User.php

Go to the documentation of this file.

<?php
define( 'USER_TOKEN_LENGTH', 32 );

define( 'MW_USER_VERSION', 9 );

define( 'EDIT_TOKEN_SUFFIX', '+\\' );

class PasswordError extends MWException {
    // NOP
}

class User {
    const USER_TOKEN_LENGTH = USER_TOKEN_LENGTH;
    const MW_USER_VERSION = MW_USER_VERSION;
    const EDIT_TOKEN_SUFFIX = EDIT_TOKEN_SUFFIX;

    const MAX_WATCHED_ITEMS_CACHE = 100;

    static $mCacheVars = array(
        // user table
        'mId',
        'mName',
        'mRealName',
        'mPassword',
        'mNewpassword',
        'mNewpassTime',
        'mEmail',
        'mTouched',
        'mToken',
        'mEmailAuthenticated',
        'mEmailToken',
        'mEmailTokenExpires',
        'mPasswordExpires',
        'mRegistration',
        'mEditCount',
        // user_groups table
        'mGroups',
        // user_properties table
        'mOptionOverrides',
    );

    static $mCoreRights = array(
        'apihighlimits',
        'autoconfirmed',
        'autopatrol',
        'bigdelete',
        'block',
        'blockemail',
        'bot',
        'browsearchive',
        'createaccount',
        'createpage',
        'createtalk',
        'delete',
        'deletedhistory',
        'deletedtext',
        'deletelogentry',
        'deleterevision',
        'edit',
        'editinterface',
        'editprotected',
        'editmyoptions',
        'editmyprivateinfo',
        'editmyusercss',
        'editmyuserjs',
        'editmywatchlist',
        'editsemiprotected',
        'editusercssjs', #deprecated
        'editusercss',
        'edituserjs',
        'hideuser',
        'import',
        'importupload',
        'ipblock-exempt',
        'markbotedits',
        'mergehistory',
        'minoredit',
        'move',
        'movefile',
        'move-rootuserpages',
        'move-subpages',
        'nominornewtalk',
        'noratelimit',
        'override-export-depth',
        'passwordreset',
        'patrol',
        'patrolmarks',
        'protect',
        'proxyunbannable',
        'purge',
        'read',
        'reupload',
        'reupload-own',
        'reupload-shared',
        'rollback',
        'sendemail',
        'siteadmin',
        'suppressionlog',
        'suppressredirect',
        'suppressrevision',
        'unblockself',
        'undelete',
        'unwatchedpages',
        'upload',
        'upload_by_url',
        'userrights',
        'userrights-interwiki',
        'viewmyprivateinfo',
        'viewmywatchlist',
        'writeapi',
    );
    static $mAllRights = false;

    var $mId, $mName, $mRealName, $mPassword, $mNewpassword, $mNewpassTime,
        $mEmail, $mTouched, $mToken, $mEmailAuthenticated,
        $mEmailToken, $mEmailTokenExpires, $mRegistration, $mEditCount,
        $mGroups, $mOptionOverrides;

    protected $mPasswordExpires;

    var $mOptionsLoaded;

    private $mLoadedItems = array();

    var $mFrom;

    var $mNewtalk, $mDatePreference, $mBlockedby, $mHash, $mRights,
        $mBlockreason, $mEffectiveGroups, $mImplicitGroups, $mFormerGroups, $mBlockedGlobally,
        $mLocked, $mHideName, $mOptions;

    private $mRequest;

    var $mBlock;

    var $mAllowUsertalk;

    private $mBlockedFromCreateAccount = false;

    private $mWatchedItems = array();

    static $idCacheByName = array();

    public function __construct() {
        $this->clearInstanceCache( 'defaults' );
    }

    public function __toString() {
        return $this->getName();
    }

    public function load() {
        if ( $this->mLoadedItems === true ) {
            return;
        }
        wfProfileIn( __METHOD__ );

        // Set it now to avoid infinite recursion in accessors
        $this->mLoadedItems = true;

        switch ( $this->mFrom ) {
            case 'defaults':
                $this->loadDefaults();
                break;
            case 'name':
                $this->mId = self::idFromName( $this->mName );
                if ( !$this->mId ) {
                    // Nonexistent user placeholder object
                    $this->loadDefaults( $this->mName );
                } else {
                    $this->loadFromId();
                }
                break;
            case 'id':
                $this->loadFromId();
                break;
            case 'session':
                if ( !$this->loadFromSession() ) {
                    // Loading from session failed. Load defaults.
                    $this->loadDefaults();
                }
                wfRunHooks( 'UserLoadAfterLoadFromSession', array( $this ) );
                break;
            default:
                wfProfileOut( __METHOD__ );
                throw new MWException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" );
        }
        wfProfileOut( __METHOD__ );
    }

    public function loadFromId() {
        global $wgMemc;
        if ( $this->mId == 0 ) {
            $this->loadDefaults();
            return false;
        }

        // Try cache
        $key = wfMemcKey( 'user', 'id', $this->mId );
        $data = $wgMemc->get( $key );
        if ( !is_array( $data ) || $data['mVersion'] < MW_USER_VERSION ) {
            // Object is expired, load from DB
            $data = false;
        }

        if ( !$data ) {
            wfDebug( "User: cache miss for user {$this->mId}\n" );
            // Load from DB
            if ( !$this->loadFromDatabase() ) {
                // Can't load from ID, user is anonymous
                return false;
            }
            $this->saveToCache();
        } else {
            wfDebug( "User: got user {$this->mId} from cache\n" );
            // Restore from cache
            foreach ( self::$mCacheVars as $name ) {
                $this->$name = $data[$name];
            }
        }

        $this->mLoadedItems = true;

        return true;
    }

    public function saveToCache() {
        $this->load();
        $this->loadGroups();
        $this->loadOptions();
        if ( $this->isAnon() ) {
            // Anonymous users are uncached
            return;
        }
        $data = array();
        foreach ( self::$mCacheVars as $name ) {
            $data[$name] = $this->$name;
        }
        $data['mVersion'] = MW_USER_VERSION;
        $key = wfMemcKey( 'user', 'id', $this->mId );
        global $wgMemc;
        $wgMemc->set( $key, $data );
    }


    public static function newFromName( $name, $validate = 'valid' ) {
        if ( $validate === true ) {
            $validate = 'valid';
        }
        $name = self::getCanonicalName( $name, $validate );
        if ( $name === false ) {
            return false;
        } else {
            // Create unloaded user object
            $u = new User;
            $u->mName = $name;
            $u->mFrom = 'name';
            $u->setItemLoaded( 'name' );
            return $u;
        }
    }

    public static function newFromId( $id ) {
        $u = new User;
        $u->mId = $id;
        $u->mFrom = 'id';
        $u->setItemLoaded( 'id' );
        return $u;
    }

    public static function newFromConfirmationCode( $code ) {
        $dbr = wfGetDB( DB_SLAVE );
        $id = $dbr->selectField( 'user', 'user_id', array(
            'user_email_token' => md5( $code ),
            'user_email_token_expires > ' . $dbr->addQuotes( $dbr->timestamp() ),
            ) );
        if ( $id !== false ) {
            return User::newFromId( $id );
        } else {
            return null;
        }
    }

    public static function newFromSession( WebRequest $request = null ) {
        $user = new User;
        $user->mFrom = 'session';
        $user->mRequest = $request;
        return $user;
    }

    public static function newFromRow( $row, $data = null ) {
        $user = new User;
        $user->loadFromRow( $row, $data );
        return $user;
    }


    public static function whoIs( $id ) {
        return UserCache::singleton()->getProp( $id, 'name' );
    }

    public static function whoIsReal( $id ) {
        return UserCache::singleton()->getProp( $id, 'real_name' );
    }

    public static function idFromName( $name ) {
        $nt = Title::makeTitleSafe( NS_USER, $name );
        if ( is_null( $nt ) ) {
            // Illegal name
            return null;
        }

        if ( isset( self::$idCacheByName[$name] ) ) {
            return self::$idCacheByName[$name];
        }

        $dbr = wfGetDB( DB_SLAVE );
        $s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $nt->getText() ), __METHOD__ );

        if ( $s === false ) {
            $result = null;
        } else {
            $result = $s->user_id;
        }

        self::$idCacheByName[$name] = $result;

        if ( count( self::$idCacheByName ) > 1000 ) {
            self::$idCacheByName = array();
        }

        return $result;
    }

    public static function resetIdByNameCache() {
        self::$idCacheByName = array();
    }

    public static function isIP( $name ) {
        return preg_match( '/^\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx|\d{1,3})$/', $name ) || IP::isIPv6( $name );
    }

    public static function isValidUserName( $name ) {
        global $wgContLang, $wgMaxNameChars;

        if ( $name == ''
        || User::isIP( $name )
        || strpos( $name, '/' ) !== false
        || strlen( $name ) > $wgMaxNameChars
        || $name != $wgContLang->ucfirst( $name ) ) {
            wfDebugLog( 'username', __METHOD__ .
                ": '$name' invalid due to empty, IP, slash, length, or lowercase" );
            return false;
        }

        // Ensure that the name can't be misresolved as a different title,
        // such as with extra namespace keys at the start.
        $parsed = Title::newFromText( $name );
        if ( is_null( $parsed )
            || $parsed->getNamespace()
            || strcmp( $name, $parsed->getPrefixedText() ) ) {
            wfDebugLog( 'username', __METHOD__ .
                ": '$name' invalid due to ambiguous prefixes" );
            return false;
        }

        // Check an additional blacklist of troublemaker characters.
        // Should these be merged into the title char list?
        $unicodeBlacklist = '/[' .
            '\x{0080}-\x{009f}' . # iso-8859-1 control chars
            '\x{00a0}' .          # non-breaking space
            '\x{2000}-\x{200f}' . # various whitespace
            '\x{2028}-\x{202f}' . # breaks and control chars
            '\x{3000}' .          # ideographic space
            '\x{e000}-\x{f8ff}' . # private use
            ']/u';
        if ( preg_match( $unicodeBlacklist, $name ) ) {
            wfDebugLog( 'username', __METHOD__ .
                ": '$name' invalid due to blacklisted characters" );
            return false;
        }

        return true;
    }

    public static function isUsableName( $name ) {
        global $wgReservedUsernames;
        // Must be a valid username, obviously ;)
        if ( !self::isValidUserName( $name ) ) {
            return false;
        }

        static $reservedUsernames = false;
        if ( !$reservedUsernames ) {
            $reservedUsernames = $wgReservedUsernames;
            wfRunHooks( 'UserGetReservedNames', array( &$reservedUsernames ) );
        }

        // Certain names may be reserved for batch processes.
        foreach ( $reservedUsernames as $reserved ) {
            if ( substr( $reserved, 0, 4 ) == 'msg:' ) {
                $reserved = wfMessage( substr( $reserved, 4 ) )->inContentLanguage()->text();
            }
            if ( $reserved == $name ) {
                return false;
            }
        }
        return true;
    }

    public static function isCreatableName( $name ) {
        global $wgInvalidUsernameCharacters;

        // Ensure that the username isn't longer than 235 bytes, so that
        // (at least for the builtin skins) user javascript and css files
        // will work. (bug 23080)
        if ( strlen( $name ) > 235 ) {
            wfDebugLog( 'username', __METHOD__ .
                ": '$name' invalid due to length" );
            return false;
        }

        // Preg yells if you try to give it an empty string
        if ( $wgInvalidUsernameCharacters !== '' ) {
            if ( preg_match( '/[' . preg_quote( $wgInvalidUsernameCharacters, '/' ) . ']/', $name ) ) {
                wfDebugLog( 'username', __METHOD__ .
                    ": '$name' invalid due to wgInvalidUsernameCharacters" );
                return false;
            }
        }

        return self::isUsableName( $name );
    }

    public function isValidPassword( $password ) {
        //simple boolean wrapper for getPasswordValidity
        return $this->getPasswordValidity( $password ) === true;
    }


    public function getPasswordValidity( $password ) {
        $result = $this->checkPasswordValidity( $password );
        if ( $result->isGood() ) {
            return true;
        } else {
            $messages = array();
            foreach ( $result->getErrorsByType( 'error' ) as $error ) {
                $messages[] = $error['message'];
            }
            foreach ( $result->getErrorsByType( 'warning' ) as $warning ) {
                $messages[] = $warning['message'];
            }
            if ( count( $messages ) === 1 ) {
                return $messages[0];
            }
            return $messages;
        }
    }

    public function checkPasswordValidity( $password ) {
        global $wgMinimalPasswordLength, $wgContLang;

        static $blockedLogins = array(
            'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589
            'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605
        );

        $status = Status::newGood();

        $result = false; //init $result to false for the internal checks

        if ( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) ) {
            $status->error( $result );
            return $status;
        }

        if ( $result === false ) {
            if ( strlen( $password ) < $wgMinimalPasswordLength ) {
                $status->error( 'passwordtooshort', $wgMinimalPasswordLength );
                return $status;
            } elseif ( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
                $status->error( 'password-name-match' );
                return $status;
            } elseif ( isset( $blockedLogins[$this->getName()] ) && $password == $blockedLogins[$this->getName()] ) {
                $status->error( 'password-login-forbidden' );
                return $status;
            } else {
                //it seems weird returning a Good status here, but this is because of the
                //initialization of $result to false above. If the hook is never run or it
                //doesn't modify $result, then we will likely get down into this if with
                //a valid password.
                return $status;
            }
        } elseif ( $result === true ) {
            return $status;
        } else {
            $status->error( $result );
            return $status; //the isValidPassword hook set a string $result and returned true
        }
    }

    public function expirePassword( $ts = 0 ) {
        $this->load();
        $timestamp = wfTimestamp( TS_MW, $ts );
        $this->mPasswordExpires = $timestamp;
        $this->saveSettings();
    }

    public function resetPasswordExpiration( $load = true ) {
        global $wgPasswordExpirationDays;
        if ( $load ) {
            $this->load();
        }
        $newExpire = null;
        if ( $wgPasswordExpirationDays ) {
            $newExpire = wfTimestamp(
                TS_MW,
                time() + ( $wgPasswordExpirationDays * 24 * 3600 )
            );
        }
        // Give extensions a chance to force an expiration
        wfRunHooks( 'ResetPasswordExpiration', array( $this, &$newExpire ) );
        $this->mPasswordExpires = $newExpire;
    }

    public function getPasswordExpired() {
        global $wgPasswordExpireGrace;
        $expired = false;
        $now = wfTimestamp();
        $expiration = $this->getPasswordExpireDate();
        $expUnix = wfTimestamp( TS_UNIX, $expiration );
        if ( $expiration !== null && $expUnix < $now ) {
            $expired = ( $expUnix + $wgPasswordExpireGrace < $now ) ? 'hard' : 'soft';
        }
        return $expired;
    }

    public function getPasswordExpireDate() {
        $this->load();
        return $this->mPasswordExpires;
    }

    public static function isValidEmailAddr( $addr ) {
        wfDeprecated( __METHOD__, '1.18' );
        return Sanitizer::validateEmail( $addr );
    }

    public static function getCanonicalName( $name, $validate = 'valid' ) {
        // Force usernames to capital
        global $wgContLang;
        $name = $wgContLang->ucfirst( $name );

        # Reject names containing '#'; these will be cleaned up
        # with title normalisation, but then it's too late to
        # check elsewhere
        if ( strpos( $name, '#' ) !== false ) {
            return false;
        }

        // Clean up name according to title rules
        $t = ( $validate === 'valid' ) ?
            Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name );
        // Check for invalid titles
        if ( is_null( $t ) ) {
            return false;
        }

        // Reject various classes of invalid names
        global $wgAuth;
        $name = $wgAuth->getCanonicalName( $t->getText() );

        switch ( $validate ) {
            case false:
                break;
            case 'valid':
                if ( !User::isValidUserName( $name ) ) {
                    $name = false;
                }
                break;
            case 'usable':
                if ( !User::isUsableName( $name ) ) {
                    $name = false;
                }
                break;
            case 'creatable':
                if ( !User::isCreatableName( $name ) ) {
                    $name = false;
                }
                break;
            default:
                throw new MWException( 'Invalid parameter value for $validate in ' . __METHOD__ );
        }
        return $name;
    }

    public static function edits( $uid ) {
        wfDeprecated( __METHOD__, '1.21' );
        $user = self::newFromId( $uid );
        return $user->getEditCount();
    }

    public static function randomPassword() {
        global $wgMinimalPasswordLength;
        // Decide the final password length based on our min password length, stopping at a minimum of 10 chars
        $length = max( 10, $wgMinimalPasswordLength );
        // Multiply by 1.25 to get the number of hex characters we need
        $length = $length * 1.25;
        // Generate random hex chars
        $hex = MWCryptRand::generateHex( $length );
        // Convert from base 16 to base 32 to get a proper password like string
        return wfBaseConvert( $hex, 16, 32 );
    }

    public function loadDefaults( $name = false ) {
        wfProfileIn( __METHOD__ );

        $this->mId = 0;
        $this->mName = $name;
        $this->mRealName = '';
        $this->mPassword = $this->mNewpassword = '';
        $this->mNewpassTime = null;
        $this->mEmail = '';
        $this->mOptionOverrides = null;
        $this->mOptionsLoaded = false;

        $loggedOut = $this->getRequest()->getCookie( 'LoggedOut' );
        if ( $loggedOut !== null ) {
            $this->mTouched = wfTimestamp( TS_MW, $loggedOut );
        } else {
            $this->mTouched = '1'; # Allow any pages to be cached
        }

        $this->mToken = null; // Don't run cryptographic functions till we need a token
        $this->mEmailAuthenticated = null;
        $this->mEmailToken = '';
        $this->mEmailTokenExpires = null;
        $this->mPasswordExpires = null;
        $this->resetPasswordExpiration( false );
        $this->mRegistration = wfTimestamp( TS_MW );
        $this->mGroups = array();

        wfRunHooks( 'UserLoadDefaults', array( $this, $name ) );

        wfProfileOut( __METHOD__ );
    }

    public function isItemLoaded( $item, $all = 'all' ) {
        return ( $this->mLoadedItems === true && $all === 'all' ) ||
            ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true );
    }

    protected function setItemLoaded( $item ) {
        if ( is_array( $this->mLoadedItems ) ) {
            $this->mLoadedItems[$item] = true;
        }
    }

    private function loadFromSession() {
        $result = null;
        wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
        if ( $result !== null ) {
            return $result;
        }

        $request = $this->getRequest();

        $cookieId = $request->getCookie( 'UserID' );
        $sessId = $request->getSessionData( 'wsUserID' );

        if ( $cookieId !== null ) {
            $sId = intval( $cookieId );
            if ( $sessId !== null && $cookieId != $sessId ) {
                wfDebugLog( 'loginSessions', "Session user ID ($sessId) and
                    cookie user ID ($sId) don't match!" );
                return false;
            }
            $request->setSessionData( 'wsUserID', $sId );
        } elseif ( $sessId !== null && $sessId != 0 ) {
            $sId = $sessId;
        } else {
            return false;
        }

        if ( $request->getSessionData( 'wsUserName' ) !== null ) {
            $sName = $request->getSessionData( 'wsUserName' );
        } elseif ( $request->getCookie( 'UserName' ) !== null ) {
            $sName = $request->getCookie( 'UserName' );
            $request->setSessionData( 'wsUserName', $sName );
        } else {
            return false;
        }

        $proposedUser = User::newFromId( $sId );
        if ( !$proposedUser->isLoggedIn() ) {
            // Not a valid ID
            return false;
        }

        global $wgBlockDisablesLogin;
        if ( $wgBlockDisablesLogin && $proposedUser->isBlocked() ) {
            // User blocked and we've disabled blocked user logins
            return false;
        }

        if ( $request->getSessionData( 'wsToken' ) ) {
            $passwordCorrect = ( $proposedUser->getToken( false ) === $request->getSessionData( 'wsToken' ) );
            $from = 'session';
        } elseif ( $request->getCookie( 'Token' ) ) {
            # Get the token from DB/cache and clean it up to remove garbage padding.
            # This deals with historical problems with bugs and the default column value.
            $token = rtrim( $proposedUser->getToken( false ) ); // correct token
            // Make comparison in constant time (bug 61346)
            $passwordCorrect = strlen( $token ) && $this->compareSecrets( $token, $request->getCookie( 'Token' ) );
            $from = 'cookie';
        } else {
            // No session or persistent login cookie
            return false;
        }

        if ( ( $sName === $proposedUser->getName() ) && $passwordCorrect ) {
            $this->loadFromUserObject( $proposedUser );
            $request->setSessionData( 'wsToken', $this->mToken );
            wfDebug( "User: logged in from $from\n" );
            return true;
        } else {
            // Invalid credentials
            wfDebug( "User: can't log in from $from, invalid credentials\n" );
            return false;
        }
    }

    protected function compareSecrets( $answer, $test ) {
        if ( strlen( $answer ) !== strlen( $test ) ) {
            $passwordCorrect = false;
        } else {
            $result = 0;
            for ( $i = 0; $i < strlen( $answer ); $i++ ) {
                $result |= ord( $answer[$i] ) ^ ord( $test[$i] );
            }
            $passwordCorrect = ( $result == 0 );
        }
        return $passwordCorrect;
    }

    public function loadFromDatabase() {
        // Paranoia
        $this->mId = intval( $this->mId );

        // Anonymous user
        if ( !$this->mId ) {
            $this->loadDefaults();
            return false;
        }

        $dbr = wfGetDB( DB_MASTER );
        $s = $dbr->selectRow( 'user', self::selectFields(), array( 'user_id' => $this->mId ), __METHOD__ );

        wfRunHooks( 'UserLoadFromDatabase', array( $this, &$s ) );

        if ( $s !== false ) {
            // Initialise user table data
            $this->loadFromRow( $s );
            $this->mGroups = null; // deferred
            $this->getEditCount(); // revalidation for nulls
            return true;
        } else {
            // Invalid user_id
            $this->mId = 0;
            $this->loadDefaults();
            return false;
        }
    }

    public function loadFromRow( $row, $data = null ) {
        $all = true;

        $this->mGroups = null; // deferred

        if ( isset( $row->user_name ) ) {
            $this->mName = $row->user_name;
            $this->mFrom = 'name';
            $this->setItemLoaded( 'name' );
        } else {
            $all = false;
        }

        if ( isset( $row->user_real_name ) ) {
            $this->mRealName = $row->user_real_name;
            $this->setItemLoaded( 'realname' );
        } else {
            $all = false;
        }

        if ( isset( $row->user_id ) ) {
            $this->mId = intval( $row->user_id );
            $this->mFrom = 'id';
            $this->setItemLoaded( 'id' );
        } else {
            $all = false;
        }

        if ( isset( $row->user_editcount ) ) {
            $this->mEditCount = $row->user_editcount;
        } else {
            $all = false;
        }

        if ( isset( $row->user_password ) ) {
            $this->mPassword = $row->user_password;
            $this->mNewpassword = $row->user_newpassword;
            $this->mNewpassTime = wfTimestampOrNull( TS_MW, $row->user_newpass_time );
            $this->mEmail = $row->user_email;
            $this->mTouched = wfTimestamp( TS_MW, $row->user_touched );
            $this->mToken = $row->user_token;
            if ( $this->mToken == '' ) {
                $this->mToken = null;
            }
            $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated );
            $this->mEmailToken = $row->user_email_token;
            $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires );
            $this->mPasswordExpires = wfTimestampOrNull( TS_MW, $row->user_password_expires );
            $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration );
        } else {
            $all = false;
        }

        if ( $all ) {
            $this->mLoadedItems = true;
        }

        if ( is_array( $data ) ) {
            if ( isset( $data['user_groups'] ) && is_array( $data['user_groups'] ) ) {
                $this->mGroups = $data['user_groups'];
            }
            if ( isset( $data['user_properties'] ) && is_array( $data['user_properties'] ) ) {
                $this->loadOptions( $data['user_properties'] );
            }
        }
    }

    protected function loadFromUserObject( $user ) {
        $user->load();
        $user->loadGroups();
        $user->loadOptions();
        foreach ( self::$mCacheVars as $var ) {
            $this->$var = $user->$var;
        }
    }

    private function loadGroups() {
        if ( is_null( $this->mGroups ) ) {
            $dbr = wfGetDB( DB_MASTER );
            $res = $dbr->select( 'user_groups',
                array( 'ug_group' ),
                array( 'ug_user' => $this->mId ),
                __METHOD__ );
            $this->mGroups = array();
            foreach ( $res as $row ) {
                $this->mGroups[] = $row->ug_group;
            }
        }
    }

    public function addAutopromoteOnceGroups( $event ) {
        global $wgAutopromoteOnceLogInRC, $wgAuth;

        $toPromote = array();
        if ( $this->getId() ) {
            $toPromote = Autopromote::getAutopromoteOnceGroups( $this, $event );
            if ( count( $toPromote ) ) {
                $oldGroups = $this->getGroups(); // previous groups

                foreach ( $toPromote as $group ) {
                    $this->addGroup( $group );
                }
                // update groups in external authentication database
                $wgAuth->updateExternalDBGroups( $this, $toPromote );

                $newGroups = array_merge( $oldGroups, $toPromote ); // all groups

                $logEntry = new ManualLogEntry( 'rights', 'autopromote' );
                $logEntry->setPerformer( $this );
                $logEntry->setTarget( $this->getUserPage() );
                $logEntry->setParameters( array(
                    '4::oldgroups' => $oldGroups,
                    '5::newgroups' => $newGroups,
                ) );
                $logid = $logEntry->insert();
                if ( $wgAutopromoteOnceLogInRC ) {
                    $logEntry->publish( $logid );
                }
            }
        }
        return $toPromote;
    }

    public function clearInstanceCache( $reloadFrom = false ) {
        $this->mNewtalk = -1;
        $this->mDatePreference = null;
        $this->mBlockedby = -1; # Unset
        $this->mHash = false;
        $this->mRights = null;
        $this->mEffectiveGroups = null;
        $this->mImplicitGroups = null;
        $this->mGroups = null;
        $this->mOptions = null;
        $this->mOptionsLoaded = false;
        $this->mEditCount = null;

        if ( $reloadFrom ) {
            $this->mLoadedItems = array();
            $this->mFrom = $reloadFrom;
        }
    }

    public static function getDefaultOptions() {
        global $wgNamespacesToBeSearchedDefault, $wgDefaultUserOptions, $wgContLang, $wgDefaultSkin;

        static $defOpt = null;
        if ( !defined( 'MW_PHPUNIT_TEST' ) && $defOpt !== null ) {
            // Disabling this for the unit tests, as they rely on being able to change $wgContLang
            // mid-request and see that change reflected in the return value of this function.
            // Which is insane and would never happen during normal MW operation
            return $defOpt;
        }

        $defOpt = $wgDefaultUserOptions;
        // Default language setting
        $defOpt['language'] = $wgContLang->getCode();
        foreach ( LanguageConverter::$languagesWithVariants as $langCode ) {
            $defOpt[$langCode == $wgContLang->getCode() ? 'variant' : "variant-$langCode"] = $langCode;
        }
        foreach ( SearchEngine::searchableNamespaces() as $nsnum => $nsname ) {
            $defOpt['searchNs' . $nsnum] = !empty( $wgNamespacesToBeSearchedDefault[$nsnum] );
        }
        $defOpt['skin'] = $wgDefaultSkin;

        wfRunHooks( 'UserGetDefaultOptions', array( &$defOpt ) );

        return $defOpt;
    }

    public static function getDefaultOption( $opt ) {
        $defOpts = self::getDefaultOptions();
        if ( isset( $defOpts[$opt] ) ) {
            return $defOpts[$opt];
        } else {
            return null;
        }
    }

    private function getBlockedStatus( $bFromSlave = true ) {
        global $wgProxyWhitelist, $wgUser, $wgApplyIpBlocksToXff;

        if ( -1 != $this->mBlockedby ) {
            return;
        }

        wfProfileIn( __METHOD__ );
        wfDebug( __METHOD__ . ": checking...\n" );

        // Initialize data...
        // Otherwise something ends up stomping on $this->mBlockedby when
        // things get lazy-loaded later, causing false positive block hits
        // due to -1 !== 0. Probably session-related... Nothing should be
        // overwriting mBlockedby, surely?
        $this->load();

        # We only need to worry about passing the IP address to the Block generator if the
        # user is not immune to autoblocks/hardblocks, and they are the current user so we
        # know which IP address they're actually coming from
        if ( !$this->isAllowed( 'ipblock-exempt' ) && $this->getID() == $wgUser->getID() ) {
            $ip = $this->getRequest()->getIP();
        } else {
            $ip = null;
        }

        // User/IP blocking
        $block = Block::newFromTarget( $this, $ip, !$bFromSlave );

        // Proxy blocking
        if ( !$block instanceof Block && $ip !== null && !$this->isAllowed( 'proxyunbannable' )
            && !in_array( $ip, $wgProxyWhitelist )
        ) {
            // Local list
            if ( self::isLocallyBlockedProxy( $ip ) ) {
                $block = new Block;
                $block->setBlocker( wfMessage( 'proxyblocker' )->text() );
                $block->mReason = wfMessage( 'proxyblockreason' )->text();
                $block->setTarget( $ip );
            } elseif ( $this->isAnon() && $this->isDnsBlacklisted( $ip ) ) {
                $block = new Block;
                $block->setBlocker( wfMessage( 'sorbs' )->text() );
                $block->mReason = wfMessage( 'sorbsreason' )->text();
                $block->setTarget( $ip );
            }
        }

        // (bug 23343) Apply IP blocks to the contents of XFF headers, if enabled
        if ( !$block instanceof Block
            && $wgApplyIpBlocksToXff
            && $ip !== null
            && !$this->isAllowed( 'proxyunbannable' )
            && !in_array( $ip, $wgProxyWhitelist )
        ) {
            $xff = $this->getRequest()->getHeader( 'X-Forwarded-For' );
            $xff = array_map( 'trim', explode( ',', $xff ) );
            $xff = array_diff( $xff, array( $ip ) );
            $xffblocks = Block::getBlocksForIPList( $xff, $this->isAnon(), !$bFromSlave );
            $block = Block::chooseBlock( $xffblocks, $xff );
            if ( $block instanceof Block ) {
                # Mangle the reason to alert the user that the block
                # originated from matching the X-Forwarded-For header.
                $block->mReason = wfMessage( 'xffblockreason', $block->mReason )->text();
            }
        }

        if ( $block instanceof Block ) {
            wfDebug( __METHOD__ . ": Found block.\n" );
            $this->mBlock = $block;
            $this->mBlockedby = $block->getByName();
            $this->mBlockreason = $block->mReason;
            $this->mHideName = $block->mHideName;
            $this->mAllowUsertalk = !$block->prevents( 'editownusertalk' );
        } else {
            $this->mBlockedby = '';
            $this->mHideName = 0;
            $this->mAllowUsertalk = false;
        }

        // Extensions
        wfRunHooks( 'GetBlockedStatus', array( &$this ) );

        wfProfileOut( __METHOD__ );
    }

    public function isDnsBlacklisted( $ip, $checkWhitelist = false ) {
        global $wgEnableSorbs, $wgEnableDnsBlacklist,
            $wgSorbsUrl, $wgDnsBlacklistUrls, $wgProxyWhitelist;

        if ( !$wgEnableDnsBlacklist && !$wgEnableSorbs ) {
            return false;
        }

        if ( $checkWhitelist && in_array( $ip, $wgProxyWhitelist ) ) {
            return false;
        }

        $urls = array_merge( $wgDnsBlacklistUrls, (array)$wgSorbsUrl );
        return $this->inDnsBlacklist( $ip, $urls );
    }

    public function inDnsBlacklist( $ip, $bases ) {
        wfProfileIn( __METHOD__ );

        $found = false;
        // @todo FIXME: IPv6 ???  (http://bugs.php.net/bug.php?id=33170)
        if ( IP::isIPv4( $ip ) ) {
            // Reverse IP, bug 21255
            $ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );

            foreach ( (array)$bases as $base ) {
                // Make hostname
                // If we have an access key, use that too (ProjectHoneypot, etc.)
                if ( is_array( $base ) ) {
                    if ( count( $base ) >= 2 ) {
                        // Access key is 1, base URL is 0
                        $host = "{$base[1]}.$ipReversed.{$base[0]}";
                    } else {
                        $host = "$ipReversed.{$base[0]}";
                    }
                } else {
                    $host = "$ipReversed.$base";
                }

                // Send query
                $ipList = gethostbynamel( $host );

                if ( $ipList ) {
                    wfDebugLog( 'dnsblacklist', "Hostname $host is {$ipList[0]}, it's a proxy says $base!" );
                    $found = true;
                    break;
                } else {
                    wfDebugLog( 'dnsblacklist', "Requested $host, not found in $base." );
                }
            }
        }

        wfProfileOut( __METHOD__ );
        return $found;
    }

    public static function isLocallyBlockedProxy( $ip ) {
        global $wgProxyList;

        if ( !$wgProxyList ) {
            return false;
        }
        wfProfileIn( __METHOD__ );

        if ( !is_array( $wgProxyList ) ) {
            // Load from the specified file
            $wgProxyList = array_map( 'trim', file( $wgProxyList ) );
        }

        if ( !is_array( $wgProxyList ) ) {
            $ret = false;
        } elseif ( array_search( $ip, $wgProxyList ) !== false ) {
            $ret = true;
        } elseif ( array_key_exists( $ip, $wgProxyList ) ) {
            // Old-style flipped proxy list
            $ret = true;
        } else {
            $ret = false;
        }
        wfProfileOut( __METHOD__ );
        return $ret;
    }

    public function isPingLimitable() {
        global $wgRateLimitsExcludedIPs;
        if ( in_array( $this->getRequest()->getIP(), $wgRateLimitsExcludedIPs ) ) {
            // No other good way currently to disable rate limits
            // for specific IPs. :P
            // But this is a crappy hack and should die.
            return false;
        }
        return !$this->isAllowed( 'noratelimit' );
    }

    public function pingLimiter( $action = 'edit', $incrBy = 1 ) {
        // Call the 'PingLimiter' hook
        $result = false;
        if ( !wfRunHooks( 'PingLimiter', array( &$this, $action, &$result, $incrBy ) ) ) {
            return $result;
        }

        global $wgRateLimits;
        if ( !isset( $wgRateLimits[$action] ) ) {
            return false;
        }

        // Some groups shouldn't trigger the ping limiter, ever
        if ( !$this->isPingLimitable() ) {
            return false;
        }

        global $wgMemc;
        wfProfileIn( __METHOD__ );

        $limits = $wgRateLimits[$action];
        $keys = array();
        $id = $this->getId();
        $userLimit = false;

        if ( isset( $limits['anon'] ) && $id == 0 ) {
            $keys[wfMemcKey( 'limiter', $action, 'anon' )] = $limits['anon'];
        }

        if ( isset( $limits['user'] ) && $id != 0 ) {
            $userLimit = $limits['user'];
        }
        if ( $this->isNewbie() ) {
            if ( isset( $limits['newbie'] ) && $id != 0 ) {
                $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $limits['newbie'];
            }
            if ( isset( $limits['ip'] ) ) {
                $ip = $this->getRequest()->getIP();
                $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip'];
            }
            if ( isset( $limits['subnet'] ) ) {
                $ip = $this->getRequest()->getIP();
                $matches = array();
                $subnet = false;
                if ( IP::isIPv6( $ip ) ) {
                    $parts = IP::parseRange( "$ip/64" );
                    $subnet = $parts[0];
                } elseif ( preg_match( '/^(\d+\.\d+\.\d+)\.\d+$/', $ip, $matches ) ) {
                    // IPv4
                    $subnet = $matches[1];
                }
                if ( $subnet !== false ) {
                    $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
                }
            }
        }
        // Check for group-specific permissions
        // If more than one group applies, use the group with the highest limit
        foreach ( $this->getGroups() as $group ) {
            if ( isset( $limits[$group] ) ) {
                if ( $userLimit === false || $limits[$group] > $userLimit ) {
                    $userLimit = $limits[$group];
                }
            }
        }
        // Set the user limit key
        if ( $userLimit !== false ) {
            list( $max, $period ) = $userLimit;
            wfDebug( __METHOD__ . ": effective user limit: $max in {$period}s\n" );
            $keys[wfMemcKey( 'limiter', $action, 'user', $id )] = $userLimit;
        }

        $triggered = false;
        foreach ( $keys as $key => $limit ) {
            list( $max, $period ) = $limit;
            $summary = "(limit $max in {$period}s)";
            $count = $wgMemc->get( $key );
            // Already pinged?
            if ( $count ) {
                if ( $count >= $max ) {
                    wfDebugLog( 'ratelimit', $this->getName() . " tripped! $key at $count $summary" );
                    $triggered = true;
                } else {
                    wfDebug( __METHOD__ . ": ok. $key at $count $summary\n" );
                }
            } else {
                wfDebug( __METHOD__ . ": adding record for $key $summary\n" );
                if ( $incrBy > 0 ) {
                    $wgMemc->add( $key, 0, intval( $period ) ); // first ping
                }
            }
            if ( $incrBy > 0 ) {
                $wgMemc->incr( $key, $incrBy );
            }
        }

        wfProfileOut( __METHOD__ );
        return $triggered;
    }

    public function isBlocked( $bFromSlave = true ) { // hacked from false due to horrible probs on site
        return $this->getBlock( $bFromSlave ) instanceof Block && $this->getBlock()->prevents( 'edit' );
    }

    public function getBlock( $bFromSlave = true ) {
        $this->getBlockedStatus( $bFromSlave );
        return $this->mBlock instanceof Block ? $this->mBlock : null;
    }

    public function isBlockedFrom( $title, $bFromSlave = false ) {
        global $wgBlockAllowsUTEdit;
        wfProfileIn( __METHOD__ );

        $blocked = $this->isBlocked( $bFromSlave );
        $allowUsertalk = ( $wgBlockAllowsUTEdit ? $this->mAllowUsertalk : false );
        // If a user's name is suppressed, they cannot make edits anywhere
        if ( !$this->mHideName && $allowUsertalk && $title->getText() === $this->getName()
            && $title->getNamespace() == NS_USER_TALK ) {
            $blocked = false;
            wfDebug( __METHOD__ . ": self-talk page, ignoring any blocks\n" );
        }

        wfRunHooks( 'UserIsBlockedFrom', array( $this, $title, &$blocked, &$allowUsertalk ) );

        wfProfileOut( __METHOD__ );
        return $blocked;
    }

    public function blockedBy() {
        $this->getBlockedStatus();
        return $this->mBlockedby;
    }

    public function blockedFor() {
        $this->getBlockedStatus();
        return $this->mBlockreason;
    }

    public function getBlockId() {
        $this->getBlockedStatus();
        return ( $this->mBlock ? $this->mBlock->getId() : false );
    }

    public function isBlockedGlobally( $ip = '' ) {
        if ( $this->mBlockedGlobally !== null ) {
            return $this->mBlockedGlobally;
        }
        // User is already an IP?
        if ( IP::isIPAddress( $this->getName() ) ) {
            $ip = $this->getName();
        } elseif ( !$ip ) {
            $ip = $this->getRequest()->getIP();
        }
        $blocked = false;
        wfRunHooks( 'UserIsBlockedGlobally', array( &$this, $ip, &$blocked ) );
        $this->mBlockedGlobally = (bool)$blocked;
        return $this->mBlockedGlobally;
    }

    public function isLocked() {
        if ( $this->mLocked !== null ) {
            return $this->mLocked;
        }
        global $wgAuth;
        StubObject::unstub( $wgAuth );
        $authUser = $wgAuth->getUserInstance( $this );
        $this->mLocked = (bool)$authUser->isLocked();
        return $this->mLocked;
    }

    public function isHidden() {
        if ( $this->mHideName !== null ) {
            return $this->mHideName;
        }
        $this->getBlockedStatus();
        if ( !$this->mHideName ) {
            global $wgAuth;
            StubObject::unstub( $wgAuth );
            $authUser = $wgAuth->getUserInstance( $this );
            $this->mHideName = (bool)$authUser->isHidden();
        }
        return $this->mHideName;
    }

    public function getId() {
        if ( $this->mId === null && $this->mName !== null && User::isIP( $this->mName ) ) {
            // Special case, we know the user is anonymous
            return 0;
        } elseif ( !$this->isItemLoaded( 'id' ) ) {
            // Don't load if this was initialized from an ID
            $this->load();
        }
        return $this->mId;
    }

    public function setId( $v ) {
        $this->mId = $v;
        $this->clearInstanceCache( 'id' );
    }

    public function getName() {
        if ( $this->isItemLoaded( 'name', 'only' ) ) {
            // Special case optimisation
            return $this->mName;
        } else {
            $this->load();
            if ( $this->mName === false ) {
                // Clean up IPs
                $this->mName = IP::sanitizeIP( $this->getRequest()->getIP() );
            }
            return $this->mName;
        }
    }

    public function setName( $str ) {
        $this->load();
        $this->mName = $str;
    }

    public function getTitleKey() {
        return str_replace( ' ', '_', $this->getName() );
    }

    public function getNewtalk() {
        $this->load();

        // Load the newtalk status if it is unloaded (mNewtalk=-1)
        if ( $this->mNewtalk === -1 ) {
            $this->mNewtalk = false; # reset talk page status

            // Check memcached separately for anons, who have no
            // entire User object stored in there.
            if ( !$this->mId ) {
                global $wgDisableAnonTalk;
                if ( $wgDisableAnonTalk ) {
                    // Anon newtalk disabled by configuration.
                    $this->mNewtalk = false;
                } else {
                    global $wgMemc;
                    $key = wfMemcKey( 'newtalk', 'ip', $this->getName() );
                    $newtalk = $wgMemc->get( $key );
                    if ( strval( $newtalk ) !== '' ) {
                        $this->mNewtalk = (bool)$newtalk;
                    } else {
                        // Since we are caching this, make sure it is up to date by getting it
                        // from the master
                        $this->mNewtalk = $this->checkNewtalk( 'user_ip', $this->getName(), true );
                        $wgMemc->set( $key, (int)$this->mNewtalk, 1800 );
                    }
                }
            } else {
                $this->mNewtalk = $this->checkNewtalk( 'user_id', $this->mId );
            }
        }

        return (bool)$this->mNewtalk;
    }

    public function getNewMessageLinks() {
        $talks = array();
        if ( !wfRunHooks( 'UserRetrieveNewTalks', array( &$this, &$talks ) ) ) {
            return $talks;
        } elseif ( !$this->getNewtalk() ) {
            return array();
        }
        $utp = $this->getTalkPage();
        $dbr = wfGetDB( DB_SLAVE );
        // Get the "last viewed rev" timestamp from the oldest message notification
        $timestamp = $dbr->selectField( 'user_newtalk',
            'MIN(user_last_timestamp)',
            $this->isAnon() ? array( 'user_ip' => $this->getName() ) : array( 'user_id' => $this->getID() ),
            __METHOD__ );
        $rev = $timestamp ? Revision::loadFromTimestamp( $dbr, $utp, $timestamp ) : null;
        return array( array( 'wiki' => wfWikiID(), 'link' => $utp->getLocalURL(), 'rev' => $rev ) );
    }

    public function getNewMessageRevisionId() {
        $newMessageRevisionId = null;
        $newMessageLinks = $this->getNewMessageLinks();
        if ( $newMessageLinks ) {
            // Note: getNewMessageLinks() never returns more than a single link
            // and it is always for the same wiki, but we double-check here in
            // case that changes some time in the future.
            if ( count( $newMessageLinks ) === 1
                && $newMessageLinks[0]['wiki'] === wfWikiID()
                && $newMessageLinks[0]['rev']
            ) {
                $newMessageRevision = $newMessageLinks[0]['rev'];
                $newMessageRevisionId = $newMessageRevision->getId();
            }
        }
        return $newMessageRevisionId;
    }

    protected function checkNewtalk( $field, $id, $fromMaster = false ) {
        if ( $fromMaster ) {
            $db = wfGetDB( DB_MASTER );
        } else {
            $db = wfGetDB( DB_SLAVE );
        }
        $ok = $db->selectField( 'user_newtalk', $field,
            array( $field => $id ), __METHOD__ );
        return $ok !== false;
    }

    protected function updateNewtalk( $field, $id, $curRev = null ) {
        // Get timestamp of the talk page revision prior to the current one
        $prevRev = $curRev ? $curRev->getPrevious() : false;
        $ts = $prevRev ? $prevRev->getTimestamp() : null;
        // Mark the user as having new messages since this revision
        $dbw = wfGetDB( DB_MASTER );
        $dbw->insert( 'user_newtalk',
            array( $field => $id, 'user_last_timestamp' => $dbw->timestampOrNull( $ts ) ),
            __METHOD__,
            'IGNORE' );
        if ( $dbw->affectedRows() ) {
            wfDebug( __METHOD__ . ": set on ($field, $id)\n" );
            return true;
        } else {
            wfDebug( __METHOD__ . " already set ($field, $id)\n" );
            return false;
        }
    }

    protected function deleteNewtalk( $field, $id ) {
        $dbw = wfGetDB( DB_MASTER );
        $dbw->delete( 'user_newtalk',
            array( $field => $id ),
            __METHOD__ );
        if ( $dbw->affectedRows() ) {
            wfDebug( __METHOD__ . ": killed on ($field, $id)\n" );
            return true;
        } else {
            wfDebug( __METHOD__ . ": already gone ($field, $id)\n" );
            return false;
        }
    }

    public function setNewtalk( $val, $curRev = null ) {
        if ( wfReadOnly() ) {
            return;
        }

        $this->load();
        $this->mNewtalk = $val;

        if ( $this->isAnon() ) {
            $field = 'user_ip';
            $id = $this->getName();
        } else {
            $field = 'user_id';
            $id = $this->getId();
        }
        global $wgMemc;

        if ( $val ) {
            $changed = $this->updateNewtalk( $field, $id, $curRev );
        } else {
            $changed = $this->deleteNewtalk( $field, $id );
        }

        if ( $this->isAnon() ) {
            // Anons have a separate memcached space, since
            // user records aren't kept for them.
            $key = wfMemcKey( 'newtalk', 'ip', $id );
            $wgMemc->set( $key, $val ? 1 : 0, 1800 );
        }
        if ( $changed ) {
            $this->invalidateCache();
        }
    }

    private static function newTouchedTimestamp() {
        global $wgClockSkewFudge;
        return wfTimestamp( TS_MW, time() + $wgClockSkewFudge );
    }

    private function clearSharedCache() {
        $this->load();
        if ( $this->mId ) {
            global $wgMemc;
            $wgMemc->delete( wfMemcKey( 'user', 'id', $this->mId ) );
        }
    }

    public function invalidateCache() {
        if ( wfReadOnly() ) {
            return;
        }
        $this->load();
        if ( $this->mId ) {
            $this->mTouched = self::newTouchedTimestamp();

            $dbw = wfGetDB( DB_MASTER );
            $userid = $this->mId;
            $touched = $this->mTouched;
            $method = __METHOD__;
            $dbw->onTransactionIdle( function() use ( $dbw, $userid, $touched, $method ) {
                // Prevent contention slams by checking user_touched first
                $encTouched = $dbw->addQuotes( $dbw->timestamp( $touched ) );
                $needsPurge = $dbw->selectField( 'user', '1',
                    array( 'user_id' => $userid, 'user_touched < ' . $encTouched ) );
                if ( $needsPurge ) {
                    $dbw->update( 'user',
                        array( 'user_touched' => $dbw->timestamp( $touched ) ),
                        array( 'user_id' => $userid, 'user_touched < ' . $encTouched ),
                        $method
                    );
                }
            } );
            $this->clearSharedCache();
        }
    }

    public function validateCache( $timestamp ) {
        $this->load();
        return ( $timestamp >= $this->mTouched );
    }

    public function getTouched() {
        $this->load();
        return $this->mTouched;
    }

    public function setPassword( $str ) {
        global $wgAuth;

        if ( $str !== null ) {
            if ( !$wgAuth->allowPasswordChange() ) {
                throw new PasswordError( wfMessage( 'password-change-forbidden' )->text() );
            }

            if ( !$this->isValidPassword( $str ) ) {
                global $wgMinimalPasswordLength;
                $valid = $this->getPasswordValidity( $str );
                if ( is_array( $valid ) ) {
                    $message = array_shift( $valid );
                    $params = $valid;
                } else {
                    $message = $valid;
                    $params = array( $wgMinimalPasswordLength );
                }
                throw new PasswordError( wfMessage( $message, $params )->text() );
            }
        }

        if ( !$wgAuth->setPassword( $this, $str ) ) {
            throw new PasswordError( wfMessage( 'externaldberror' )->text() );
        }

        $this->setInternalPassword( $str );

        return true;
    }

    public function setInternalPassword( $str ) {
        $this->load();
        $this->setToken();

        if ( $str === null ) {
            // Save an invalid hash...
            $this->mPassword = '';
        } else {
            $this->mPassword = self::crypt( $str );
        }
        $this->mNewpassword = '';
        $this->mNewpassTime = null;
    }

    public function getToken( $forceCreation = true ) {
        $this->load();
        if ( !$this->mToken && $forceCreation ) {
            $this->setToken();
        }
        return $this->mToken;
    }

    public function setToken( $token = false ) {
        $this->load();
        if ( !$token ) {
            $this->mToken = MWCryptRand::generateHex( USER_TOKEN_LENGTH );
        } else {
            $this->mToken = $token;
        }
    }

    public function setNewpassword( $str, $throttle = true ) {
        $this->load();

        if ( $str === null ) {
            $this->mNewpassword = '';
            $this->mNewpassTime = null;
        } else {
            $this->mNewpassword = self::crypt( $str );
            if ( $throttle ) {
                $this->mNewpassTime = wfTimestampNow();
            }
        }
    }

    public function isPasswordReminderThrottled() {
        global $wgPasswordReminderResendTime;
        $this->load();
        if ( !$this->mNewpassTime || !$wgPasswordReminderResendTime ) {
            return false;
        }
        $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgPasswordReminderResendTime * 3600;
        return time() < $expiry;
    }

    public function getEmail() {
        $this->load();
        wfRunHooks( 'UserGetEmail', array( $this, &$this->mEmail ) );
        return $this->mEmail;
    }

    public function getEmailAuthenticationTimestamp() {
        $this->load();
        wfRunHooks( 'UserGetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
        return $this->mEmailAuthenticated;
    }

    public function setEmail( $str ) {
        $this->load();
        if ( $str == $this->mEmail ) {
            return;
        }
        $this->mEmail = $str;
        $this->invalidateEmail();
        wfRunHooks( 'UserSetEmail', array( $this, &$this->mEmail ) );
    }

    public function setEmailWithConfirmation( $str ) {
        global $wgEnableEmail, $wgEmailAuthentication;

        if ( !$wgEnableEmail ) {
            return Status::newFatal( 'emaildisabled' );
        }

        $oldaddr = $this->getEmail();
        if ( $str === $oldaddr ) {
            return Status::newGood( true );
        }

        $this->setEmail( $str );

        if ( $str !== '' && $wgEmailAuthentication ) {
            // Send a confirmation request to the new address if needed
            $type = $oldaddr != '' ? 'changed' : 'set';
            $result = $this->sendConfirmationMail( $type );
            if ( $result->isGood() ) {
                // Say the the caller that a confirmation mail has been sent
                $result->value = 'eauth';
            }
        } else {
            $result = Status::newGood( true );
        }

        return $result;
    }

    public function getRealName() {
        if ( !$this->isItemLoaded( 'realname' ) ) {
            $this->load();
        }

        return $this->mRealName;
    }

    public function setRealName( $str ) {
        $this->load();
        $this->mRealName = $str;
    }

    public function getOption( $oname, $defaultOverride = null, $ignoreHidden = false ) {
        global $wgHiddenPrefs;
        $this->loadOptions();

        # We want 'disabled' preferences to always behave as the default value for
        # users, even if they have set the option explicitly in their settings (ie they
        # set it, and then it was disabled removing their ability to change it).  But
        # we don't want to erase the preferences in the database in case the preference
        # is re-enabled again.  So don't touch $mOptions, just override the returned value
        if ( !$ignoreHidden && in_array( $oname, $wgHiddenPrefs ) ) {
            return self::getDefaultOption( $oname );
        }

        if ( array_key_exists( $oname, $this->mOptions ) ) {
            return $this->mOptions[$oname];
        } else {
            return $defaultOverride;
        }
    }

    public function getOptions() {
        global $wgHiddenPrefs;
        $this->loadOptions();
        $options = $this->mOptions;

        # We want 'disabled' preferences to always behave as the default value for
        # users, even if they have set the option explicitly in their settings (ie they
        # set it, and then it was disabled removing their ability to change it).  But
        # we don't want to erase the preferences in the database in case the preference
        # is re-enabled again.  So don't touch $mOptions, just override the returned value
        foreach ( $wgHiddenPrefs as $pref ) {
            $default = self::getDefaultOption( $pref );
            if ( $default !== null ) {
                $options[$pref] = $default;
            }
        }

        return $options;
    }

    public function getBoolOption( $oname ) {
        return (bool)$this->getOption( $oname );
    }

    public function getIntOption( $oname, $defaultOverride = 0 ) {
        $val = $this->getOption( $oname );
        if ( $val == '' ) {
            $val = $defaultOverride;
        }
        return intval( $val );
    }

    public function setOption( $oname, $val ) {
        $this->loadOptions();

        // Explicitly NULL values should refer to defaults
        if ( is_null( $val ) ) {
            $val = self::getDefaultOption( $oname );
        }

        $this->mOptions[$oname] = $val;
    }

    public function getTokenFromOption( $oname ) {
        global $wgHiddenPrefs;
        if ( in_array( $oname, $wgHiddenPrefs ) ) {
            return false;
        }

        $token = $this->getOption( $oname );
        if ( !$token ) {
            $token = $this->resetTokenFromOption( $oname );
            $this->saveSettings();
        }
        return $token;
    }

    public function resetTokenFromOption( $oname ) {
        global $wgHiddenPrefs;
        if ( in_array( $oname, $wgHiddenPrefs ) ) {
            return false;
        }

        $token = MWCryptRand::generateHex( 40 );
        $this->setOption( $oname, $token );
        return $token;
    }

    public static function listOptionKinds() {
        return array(
            'registered',
            'registered-multiselect',
            'registered-checkmatrix',
            'userjs',
            'special',
            'unused'
        );
    }

    public function getOptionKinds( IContextSource $context, $options = null ) {
        $this->loadOptions();
        if ( $options === null ) {
            $options = $this->mOptions;
        }

        $prefs = Preferences::getPreferences( $this, $context );
        $mapping = array();

        // Pull out the "special" options, so they don't get converted as
        // multiselect or checkmatrix.
        $specialOptions = array_fill_keys( Preferences::getSaveBlacklist(), true );
        foreach ( $specialOptions as $name => $value ) {
            unset( $prefs[$name] );
        }

        // Multiselect and checkmatrix options are stored in the database with
        // one key per option, each having a boolean value. Extract those keys.
        $multiselectOptions = array();
        foreach ( $prefs as $name => $info ) {
            if ( ( isset( $info['type'] ) && $info['type'] == 'multiselect' ) ||
                    ( isset( $info['class'] ) && $info['class'] == 'HTMLMultiSelectField' ) ) {
                $opts = HTMLFormField::flattenOptions( $info['options'] );
                $prefix = isset( $info['prefix'] ) ? $info['prefix'] : $name;

                foreach ( $opts as $value ) {
                    $multiselectOptions["$prefix$value"] = true;
                }

                unset( $prefs[$name] );
            }
        }
        $checkmatrixOptions = array();
        foreach ( $prefs as $name => $info ) {
            if ( ( isset( $info['type'] ) && $info['type'] == 'checkmatrix' ) ||
                    ( isset( $info['class'] ) && $info['class'] == 'HTMLCheckMatrix' ) ) {
                $columns = HTMLFormField::flattenOptions( $info['columns'] );
                $rows = HTMLFormField::flattenOptions( $info['rows'] );
                $prefix = isset( $info['prefix'] ) ? $info['prefix'] : $name;

                foreach ( $columns as $column ) {
                    foreach ( $rows as $row ) {
                        $checkmatrixOptions["$prefix-$column-$row"] = true;
                    }
                }

                unset( $prefs[$name] );
            }
        }

        // $value is ignored
        foreach ( $options as $key => $value ) {
            if ( isset( $prefs[$key] ) ) {
                $mapping[$key] = 'registered';
            } elseif ( isset( $multiselectOptions[$key] ) ) {
                $mapping[$key] = 'registered-multiselect';
            } elseif ( isset( $checkmatrixOptions[$key] ) ) {
                $mapping[$key] = 'registered-checkmatrix';
            } elseif ( isset( $specialOptions[$key] ) ) {
                $mapping[$key] = 'special';
            } elseif ( substr( $key, 0, 7 ) === 'userjs-' ) {
                $mapping[$key] = 'userjs';
            } else {
                $mapping[$key] = 'unused';
            }
        }

        return $mapping;
    }

    public function resetOptions(
        $resetKinds = array( 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' ),
        IContextSource $context = null
    ) {
        $this->load();
        $defaultOptions = self::getDefaultOptions();

        if ( !is_array( $resetKinds ) ) {
            $resetKinds = array( $resetKinds );
        }

        if ( in_array( 'all', $resetKinds ) ) {
            $newOptions = $defaultOptions;
        } else {
            if ( $context === null ) {
                $context = RequestContext::getMain();
            }

            $optionKinds = $this->getOptionKinds( $context );
            $resetKinds = array_intersect( $resetKinds, self::listOptionKinds() );
            $newOptions = array();

            // Use default values for the options that should be deleted, and
            // copy old values for the ones that shouldn't.
            foreach ( $this->mOptions as $key => $value ) {
                if ( in_array( $optionKinds[$key], $resetKinds ) ) {
                    if ( array_key_exists( $key, $defaultOptions ) ) {
                        $newOptions[$key] = $defaultOptions[$key];
                    }
                } else {
                    $newOptions[$key] = $value;
                }
            }
        }

        $this->mOptions = $newOptions;
        $this->mOptionsLoaded = true;
    }

    public function getDatePreference() {
        // Important migration for old data rows
        if ( is_null( $this->mDatePreference ) ) {
            global $wgLang;
            $value = $this->getOption( 'date' );
            $map = $wgLang->getDatePreferenceMigrationMap();
            if ( isset( $map[$value] ) ) {
                $value = $map[$value];
            }
            $this->mDatePreference = $value;
        }
        return $this->mDatePreference;
    }

    public function requiresHTTPS() {
        global $wgSecureLogin;
        if ( !$wgSecureLogin ) {
            return false;
        } else {
            $https = $this->getBoolOption( 'prefershttps' );
            wfRunHooks( 'UserRequiresHTTPS', array( $this, &$https ) );
            if ( $https ) {
                $https = wfCanIPUseHTTPS( $this->getRequest()->getIP() );
            }
            return $https;
        }
    }

    public function getStubThreshold() {
        global $wgMaxArticleSize; # Maximum article size, in Kb
        $threshold = $this->getIntOption( 'stubthreshold' );
        if ( $threshold > $wgMaxArticleSize * 1024 ) {
            // If they have set an impossible value, disable the preference
            // so we can use the parser cache again.
            $threshold = 0;
        }
        return $threshold;
    }

    public function getRights() {
        if ( is_null( $this->mRights ) ) {
            $this->mRights = self::getGroupPermissions( $this->getEffectiveGroups() );
            wfRunHooks( 'UserGetRights', array( $this, &$this->mRights ) );
            // Force reindexation of rights when a hook has unset one of them
            $this->mRights = array_values( array_unique( $this->mRights ) );
        }
        return $this->mRights;
    }

    public function getGroups() {
        $this->load();
        $this->loadGroups();
        return $this->mGroups;
    }

    public function getEffectiveGroups( $recache = false ) {
        if ( $recache || is_null( $this->mEffectiveGroups ) ) {
            wfProfileIn( __METHOD__ );
            $this->mEffectiveGroups = array_unique( array_merge(
                $this->getGroups(), // explicit groups
                $this->getAutomaticGroups( $recache ) // implicit groups
            ) );
            // Hook for additional groups
            wfRunHooks( 'UserEffectiveGroups', array( &$this, &$this->mEffectiveGroups ) );
            // Force reindexation of groups when a hook has unset one of them
            $this->mEffectiveGroups = array_values( array_unique( $this->mEffectiveGroups ) );
            wfProfileOut( __METHOD__ );
        }
        return $this->mEffectiveGroups;
    }

    public function getAutomaticGroups( $recache = false ) {
        if ( $recache || is_null( $this->mImplicitGroups ) ) {
            wfProfileIn( __METHOD__ );
            $this->mImplicitGroups = array( '*' );
            if ( $this->getId() ) {
                $this->mImplicitGroups[] = 'user';

                $this->mImplicitGroups = array_unique( array_merge(
                    $this->mImplicitGroups,
                    Autopromote::getAutopromoteGroups( $this )
                ) );
            }
            if ( $recache ) {
                // Assure data consistency with rights/groups,
                // as getEffectiveGroups() depends on this function
                $this->mEffectiveGroups = null;
            }
            wfProfileOut( __METHOD__ );
        }
        return $this->mImplicitGroups;
    }

    public function getFormerGroups() {
        if ( is_null( $this->mFormerGroups ) ) {
            $dbr = wfGetDB( DB_MASTER );
            $res = $dbr->select( 'user_former_groups',
                array( 'ufg_group' ),
                array( 'ufg_user' => $this->mId ),
                __METHOD__ );
            $this->mFormerGroups = array();
            foreach ( $res as $row ) {
                $this->mFormerGroups[] = $row->ufg_group;
            }
        }
        return $this->mFormerGroups;
    }

    public function getEditCount() {
        if ( !$this->getId() ) {
            return null;
        }

        if ( !isset( $this->mEditCount ) ) {
            /* Populate the count, if it has not been populated yet */
            wfProfileIn( __METHOD__ );
            $dbr = wfGetDB( DB_SLAVE );
            // check if the user_editcount field has been initialized
            $count = $dbr->selectField(
                'user', 'user_editcount',
                array( 'user_id' => $this->mId ),
                __METHOD__
            );

            if ( $count === null ) {
                // it has not been initialized. do so.
                $count = $this->initEditCount();
            }
            $this->mEditCount = $count;
            wfProfileOut( __METHOD__ );
        }
        return (int)$this->mEditCount;
    }

    public function addGroup( $group ) {
        if ( wfRunHooks( 'UserAddGroup', array( $this, &$group ) ) ) {
            $dbw = wfGetDB( DB_MASTER );
            if ( $this->getId() ) {
                $dbw->insert( 'user_groups',
                    array(
                        'ug_user' => $this->getID(),
                        'ug_group' => $group,
                    ),
                    __METHOD__,
                    array( 'IGNORE' ) );
            }
        }
        $this->loadGroups();
        $this->mGroups[] = $group;
        // In case loadGroups was not called before, we now have the right twice.
        // Get rid of the duplicate.
        $this->mGroups = array_unique( $this->mGroups );

        // Refresh the groups caches, and clear the rights cache so it will be
        // refreshed on the next call to $this->getRights().
        $this->getEffectiveGroups( true );
        $this->mRights = null;

        $this->invalidateCache();
    }

    public function removeGroup( $group ) {
        $this->load();
        if ( wfRunHooks( 'UserRemoveGroup', array( $this, &$group ) ) ) {
            $dbw = wfGetDB( DB_MASTER );
            $dbw->delete( 'user_groups',
                array(
                    'ug_user' => $this->getID(),
                    'ug_group' => $group,
                ), __METHOD__ );
            // Remember that the user was in this group
            $dbw->insert( 'user_former_groups',
                array(
                    'ufg_user' => $this->getID(),
                    'ufg_group' => $group,
                ),
                __METHOD__,
                array( 'IGNORE' ) );
        }
        $this->loadGroups();
        $this->mGroups = array_diff( $this->mGroups, array( $group ) );

        // Refresh the groups caches, and clear the rights cache so it will be
        // refreshed on the next call to $this->getRights().
        $this->getEffectiveGroups( true );
        $this->mRights = null;

        $this->invalidateCache();
    }

    public function isLoggedIn() {
        return $this->getID() != 0;
    }

    public function isAnon() {
        return !$this->isLoggedIn();
    }

    public function isAllowedAny( /*...*/ ) {
        $permissions = func_get_args();
        foreach ( $permissions as $permission ) {
            if ( $this->isAllowed( $permission ) ) {
                return true;
            }
        }
        return false;
    }

    public function isAllowedAll( /*...*/ ) {
        $permissions = func_get_args();
        foreach ( $permissions as $permission ) {
            if ( !$this->isAllowed( $permission ) ) {
                return false;
            }
        }
        return true;
    }

    public function isAllowed( $action = '' ) {
        if ( $action === '' ) {
            return true; // In the spirit of DWIM
        }
        // Patrolling may not be enabled
        if ( $action === 'patrol' || $action === 'autopatrol' ) {
            global $wgUseRCPatrol, $wgUseNPPatrol;
            if ( !$wgUseRCPatrol && !$wgUseNPPatrol ) {
                return false;
            }
        }
        // Use strict parameter to avoid matching numeric 0 accidentally inserted
        // by misconfiguration: 0 == 'foo'
        return in_array( $action, $this->getRights(), true );
    }

    public function useRCPatrol() {
        global $wgUseRCPatrol;
        return $wgUseRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' );
    }

    public function useNPPatrol() {
        global $wgUseRCPatrol, $wgUseNPPatrol;
        return (
            ( $wgUseRCPatrol || $wgUseNPPatrol )
                && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) )
        );
    }

    public function getRequest() {
        if ( $this->mRequest ) {
            return $this->mRequest;
        } else {
            global $wgRequest;
            return $wgRequest;
        }
    }

    public function getSkin() {
        wfDeprecated( __METHOD__, '1.18' );
        return RequestContext::getMain()->getSkin();
    }

    public function getWatchedItem( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
        $key = $checkRights . ':' . $title->getNamespace() . ':' . $title->getDBkey();

        if ( isset( $this->mWatchedItems[$key] ) ) {
            return $this->mWatchedItems[$key];
        }

        if ( count( $this->mWatchedItems ) >= self::MAX_WATCHED_ITEMS_CACHE ) {
            $this->mWatchedItems = array();
        }

        $this->mWatchedItems[$key] = WatchedItem::fromUserTitle( $this, $title, $checkRights );
        return $this->mWatchedItems[$key];
    }

    public function isWatched( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
        return $this->getWatchedItem( $title, $checkRights )->isWatched();
    }

    public function addWatch( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
        $this->getWatchedItem( $title, $checkRights )->addWatch();
        $this->invalidateCache();
    }

    public function removeWatch( $title, $checkRights = WatchedItem::CHECK_USER_RIGHTS ) {
        $this->getWatchedItem( $title, $checkRights )->removeWatch();
        $this->invalidateCache();
    }

    public function clearNotification( &$title, $oldid = 0 ) {
        global $wgUseEnotif, $wgShowUpdatedMarker;

        // Do nothing if the database is locked to writes
        if ( wfReadOnly() ) {
            return;
        }

        // Do nothing if not allowed to edit the watchlist
        if ( !$this->isAllowed( 'editmywatchlist' ) ) {
            return;
        }

        // If we're working on user's talk page, we should update the talk page message indicator
        if ( $title->getNamespace() == NS_USER_TALK && $title->getText() == $this->getName() ) {
            if ( !wfRunHooks( 'UserClearNewTalkNotification', array( &$this, $oldid ) ) ) {
                return;
            }

            $nextid = $oldid ? $title->getNextRevisionID( $oldid ) : null;

            if ( !$oldid || !$nextid ) {
                // If we're looking at the latest revision, we should definitely clear it
                $this->setNewtalk( false );
            } else {
                // Otherwise we should update its revision, if it's present
                if ( $this->getNewtalk() ) {
                    // Naturally the other one won't clear by itself
                    $this->setNewtalk( false );
                    $this->setNewtalk( true, Revision::newFromId( $nextid ) );
                }
            }
        }

        if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
            return;
        }

        if ( $this->isAnon() ) {
            // Nothing else to do...
            return;
        }

        // Only update the timestamp if the page is being watched.
        // The query to find out if it is watched is cached both in memcached and per-invocation,
        // and when it does have to be executed, it can be on a slave
        // If this is the user's newtalk page, we always update the timestamp
        $force = '';
        if ( $title->getNamespace() == NS_USER_TALK && $title->getText() == $this->getName() ) {
            $force = 'force';
        }

        $this->getWatchedItem( $title )->resetNotificationTimestamp( $force, $oldid );
    }

    public function clearAllNotifications() {
        if ( wfReadOnly() ) {
            return;
        }

        // Do nothing if not allowed to edit the watchlist
        if ( !$this->isAllowed( 'editmywatchlist' ) ) {
            return;
        }

        global $wgUseEnotif, $wgShowUpdatedMarker;
        if ( !$wgUseEnotif && !$wgShowUpdatedMarker ) {
            $this->setNewtalk( false );
            return;
        }
        $id = $this->getId();
        if ( $id != 0 ) {
            $dbw = wfGetDB( DB_MASTER );
            $dbw->update( 'watchlist',
                array( /* SET */ 'wl_notificationtimestamp' => null ),
                array( /* WHERE */ 'wl_user' => $id ),
                __METHOD__
            );
            // We also need to clear here the "you have new message" notification for the own user_talk page;
            // it's cleared one page view later in WikiPage::doViewUpdates().
        }
    }

    protected function setCookie( $name, $value, $exp = 0, $secure = null, $params = array() ) {
        $params['secure'] = $secure;
        $this->getRequest()->response()->setcookie( $name, $value, $exp, $params );
    }

    protected function clearCookie( $name, $secure = null, $params = array() ) {
        $this->setCookie( $name, '', time() - 86400, $secure, $params );
    }

    public function setCookies( $request = null, $secure = null, $rememberMe = false ) {
        if ( $request === null ) {
            $request = $this->getRequest();
        }

        $this->load();
        if ( 0 == $this->mId ) {
            return;
        }
        if ( !$this->mToken ) {
            // When token is empty or NULL generate a new one and then save it to the database
            // This allows a wiki to re-secure itself after a leak of it's user table or $wgSecretKey
            // Simply by setting every cell in the user_token column to NULL and letting them be
            // regenerated as users log back into the wiki.
            $this->setToken();
            $this->saveSettings();
        }
        $session = array(
            'wsUserID' => $this->mId,
            'wsToken' => $this->mToken,
            'wsUserName' => $this->getName()
        );
        $cookies = array(
            'UserID' => $this->mId,
            'UserName' => $this->getName(),
        );
        if ( $rememberMe ) {
            $cookies['Token'] = $this->mToken;
        } else {
            $cookies['Token'] = false;
        }

        wfRunHooks( 'UserSetCookies', array( $this, &$session, &$cookies ) );

        foreach ( $session as $name => $value ) {
            $request->setSessionData( $name, $value );
        }
        foreach ( $cookies as $name => $value ) {
            if ( $value === false ) {
                $this->clearCookie( $name );
            } else {
                $this->setCookie( $name, $value, 0, $secure );
            }
        }

        if ( $request->getCheck( 'wpStickHTTPS' ) || $this->requiresHTTPS() ) {
            $this->setCookie(
                'forceHTTPS',
                'true',
                $rememberMe ? 0 : null,
                false,
                array( 'prefix' => '' ) // no prefix
            );
        }
    }

    public function logout() {
        if ( wfRunHooks( 'UserLogout', array( &$this ) ) ) {
            $this->doLogout();
        }
    }

    public function doLogout() {
        $this->clearInstanceCache( 'defaults' );

        $this->getRequest()->setSessionData( 'wsUserID', 0 );

        $this->clearCookie( 'UserID' );
        $this->clearCookie( 'Token' );
        $this->clearCookie( 'forceHTTPS', false, array( 'prefix' => '' ) );

        // Remember when user logged out, to prevent seeing cached pages
        $this->setCookie( 'LoggedOut', time(), time() + 86400 );
    }

    public function saveSettings() {
        global $wgAuth;

        $this->load();
        if ( wfReadOnly() ) {
            return;
        }
        if ( 0 == $this->mId ) {
            return;
        }

        $this->mTouched = self::newTouchedTimestamp();
        if ( !$wgAuth->allowSetLocalPassword() ) {
            $this->mPassword = '';
        }

        $dbw = wfGetDB( DB_MASTER );
        $dbw->update( 'user',
            array( /* SET */
                'user_name' => $this->mName,
                'user_password' => $this->mPassword,
                'user_newpassword' => $this->mNewpassword,
                'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
                'user_real_name' => $this->mRealName,
                'user_email' => $this->mEmail,
                'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
                'user_touched' => $dbw->timestamp( $this->mTouched ),
                'user_token' => strval( $this->mToken ),
                'user_email_token' => $this->mEmailToken,
                'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ),
                'user_password_expires' => $dbw->timestampOrNull( $this->mPasswordExpires ),
            ), array( /* WHERE */
                'user_id' => $this->mId
            ), __METHOD__
        );

        $this->saveOptions();

        wfRunHooks( 'UserSaveSettings', array( $this ) );
        $this->clearSharedCache();
        $this->getUserPage()->invalidateCache();
    }

    public function idForName() {
        $s = trim( $this->getName() );
        if ( $s === '' ) {
            return 0;
        }

        $dbr = wfGetDB( DB_SLAVE );
        $id = $dbr->selectField( 'user', 'user_id', array( 'user_name' => $s ), __METHOD__ );
        if ( $id === false ) {
            $id = 0;
        }
        return $id;
    }

    public static function createNew( $name, $params = array() ) {
        $user = new User;
        $user->load();
        $user->setToken(); // init token
        if ( isset( $params['options'] ) ) {
            $user->mOptions = $params['options'] + (array)$user->mOptions;
            unset( $params['options'] );
        }
        $dbw = wfGetDB( DB_MASTER );
        $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );

        $fields = array(
            'user_id' => $seqVal,
            'user_name' => $name,
            'user_password' => $user->mPassword,
            'user_newpassword' => $user->mNewpassword,
            'user_newpass_time' => $dbw->timestampOrNull( $user->mNewpassTime ),
            'user_email' => $user->mEmail,
            'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ),
            'user_real_name' => $user->mRealName,
            'user_token' => strval( $user->mToken ),
            'user_registration' => $dbw->timestamp( $user->mRegistration ),
            'user_editcount' => 0,
            'user_touched' => $dbw->timestamp( self::newTouchedTimestamp() ),
        );
        foreach ( $params as $name => $value ) {
            $fields["user_$name"] = $value;
        }
        $dbw->insert( 'user', $fields, __METHOD__, array( 'IGNORE' ) );
        if ( $dbw->affectedRows() ) {
            $newUser = User::newFromId( $dbw->insertId() );
        } else {
            $newUser = null;
        }
        return $newUser;
    }

    public function addToDatabase() {
        $this->load();
        if ( !$this->mToken ) {
            $this->setToken(); // init token
        }

        $this->mTouched = self::newTouchedTimestamp();

        $dbw = wfGetDB( DB_MASTER );
        $inWrite = $dbw->writesOrCallbacksPending();
        $seqVal = $dbw->nextSequenceValue( 'user_user_id_seq' );
        $dbw->insert( 'user',
            array(
                'user_id' => $seqVal,
                'user_name' => $this->mName,
                'user_password' => $this->mPassword,
                'user_newpassword' => $this->mNewpassword,
                'user_newpass_time' => $dbw->timestampOrNull( $this->mNewpassTime ),
                'user_email' => $this->mEmail,
                'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ),
                'user_real_name' => $this->mRealName,
                'user_token' => strval( $this->mToken ),
                'user_registration' => $dbw->timestamp( $this->mRegistration ),
                'user_editcount' => 0,
                'user_touched' => $dbw->timestamp( $this->mTouched ),
            ), __METHOD__,
            array( 'IGNORE' )
        );
        if ( !$dbw->affectedRows() ) {
            if ( !$inWrite ) {
                // XXX: Get out of REPEATABLE-READ so the SELECT below works.
                // Often this case happens early in views before any writes.
                // This shows up at least with CentralAuth.
                $dbw->commit( __METHOD__, 'flush' );
            }
            $this->mId = $dbw->selectField( 'user', 'user_id',
                array( 'user_name' => $this->mName ), __METHOD__ );
            $loaded = false;
            if ( $this->mId ) {
                if ( $this->loadFromDatabase() ) {
                    $loaded = true;
                }
            }
            if ( !$loaded ) {
                throw new MWException( __METHOD__ . ": hit a key conflict attempting " .
                    "to insert user '{$this->mName}' row, but it was not present in select!" );
            }
            return Status::newFatal( 'userexists' );
        }
        $this->mId = $dbw->insertId();

        // Clear instance cache other than user table data, which is already accurate
        $this->clearInstanceCache();

        $this->saveOptions();
        return Status::newGood();
    }

    public function spreadAnyEditBlock() {
        if ( $this->isLoggedIn() && $this->isBlocked() ) {
            return $this->spreadBlock();
        }
        return false;
    }

    protected function spreadBlock() {
        wfDebug( __METHOD__ . "()\n" );
        $this->load();
        if ( $this->mId == 0 ) {
            return false;
        }

        $userblock = Block::newFromTarget( $this->getName() );
        if ( !$userblock ) {
            return false;
        }

        return (bool)$userblock->doAutoblock( $this->getRequest()->getIP() );
    }

    public function isBlockedFromCreateAccount() {
        $this->getBlockedStatus();
        if ( $this->mBlock && $this->mBlock->prevents( 'createaccount' ) ) {
            return $this->mBlock;
        }

        # bug 13611: if the IP address the user is trying to create an account from is
        # blocked with createaccount disabled, prevent new account creation there even
        # when the user is logged in
        if ( $this->mBlockedFromCreateAccount === false && !$this->isAllowed( 'ipblock-exempt' ) ) {
            $this->mBlockedFromCreateAccount = Block::newFromTarget( null, $this->getRequest()->getIP() );
        }
        return $this->mBlockedFromCreateAccount instanceof Block && $this->mBlockedFromCreateAccount->prevents( 'createaccount' )
            ? $this->mBlockedFromCreateAccount
            : false;
    }

    public function isBlockedFromEmailuser() {
        $this->getBlockedStatus();
        return $this->mBlock && $this->mBlock->prevents( 'sendemail' );
    }

    public function isAllowedToCreateAccount() {
        return $this->isAllowed( 'createaccount' ) && !$this->isBlockedFromCreateAccount();
    }

    public function getUserPage() {
        return Title::makeTitle( NS_USER, $this->getName() );
    }

    public function getTalkPage() {
        $title = $this->getUserPage();
        return $title->getTalkPage();
    }

    public function isNewbie() {
        return !$this->isAllowed( 'autoconfirmed' );
    }

    public function checkPassword( $password ) {
        global $wgAuth, $wgLegacyEncoding;
        $this->load();

        // Certain authentication plugins do NOT want to save
        // domain passwords in a mysql database, so we should
        // check this (in case $wgAuth->strict() is false).

        if ( $wgAuth->authenticate( $this->getName(), $password ) ) {
            return true;
        } elseif ( $wgAuth->strict() ) {
            // Auth plugin doesn't allow local authentication
            return false;
        } elseif ( $wgAuth->strictUserAuth( $this->getName() ) ) {
            // Auth plugin doesn't allow local authentication for this user name
            return false;
        }
        if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
            return true;
        } elseif ( $wgLegacyEncoding ) {
            // Some wikis were converted from ISO 8859-1 to UTF-8, the passwords can't be converted
            // Check for this with iconv
            $cp1252Password = iconv( 'UTF-8', 'WINDOWS-1252//TRANSLIT', $password );
            if ( $cp1252Password != $password
                && self::comparePasswords( $this->mPassword, $cp1252Password, $this->mId )
            ) {
                return true;
            }
        }
        return false;
    }

    public function checkTemporaryPassword( $plaintext ) {
        global $wgNewPasswordExpiry;

        $this->load();
        if ( self::comparePasswords( $this->mNewpassword, $plaintext, $this->getId() ) ) {
            if ( is_null( $this->mNewpassTime ) ) {
                return true;
            }
            $expiry = wfTimestamp( TS_UNIX, $this->mNewpassTime ) + $wgNewPasswordExpiry;
            return ( time() < $expiry );
        } else {
            return false;
        }
    }

    public function editToken( $salt = '', $request = null ) {
        wfDeprecated( __METHOD__, '1.19' );
        return $this->getEditToken( $salt, $request );
    }

    public function getEditToken( $salt = '', $request = null ) {
        if ( $request == null ) {
            $request = $this->getRequest();
        }

        if ( $this->isAnon() ) {
            return EDIT_TOKEN_SUFFIX;
        } else {
            $token = $request->getSessionData( 'wsEditToken' );
            if ( $token === null ) {
                $token = MWCryptRand::generateHex( 32 );
                $request->setSessionData( 'wsEditToken', $token );
            }
            if ( is_array( $salt ) ) {
                $salt = implode( '|', $salt );
            }
            return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
        }
    }

    public static function generateToken() {
        return MWCryptRand::generateHex( 32 );
    }

    public function matchEditToken( $val, $salt = '', $request = null ) {
        $sessionToken = $this->getEditToken( $salt, $request );
        if ( $val != $sessionToken ) {
            wfDebug( "User::matchEditToken: broken session data\n" );
        }
        return $val == $sessionToken;
    }

    public function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
        $sessionToken = $this->getEditToken( $salt, $request );
        return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
    }

    public function sendConfirmationMail( $type = 'created' ) {
        global $wgLang;
        $expiration = null; // gets passed-by-ref and defined in next line.
        $token = $this->confirmationToken( $expiration );
        $url = $this->confirmationTokenUrl( $token );
        $invalidateURL = $this->invalidationTokenUrl( $token );
        $this->saveSettings();

        if ( $type == 'created' || $type === false ) {
            $message = 'confirmemail_body';
        } elseif ( $type === true ) {
            $message = 'confirmemail_body_changed';
        } else {
            // Messages: confirmemail_body_changed, confirmemail_body_set
            $message = 'confirmemail_body_' . $type;
        }

        return $this->sendMail( wfMessage( 'confirmemail_subject' )->text(),
            wfMessage( $message,
                $this->getRequest()->getIP(),
                $this->getName(),
                $url,
                $wgLang->timeanddate( $expiration, false ),
                $invalidateURL,
                $wgLang->date( $expiration, false ),
                $wgLang->time( $expiration, false ) )->text() );
    }

    public function sendMail( $subject, $body, $from = null, $replyto = null ) {
        if ( is_null( $from ) ) {
            global $wgPasswordSender;
            $sender = new MailAddress( $wgPasswordSender,
                wfMessage( 'emailsender' )->inContentLanguage()->text() );
        } else {
            $sender = new MailAddress( $from );
        }

        $to = new MailAddress( $this );
        return UserMailer::send( $to, $sender, $subject, $body, $replyto );
    }

    protected function confirmationToken( &$expiration ) {
        global $wgUserEmailConfirmationTokenExpiry;
        $now = time();
        $expires = $now + $wgUserEmailConfirmationTokenExpiry;
        $expiration = wfTimestamp( TS_MW, $expires );
        $this->load();
        $token = MWCryptRand::generateHex( 32 );
        $hash = md5( $token );
        $this->mEmailToken = $hash;
        $this->mEmailTokenExpires = $expiration;
        return $token;
    }

    protected function confirmationTokenUrl( $token ) {
        return $this->getTokenUrl( 'ConfirmEmail', $token );
    }

    protected function invalidationTokenUrl( $token ) {
        return $this->getTokenUrl( 'InvalidateEmail', $token );
    }

    protected function getTokenUrl( $page, $token ) {
        // Hack to bypass localization of 'Special:'
        $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" );
        return $title->getCanonicalURL();
    }

    public function confirmEmail() {
        // Check if it's already confirmed, so we don't touch the database
        // and fire the ConfirmEmailComplete hook on redundant confirmations.
        if ( !$this->isEmailConfirmed() ) {
            $this->setEmailAuthenticationTimestamp( wfTimestampNow() );
            wfRunHooks( 'ConfirmEmailComplete', array( $this ) );
        }
        return true;
    }

    public function invalidateEmail() {
        $this->load();
        $this->mEmailToken = null;
        $this->mEmailTokenExpires = null;
        $this->setEmailAuthenticationTimestamp( null );
        wfRunHooks( 'InvalidateEmailComplete', array( $this ) );
        return true;
    }

    public function setEmailAuthenticationTimestamp( $timestamp ) {
        $this->load();
        $this->mEmailAuthenticated = $timestamp;
        wfRunHooks( 'UserSetEmailAuthenticationTimestamp', array( $this, &$this->mEmailAuthenticated ) );
    }

    public function canSendEmail() {
        global $wgEnableEmail, $wgEnableUserEmail;
        if ( !$wgEnableEmail || !$wgEnableUserEmail || !$this->isAllowed( 'sendemail' ) ) {
            return false;
        }
        $canSend = $this->isEmailConfirmed();
        wfRunHooks( 'UserCanSendEmail', array( &$this, &$canSend ) );
        return $canSend;
    }

    public function canReceiveEmail() {
        return $this->isEmailConfirmed() && !$this->getOption( 'disablemail' );
    }

    public function isEmailConfirmed() {
        global $wgEmailAuthentication;
        $this->load();
        $confirmed = true;
        if ( wfRunHooks( 'EmailConfirmed', array( &$this, &$confirmed ) ) ) {
            if ( $this->isAnon() ) {
                return false;
            }
            if ( !Sanitizer::validateEmail( $this->mEmail ) ) {
                return false;
            }
            if ( $wgEmailAuthentication && !$this->getEmailAuthenticationTimestamp() ) {
                return false;
            }
            return true;
        } else {
            return $confirmed;
        }
    }

    public function isEmailConfirmationPending() {
        global $wgEmailAuthentication;
        return $wgEmailAuthentication &&
            !$this->isEmailConfirmed() &&
            $this->mEmailToken &&
            $this->mEmailTokenExpires > wfTimestamp();
    }

    public function getRegistration() {
        if ( $this->isAnon() ) {
            return false;
        }
        $this->load();
        return $this->mRegistration;
    }

    public function getFirstEditTimestamp() {
        if ( $this->getId() == 0 ) {
            return false; // anons
        }
        $dbr = wfGetDB( DB_SLAVE );
        $time = $dbr->selectField( 'revision', 'rev_timestamp',
            array( 'rev_user' => $this->getId() ),
            __METHOD__,
            array( 'ORDER BY' => 'rev_timestamp ASC' )
        );
        if ( !$time ) {
            return false; // no edits
        }
        return wfTimestamp( TS_MW, $time );
    }

    public static function getGroupPermissions( $groups ) {
        global $wgGroupPermissions, $wgRevokePermissions;
        $rights = array();
        // grant every granted permission first
        foreach ( $groups as $group ) {
            if ( isset( $wgGroupPermissions[$group] ) ) {
                $rights = array_merge( $rights,
                    // array_filter removes empty items
                    array_keys( array_filter( $wgGroupPermissions[$group] ) ) );
            }
        }
        // now revoke the revoked permissions
        foreach ( $groups as $group ) {
            if ( isset( $wgRevokePermissions[$group] ) ) {
                $rights = array_diff( $rights,
                    array_keys( array_filter( $wgRevokePermissions[$group] ) ) );
            }
        }
        return array_unique( $rights );
    }

    public static function getGroupsWithPermission( $role ) {
        global $wgGroupPermissions;
        $allowedGroups = array();
        foreach ( array_keys( $wgGroupPermissions ) as $group ) {
            if ( self::groupHasPermission( $group, $role ) ) {
                $allowedGroups[] = $group;
            }
        }
        return $allowedGroups;
    }

    public static function groupHasPermission( $group, $role ) {
        global $wgGroupPermissions, $wgRevokePermissions;
        return isset( $wgGroupPermissions[$group][$role] ) && $wgGroupPermissions[$group][$role]
            && !( isset( $wgRevokePermissions[$group][$role] ) && $wgRevokePermissions[$group][$role] );
    }

    public static function isEveryoneAllowed( $right ) {
        global $wgGroupPermissions, $wgRevokePermissions;
        static $cache = array();

        // Use the cached results, except in unit tests which rely on
        // being able change the permission mid-request
        if ( isset( $cache[$right] ) && !defined( 'MW_PHPUNIT_TEST' ) ) {
            return $cache[$right];
        }

        if ( !isset( $wgGroupPermissions['*'][$right] ) || !$wgGroupPermissions['*'][$right] ) {
            $cache[$right] = false;
            return false;
        }

        // If it's revoked anywhere, then everyone doesn't have it
        foreach ( $wgRevokePermissions as $rights ) {
            if ( isset( $rights[$right] ) && $rights[$right] ) {
                $cache[$right] = false;
                return false;
            }
        }

        // Allow extensions (e.g. OAuth) to say false
        if ( !wfRunHooks( 'UserIsEveryoneAllowed', array( $right ) ) ) {
            $cache[$right] = false;
            return false;
        }

        $cache[$right] = true;
        return true;
    }

    public static function getGroupName( $group ) {
        $msg = wfMessage( "group-$group" );
        return $msg->isBlank() ? $group : $msg->text();
    }

    public static function getGroupMember( $group, $username = '#' ) {
        $msg = wfMessage( "group-$group-member", $username );
        return $msg->isBlank() ? $group : $msg->text();
    }

    public static function getAllGroups() {
        global $wgGroupPermissions, $wgRevokePermissions;
        return array_diff(
            array_merge( array_keys( $wgGroupPermissions ), array_keys( $wgRevokePermissions ) ),
            self::getImplicitGroups()
        );
    }

    public static function getAllRights() {
        if ( self::$mAllRights === false ) {
            global $wgAvailableRights;
            if ( count( $wgAvailableRights ) ) {
                self::$mAllRights = array_unique( array_merge( self::$mCoreRights, $wgAvailableRights ) );
            } else {
                self::$mAllRights = self::$mCoreRights;
            }
            wfRunHooks( 'UserGetAllRights', array( &self::$mAllRights ) );
        }
        return self::$mAllRights;
    }

    public static function getImplicitGroups() {
        global $wgImplicitGroups;
        $groups = $wgImplicitGroups;
        wfRunHooks( 'UserGetImplicitGroups', array( &$groups ) );   #deprecated, use $wgImplictGroups instead
        return $groups;
    }

    public static function getGroupPage( $group ) {
        $msg = wfMessage( 'grouppage-' . $group )->inContentLanguage();
        if ( $msg->exists() ) {
            $title = Title::newFromText( $msg->text() );
            if ( is_object( $title ) ) {
                return $title;
            }
        }
        return false;
    }

    public static function makeGroupLinkHTML( $group, $text = '' ) {
        if ( $text == '' ) {
            $text = self::getGroupName( $group );
        }
        $title = self::getGroupPage( $group );
        if ( $title ) {
            return Linker::link( $title, htmlspecialchars( $text ) );
        } else {
            return $text;
        }
    }

    public static function makeGroupLinkWiki( $group, $text = '' ) {
        if ( $text == '' ) {
            $text = self::getGroupName( $group );
        }
        $title = self::getGroupPage( $group );
        if ( $title ) {
            $page = $title->getPrefixedText();
            return "[[$page|$text]]";
        } else {
            return $text;
        }
    }

    public static function changeableByGroup( $group ) {
        global $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf;

        $groups = array( 'add' => array(), 'remove' => array(), 'add-self' => array(), 'remove-self' => array() );
        if ( empty( $wgAddGroups[$group] ) ) {
            // Don't add anything to $groups
        } elseif ( $wgAddGroups[$group] === true ) {
            // You get everything
            $groups['add'] = self::getAllGroups();
        } elseif ( is_array( $wgAddGroups[$group] ) ) {
            $groups['add'] = $wgAddGroups[$group];
        }

        // Same thing for remove
        if ( empty( $wgRemoveGroups[$group] ) ) {
        } elseif ( $wgRemoveGroups[$group] === true ) {
            $groups['remove'] = self::getAllGroups();
        } elseif ( is_array( $wgRemoveGroups[$group] ) ) {
            $groups['remove'] = $wgRemoveGroups[$group];
        }

        // Re-map numeric keys of AddToSelf/RemoveFromSelf to the 'user' key for backwards compatibility
        if ( empty( $wgGroupsAddToSelf['user'] ) || $wgGroupsAddToSelf['user'] !== true ) {
            foreach ( $wgGroupsAddToSelf as $key => $value ) {
                if ( is_int( $key ) ) {
                    $wgGroupsAddToSelf['user'][] = $value;
                }
            }
        }

        if ( empty( $wgGroupsRemoveFromSelf['user'] ) || $wgGroupsRemoveFromSelf['user'] !== true ) {
            foreach ( $wgGroupsRemoveFromSelf as $key => $value ) {
                if ( is_int( $key ) ) {
                    $wgGroupsRemoveFromSelf['user'][] = $value;
                }
            }
        }

        // Now figure out what groups the user can add to him/herself
        if ( empty( $wgGroupsAddToSelf[$group] ) ) {
        } elseif ( $wgGroupsAddToSelf[$group] === true ) {
            // No idea WHY this would be used, but it's there
            $groups['add-self'] = User::getAllGroups();
        } elseif ( is_array( $wgGroupsAddToSelf[$group] ) ) {
            $groups['add-self'] = $wgGroupsAddToSelf[$group];
        }

        if ( empty( $wgGroupsRemoveFromSelf[$group] ) ) {
        } elseif ( $wgGroupsRemoveFromSelf[$group] === true ) {
            $groups['remove-self'] = User::getAllGroups();
        } elseif ( is_array( $wgGroupsRemoveFromSelf[$group] ) ) {
            $groups['remove-self'] = $wgGroupsRemoveFromSelf[$group];
        }

        return $groups;
    }

    public function changeableGroups() {
        if ( $this->isAllowed( 'userrights' ) ) {
            // This group gives the right to modify everything (reverse-
            // compatibility with old "userrights lets you change
            // everything")
            // Using array_merge to make the groups reindexed
            $all = array_merge( User::getAllGroups() );
            return array(
                'add' => $all,
                'remove' => $all,
                'add-self' => array(),
                'remove-self' => array()
            );
        }

        // Okay, it's not so simple, we will have to go through the arrays
        $groups = array(
            'add' => array(),
            'remove' => array(),
            'add-self' => array(),
            'remove-self' => array()
        );
        $addergroups = $this->getEffectiveGroups();

        foreach ( $addergroups as $addergroup ) {
            $groups = array_merge_recursive(
                $groups, $this->changeableByGroup( $addergroup )
            );
            $groups['add'] = array_unique( $groups['add'] );
            $groups['remove'] = array_unique( $groups['remove'] );
            $groups['add-self'] = array_unique( $groups['add-self'] );
            $groups['remove-self'] = array_unique( $groups['remove-self'] );
        }
        return $groups;
    }

    public function incEditCount() {
        if ( !$this->isAnon() ) {
            $dbw = wfGetDB( DB_MASTER );
            $dbw->update(
                'user',
                array( 'user_editcount=user_editcount+1' ),
                array( 'user_id' => $this->getId() ),
                __METHOD__
            );

            // Lazy initialization check...
            if ( $dbw->affectedRows() == 0 ) {
                // Now here's a goddamn hack...
                $dbr = wfGetDB( DB_SLAVE );
                if ( $dbr !== $dbw ) {
                    // If we actually have a slave server, the count is
                    // at least one behind because the current transaction
                    // has not been committed and replicated.
                    $this->initEditCount( 1 );
                } else {
                    // But if DB_SLAVE is selecting the master, then the
                    // count we just read includes the revision that was
                    // just added in the working transaction.
                    $this->initEditCount();
                }
            }
        }
        // edit count in user cache too
        $this->invalidateCache();
    }

    protected function initEditCount( $add = 0 ) {
        // Pull from a slave to be less cruel to servers
        // Accuracy isn't the point anyway here
        $dbr = wfGetDB( DB_SLAVE );
        $count = (int)$dbr->selectField(
            'revision',
            'COUNT(rev_user)',
            array( 'rev_user' => $this->getId() ),
            __METHOD__
        );
        $count = $count + $add;

        $dbw = wfGetDB( DB_MASTER );
        $dbw->update(
            'user',
            array( 'user_editcount' => $count ),
            array( 'user_id' => $this->getId() ),
            __METHOD__
        );

        return $count;
    }

    public static function getRightDescription( $right ) {
        $key = "right-$right";
        $msg = wfMessage( $key );
        return $msg->isBlank() ? $right : $msg->text();
    }

    public static function oldCrypt( $password, $userId ) {
        global $wgPasswordSalt;
        if ( $wgPasswordSalt ) {
            return md5( $userId . '-' . md5( $password ) );
        } else {
            return md5( $password );
        }
    }

    public static function crypt( $password, $salt = false ) {
        global $wgPasswordSalt;

        $hash = '';
        if ( !wfRunHooks( 'UserCryptPassword', array( &$password, &$salt, &$wgPasswordSalt, &$hash ) ) ) {
            return $hash;
        }

        if ( $wgPasswordSalt ) {
            if ( $salt === false ) {
                $salt = MWCryptRand::generateHex( 8 );
            }
            return ':B:' . $salt . ':' . md5( $salt . '-' . md5( $password ) );
        } else {
            return ':A:' . md5( $password );
        }
    }

    public static function comparePasswords( $hash, $password, $userId = false ) {
        $type = substr( $hash, 0, 3 );

        $result = false;
        if ( !wfRunHooks( 'UserComparePasswords', array( &$hash, &$password, &$userId, &$result ) ) ) {
            return $result;
        }

        if ( $type == ':A:' ) {
            // Unsalted
            return md5( $password ) === substr( $hash, 3 );
        } elseif ( $type == ':B:' ) {
            // Salted
            list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
            return md5( $salt . '-' . md5( $password ) ) === $realHash;
        } else {
            // Old-style
            return self::oldCrypt( $password, $userId ) === $hash;
        }
    }

    public function addNewUserLogEntry( $action = false, $reason = '' ) {
        global $wgUser, $wgNewUserLog;
        if ( empty( $wgNewUserLog ) ) {
            return true; // disabled
        }

        if ( $action === true ) {
            $action = 'byemail';
        } elseif ( $action === false ) {
            if ( $this->getName() == $wgUser->getName() ) {
                $action = 'create';
            } else {
                $action = 'create2';
            }
        }

        if ( $action === 'create' || $action === 'autocreate' ) {
            $performer = $this;
        } else {
            $performer = $wgUser;
        }

        $logEntry = new ManualLogEntry( 'newusers', $action );
        $logEntry->setPerformer( $performer );
        $logEntry->setTarget( $this->getUserPage() );
        $logEntry->setComment( $reason );
        $logEntry->setParameters( array(
            '4::userid' => $this->getId(),
        ) );
        $logid = $logEntry->insert();

        if ( $action !== 'autocreate' ) {
            $logEntry->publish( $logid );
        }

        return (int)$logid;
    }

    public function addNewUserLogEntryAutoCreate() {
        $this->addNewUserLogEntry( 'autocreate' );

        return true;
    }

    protected function loadOptions( $data = null ) {
        global $wgContLang;

        $this->load();

        if ( $this->mOptionsLoaded ) {
            return;
        }

        $this->mOptions = self::getDefaultOptions();

        if ( !$this->getId() ) {
            // For unlogged-in users, load language/variant options from request.
            // There's no need to do it for logged-in users: they can set preferences,
            // and handling of page content is done by $pageLang->getPreferredVariant() and such,
            // so don't override user's choice (especially when the user chooses site default).
            $variant = $wgContLang->getDefaultVariant();
            $this->mOptions['variant'] = $variant;
            $this->mOptions['language'] = $variant;
            $this->mOptionsLoaded = true;
            return;
        }

        // Maybe load from the object
        if ( !is_null( $this->mOptionOverrides ) ) {
            wfDebug( "User: loading options for user " . $this->getId() . " from override cache.\n" );
            foreach ( $this->mOptionOverrides as $key => $value ) {
                $this->mOptions[$key] = $value;
            }
        } else {
            if ( !is_array( $data ) ) {
                wfDebug( "User: loading options for user " . $this->getId() . " from database.\n" );
                // Load from database
                $dbr = wfGetDB( DB_SLAVE );

                $res = $dbr->select(
                    'user_properties',
                    array( 'up_property', 'up_value' ),
                    array( 'up_user' => $this->getId() ),
                    __METHOD__
                );

                $this->mOptionOverrides = array();
                $data = array();
                foreach ( $res as $row ) {
                    $data[$row->up_property] = $row->up_value;
                }
            }
            foreach ( $data as $property => $value ) {
                $this->mOptionOverrides[$property] = $value;
                $this->mOptions[$property] = $value;
            }
        }

        $this->mOptionsLoaded = true;

        wfRunHooks( 'UserLoadOptions', array( $this, &$this->mOptions ) );
    }

    protected function saveOptions() {
        $this->loadOptions();

        // Not using getOptions(), to keep hidden preferences in database
        $saveOptions = $this->mOptions;

        // Allow hooks to abort, for instance to save to a global profile.
        // Reset options to default state before saving.
        if ( !wfRunHooks( 'UserSaveOptions', array( $this, &$saveOptions ) ) ) {
            return;
        }

        $userId = $this->getId();
        $insert_rows = array();
        foreach ( $saveOptions as $key => $value ) {
            // Don't bother storing default values
            $defaultOption = self::getDefaultOption( $key );
            if ( ( is_null( $defaultOption ) &&
                !( $value === false || is_null( $value ) ) ) ||
                $value != $defaultOption
            ) {
                $insert_rows[] = array(
                    'up_user' => $userId,
                    'up_property' => $key,
                    'up_value' => $value,
                );
            }
        }

        $dbw = wfGetDB( DB_MASTER );
        // Find and delete any prior preference rows...
        $res = $dbw->select( 'user_properties',
            array( 'up_property' ), array( 'up_user' => $userId ), __METHOD__ );
        $priorKeys = array();
        foreach ( $res as $row ) {
            $priorKeys[] = $row->up_property;
        }
        if ( count( $priorKeys ) ) {
            // Do the DELETE by PRIMARY KEY for prior rows.
            // In the past a very large portion of calls to this function are for setting
            // 'rememberpassword' for new accounts (a preference that has since been removed).
            // Doing a blanket per-user DELETE for new accounts with no rows in the table
            // caused gap locks on [max user ID,+infinity) which caused high contention since
            // updates would pile up on each other as they are for higher (newer) user IDs.
            // It might not be necessary these days, but it shouldn't hurt either.
            $dbw->delete( 'user_properties',
                array( 'up_user' => $userId, 'up_property' => $priorKeys ), __METHOD__ );
        }
        // Insert the new preference rows
        $dbw->insert( 'user_properties', $insert_rows, __METHOD__, array( 'IGNORE' ) );
    }

    public static function passwordChangeInputAttribs() {
        global $wgMinimalPasswordLength;

        if ( $wgMinimalPasswordLength == 0 ) {
            return array();
        }

        # Note that the pattern requirement will always be satisfied if the
        # input is empty, so we need required in all cases.
        #
        # @todo FIXME: Bug 23769: This needs to not claim the password is required
        # if e-mail confirmation is being used.  Since HTML5 input validation
        # is b0rked anyway in some browsers, just return nothing.  When it's
        # re-enabled, fix this code to not output required for e-mail
        # registration.
        #$ret = array( 'required' );
        $ret = array();

        # We can't actually do this right now, because Opera 9.6 will print out
        # the entered password visibly in its error message!  When other
        # browsers add support for this attribute, or Opera fixes its support,
        # we can add support with a version check to avoid doing this on Opera
        # versions where it will be a problem.  Reported to Opera as
        # DSK-262266, but they don't have a public bug tracker for us to follow.
        /*
        if ( $wgMinimalPasswordLength > 1 ) {
            $ret['pattern'] = '.{' . intval( $wgMinimalPasswordLength ) . ',}';
            $ret['title'] = wfMessage( 'passwordtooshort' )
                ->numParams( $wgMinimalPasswordLength )->text();
        }
        */

        return $ret;
    }

    public static function selectFields() {
        return array(
            'user_id',
            'user_name',
            'user_real_name',
            'user_password',
            'user_newpassword',
            'user_newpass_time',
            'user_email',
            'user_touched',
            'user_token',
            'user_email_authenticated',
            'user_email_token',
            'user_email_token_expires',
            'user_password_expires',
            'user_registration',
            'user_editcount',
        );
    }

    static function newFatalPermissionDeniedStatus( $permission ) {
        global $wgLang;

        $groups = array_map(
            array( 'User', 'makeGroupLinkWiki' ),
            User::getGroupsWithPermission( $permission )
        );

        if ( $groups ) {
            return Status::newFatal( 'badaccess-groups', $wgLang->commaList( $groups ), count( $groups ) );
        } else {
            return Status::newFatal( 'badaccess-group0' );
        }
    }
}