348
3349 $preferencesFactory = MediaWikiServices::getInstance()->getPreferencesFactory();
3350 $prefs = $preferencesFactory->getFormDescriptor( $this, $context );
3351 $mapping = [];
3352
3353 // Pull out the "special" options, so they don't get converted as
3354 // multiselect or checkmatrix.
3355 $specialOptions = array_fill_keys( $preferencesFactory->getSaveBlacklist(), true );
3356 foreach ( $specialOptions as $name => $value ) {
3357 unset( $prefs[$name] );
3358 }
3359
3360 // Multiselect and checkmatrix options are stored in the database with
3361 // one key per option, each having a boolean value. Extract those keys.
3362 $multiselectOptions = [];
3363 foreach ( $prefs as $name => $info ) {
3364 if ( ( isset( $info['type'] ) && $info['type'] == 'multiselect' ) ||
3365 ( isset( $info['class'] ) && $info['class'] == HTMLMultiSelectField::class ) ) {
3366 $opts = HTMLFormField::flattenOptions( $info['options'] );
3367 $prefix = $info['prefix'] ?? $name;
3368
3369 foreach ( $opts as $value ) {
3370 $multiselectOptions["$prefix$value"] = true;
3371 }
3372
3373 unset( $prefs[$name] );
3374 }
3375 }
3376 $checkmatrixOptions = [];
3377 foreach ( $prefs as $name => $info ) {
3378 if ( ( isset( $info['type'] ) && $info['type'] == 'checkmatrix' ) ||
3379 ( isset( $info['class'] ) && $info['class'] == HTMLCheckMatrix::class ) ) {
3380 $columns = HTMLFormField::flattenOptions( $info['columns'] );
3381 $rows = HTMLFormField::flattenOptions( $info['rows'] );
3382 $prefix = $info['prefix'] ?? $name;
3383
3384 foreach ( $columns as $column ) {
3385 foreach ( $rows as $row ) {
3386 $checkmatrixOptions["$prefix$column-$row"] = true;
3387 }
3388 }
3389
3390 unset( $prefs[$name] );
3391 }
3392 }
3393
3394 // $value is ignored
3395 foreach ( $options as $key => $value ) {
3396 if ( isset( $prefs[$key] ) ) {
3397 $mapping[$key] = 'registered';
3398 } elseif ( isset( $multiselectOptions[$key] ) ) {
3399 $mapping[$key] = 'registered-multiselect';
3400 } elseif ( isset( $checkmatrixOptions[$key] ) ) {
3401 $mapping[$key] = 'registered-checkmatrix';
3402 } elseif ( isset( $specialOptions[$key] ) ) {
3403 $mapping[$key] = 'special';
3404 } elseif ( substr( $key, 0, 7 ) === 'userjs-' ) {
3405 $mapping[$key] = 'userjs';
3406 } else {
3407 $mapping[$key] = 'unused';
3408 }
3409 }
3410
3411 return $mapping;
3412 }
3413
3414 /**
3415 * Reset certain (or all) options to the site defaults
3416 *
3417 * The optional parameter determines which kinds of preferences will be reset.
3418 * Supported values are everything that can be reported by getOptionKinds()
3419 * and 'all', which forces a reset of *all* preferences and overrides everything else.
3420 *
3421 * @param array|string $resetKinds Which kinds of preferences to reset. Defaults to
3422 * array( 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' )
3423 * for backwards-compatibility.
3424 * @param IContextSource|null $context Context source used when $resetKinds
3425 * does not contain 'all', passed to getOptionKinds().
3426 * Defaults to RequestContext::getMain() when null.
3427 */
3428 public function resetOptions(
3429 $resetKinds = [ 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' ],
3430 IContextSource $context = null
3431 ) {
3432 $this->load();
3433 $defaultOptions = self::getDefaultOptions();
3434
3435 if ( !is_array( $resetKinds ) ) {
3436 $resetKinds = [ $resetKinds ];
3437 }
3438
3439 if ( in_array( 'all', $resetKinds ) ) {
3440 $newOptions = $defaultOptions;
3441 } else {
3442 if ( $context === null ) {
3443 $context = RequestContext::getMain();
3444 }
3445
3446 $optionKinds = $this->getOptionKinds( $context );
3447 $resetKinds = array_intersect( $resetKinds, self::listOptionKinds() );
3448 $newOptions = [];
3449
3450 // Use default values for the options that should be deleted, and
3451 // copy old values for the ones that shouldn't.
3452 foreach ( $this->mOptions as $key => $value ) {
3453 if ( in_array( $optionKinds[$key], $resetKinds ) ) {
3454 if ( array_key_exists( $key, $defaultOptions ) ) {
3455 $newOptions[$key] = $defaultOptions[$key];
3456 }
3457 } else {
3458 $newOptions[$key] = $value;
3459 }
3460 }
3461 }
3462
3463 Hooks::run( 'UserResetAllOptions', [ $this, &$newOptions, $this->mOptions, $resetKinds ] );
3464
3465 $this->mOptions = $newOptions;
3466 $this->mOptionsLoaded = true;
3467 }
3468
3469 /**
3470 * Get the user's preferred date format.
3471 * @return string User's preferred date format
3472 */
3473 public function getDatePreference() {
3474 // Important migration for old data rows
3475 if ( is_null( $this->mDatePreference ) ) {
3476 global $wgLang;
3477 $value = $this->getOption( 'date' );
3478 $map = $wgLang->getDatePreferenceMigrationMap();
3479 if ( isset( $map[$value] ) ) {
3480 $value = $map[$value];
3481 }
3482 $this->mDatePreference = $value;
3483 }
3484 return $this->mDatePreference;
3485 }
3486
3487 /**
3488 * Determine based on the wiki configuration and the user's options,
3489 * whether this user must be over HTTPS no matter what.
3490 *
3491 * @return bool
3492 */
3493 public function requiresHTTPS() {
3494 global $wgSecureLogin;
3495 if ( !$wgSecureLogin ) {
3496 return false;
3497 } else {
3498 $https = $this->getBoolOption( 'prefershttps' );
3499 Hooks::run( 'UserRequiresHTTPS', [ $this, &$https ] );
3500 if ( $https ) {
3501 $https = wfCanIPUseHTTPS( $this->getRequest()->getIP() );
3502 }
3503 return $https;
3504 }
3505 }
3506
3507 /**
3508 * Get the user preferred stub threshold
3509 *
3510 * @return int
3511 */
3512 public function getStubThreshold() {
3513 global $wgMaxArticleSize; # Maximum article size, in Kb
3514 $threshold = $this->getIntOption( 'stubthreshold' );
3515 if ( $threshold