Inspection of "Some minor bugfixes for newinternal" - enwikipedia-acc/waca - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — newinternal (#285)

by Simon

created 2017-02-18 21:51 UTC

Status

Indentation +113 added lines, -113 removed lines patch added patch discarded remove patch

@@ -14,117 +14,117 @@
 block discarded – undo
 
 class RequestSearchHelper extends SearchHelperBase
 {
-    /**
-     * RequestSearchHelper constructor.
-     *
-     * @param PdoDatabase $database
-     */
-    protected function __construct(PdoDatabase $database)
-    {
-        parent::__construct($database, 'request', Request::class);
-    }
-
-    /**
-     * Initiates a search for requests
-     *
-     * @param PdoDatabase $database
-     *
-     * @return RequestSearchHelper
-     */
-    public static function get(PdoDatabase $database)
-    {
-        $helper = new RequestSearchHelper($database);
-
-        return $helper;
-    }
-
-    /**
-     * Filters the results by IP address
-     *
-     * @param string $ipAddress
-     *
-     * @return $this
-     */
-    public function byIp($ipAddress)
-    {
-        $this->whereClause .= ' AND (ip LIKE ? OR forwardedip LIKE ?)';
-        $this->parameterList[] = $ipAddress;
-        $this->parameterList[] = '%' . trim($ipAddress, '%') . '%';
-
-        return $this;
-    }
-
-    /**
-     * Filters the results by email address
-     *
-     * @param string $emailAddress
-     *
-     * @return $this
-     */
-    public function byEmailAddress($emailAddress)
-    {
-        $this->whereClause .= ' AND email LIKE ?';
-        $this->parameterList[] = $emailAddress;
-
-        return $this;
-    }
-
-    /**
-     * Filters the results by name
-     *
-     * @param string $name
-     *
-     * @return $this
-     */
-    public function byName($name)
-    {
-        $this->whereClause .= ' AND name LIKE ?';
-        $this->parameterList[] = $name;
-
-        return $this;
-    }
-
-    /**
-     * Excludes a request from the results
-     *
-     * @param int $requestId
-     *
-     * @return $this
-     */
-    public function excludingRequest($requestId)
-    {
-        $this->whereClause .= ' AND id <> ?';
-        $this->parameterList[] = $requestId;
-
-        return $this;
-    }
-
-    /**
-     * Filters the results to only those with a confirmed email address
-     *
-     * @return $this
-     */
-    public function withConfirmedEmail()
-    {
-        $this->whereClause .= ' AND emailconfirm = ?';
-        $this->parameterList[] = 'Confirmed';
-
-        return $this;
-    }
-
-    /**
-     * Filters the results to exclude purged data
-     *
-     * @param SiteConfiguration $configuration
-     *
-     * @return $this
-     */
-    public function excludingPurgedData(SiteConfiguration $configuration)
-    {
-        $this->whereClause .= ' AND ip <> ? AND email <> ?';
-        $this->parameterList[] = $configuration->getDataClearIp();
-        $this->parameterList[] = $configuration->getDataClearEmail();
-
-        return $this;
-    }
+	/**
+	 * RequestSearchHelper constructor.
+	 *
+	 * @param PdoDatabase $database
+	 */
+	protected function __construct(PdoDatabase $database)
+	{
+		parent::__construct($database, 'request', Request::class);
+	}
+
+	/**
+	 * Initiates a search for requests
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return RequestSearchHelper
+	 */
+	public static function get(PdoDatabase $database)
+	{
+		$helper = new RequestSearchHelper($database);
+
+		return $helper;
+	}
+
+	/**
+	 * Filters the results by IP address
+	 *
+	 * @param string $ipAddress
+	 *
+	 * @return $this
+	 */
+	public function byIp($ipAddress)
+	{
+		$this->whereClause .= ' AND (ip LIKE ? OR forwardedip LIKE ?)';
+		$this->parameterList[] = $ipAddress;
+		$this->parameterList[] = '%' . trim($ipAddress, '%') . '%';
+
+		return $this;
+	}
+
+	/**
+	 * Filters the results by email address
+	 *
+	 * @param string $emailAddress
+	 *
+	 * @return $this
+	 */
+	public function byEmailAddress($emailAddress)
+	{
+		$this->whereClause .= ' AND email LIKE ?';
+		$this->parameterList[] = $emailAddress;
+
+		return $this;
+	}
+
+	/**
+	 * Filters the results by name
+	 *
+	 * @param string $name
+	 *
+	 * @return $this
+	 */
+	public function byName($name)
+	{
+		$this->whereClause .= ' AND name LIKE ?';
+		$this->parameterList[] = $name;
+
+		return $this;
+	}
+
+	/**
+	 * Excludes a request from the results
+	 *
+	 * @param int $requestId
+	 *
+	 * @return $this
+	 */
+	public function excludingRequest($requestId)
+	{
+		$this->whereClause .= ' AND id <> ?';
+		$this->parameterList[] = $requestId;
+
+		return $this;
+	}
+
+	/**
+	 * Filters the results to only those with a confirmed email address
+	 *
+	 * @return $this
+	 */
+	public function withConfirmedEmail()
+	{
+		$this->whereClause .= ' AND emailconfirm = ?';
+		$this->parameterList[] = 'Confirmed';
+
+		return $this;
+	}
+
+	/**
+	 * Filters the results to exclude purged data
+	 *
+	 * @param SiteConfiguration $configuration
+	 *
+	 * @return $this
+	 */
+	public function excludingPurgedData(SiteConfiguration $configuration)
+	{
+		$this->whereClause .= ' AND ip <> ? AND email <> ?';
+		$this->parameterList[] = $configuration->getDataClearIp();
+		$this->parameterList[] = $configuration->getDataClearEmail();
+
+		return $this;
+	}
 }
\ No newline at end of file

Please login to merge, or discard this patch.

includes/Helpers/SearchHelpers/LogSearchHelper.php 1 patch

Indentation +73 added lines, -73 removed lines patch added patch discarded remove patch

@@ -13,87 +13,87 @@
 block discarded – undo
 
 class LogSearchHelper extends SearchHelperBase
 {
-    /**
-     * LogSearchHelper constructor.
-     *
-     * @param PdoDatabase $database
-     */
-    protected function __construct(PdoDatabase $database)
-    {
-        parent::__construct($database, 'log', Log::class, 'timestamp DESC');
-    }
+	/**
+	 * LogSearchHelper constructor.
+	 *
+	 * @param PdoDatabase $database
+	 */
+	protected function __construct(PdoDatabase $database)
+	{
+		parent::__construct($database, 'log', Log::class, 'timestamp DESC');
+	}
 
-    /**
-     * Initiates a search for requests
-     *
-     * @param PdoDatabase $database
-     *
-     * @return LogSearchHelper
-     */
-    public static function get(PdoDatabase $database)
-    {
-        $helper = new LogSearchHelper($database);
+	/**
+	 * Initiates a search for requests
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return LogSearchHelper
+	 */
+	public static function get(PdoDatabase $database)
+	{
+		$helper = new LogSearchHelper($database);
 
-        return $helper;
-    }
+		return $helper;
+	}
 
-    /**
-     * Filters the results by user
-     *
-     * @param int $userId
-     *
-     * @return $this
-     */
-    public function byUser($userId)
-    {
-        $this->whereClause .= ' AND user = ?';
-        $this->parameterList[] = $userId;
+	/**
+	 * Filters the results by user
+	 *
+	 * @param int $userId
+	 *
+	 * @return $this
+	 */
+	public function byUser($userId)
+	{
+		$this->whereClause .= ' AND user = ?';
+		$this->parameterList[] = $userId;
 
-        return $this;
-    }
+		return $this;
+	}
 
-    /**
-     * Filters the results by log action
-     *
-     * @param string $action
-     *
-     * @return $this
-     */
-    public function byAction($action)
-    {
-        $this->whereClause .= ' AND action = ?';
-        $this->parameterList[] = $action;
+	/**
+	 * Filters the results by log action
+	 *
+	 * @param string $action
+	 *
+	 * @return $this
+	 */
+	public function byAction($action)
+	{
+		$this->whereClause .= ' AND action = ?';
+		$this->parameterList[] = $action;
 
-        return $this;
-    }
+		return $this;
+	}
 
-    /**
-     * Filters the results by object type
-     *
-     * @param string $objectType
-     *
-     * @return $this
-     */
-    public function byObjectType($objectType)
-    {
-        $this->whereClause .= ' AND objecttype = ?';
-        $this->parameterList[] = $objectType;
+	/**
+	 * Filters the results by object type
+	 *
+	 * @param string $objectType
+	 *
+	 * @return $this
+	 */
+	public function byObjectType($objectType)
+	{
+		$this->whereClause .= ' AND objecttype = ?';
+		$this->parameterList[] = $objectType;
 
-        return $this;
-    }
+		return $this;
+	}
 
-    /**
-     * Filters the results by object type
-     *
-     * @param integer $objectId
-     *
-     * @return $this
-     */
-    public function byObjectId($objectId)
-    {
-        $this->whereClause .= ' AND objectid = ?';
-        $this->parameterList[] = $objectId;
+	/**
+	 * Filters the results by object type
+	 *
+	 * @param integer $objectId
+	 *
+	 * @return $this
+	 */
+	public function byObjectId($objectId)
+	{
+		$this->whereClause .= ' AND objectid = ?';
+		$this->parameterList[] = $objectId;
 
-        return $this;
-    }
+		return $this;
+	}
 }
\ No newline at end of file

Please login to merge, or discard this patch.

includes/Helpers/SearchHelpers/SearchHelperBase.php 1 patch

Indentation +178 added lines, -178 removed lines patch added patch discarded remove patch

@@ -15,182 +15,182 @@
 block discarded – undo
 
 abstract class SearchHelperBase
 {
-    /** @var PdoDatabase */
-    protected $database;
-    /** @var array */
-    protected $parameterList = array();
-    /** @var null|int */
-    private $limit = null;
-    /** @var null|int */
-    private $offset = null;
-    private $orderBy = null;
-    /**
-     * @var string The where clause.
-     *
-     * (the 1=1 condition will be optimised out of the query by the query planner, and simplifies our code here). Note
-     * that we use positional parameters instead of named parameters because we don't know many times different options
-     * will be called (looking at excluding() here, but there's the option for others).
-     */
-    protected $whereClause = ' WHERE 1 = 1';
-    /** @var string */
-    protected $table;
-    protected $joinClause = '';
-    private $targetClass;
-
-    /**
-     * SearchHelperBase constructor.
-     *
-     * @param PdoDatabase $database
-     * @param string      $table
-     * @param             $targetClass
-     * @param null|string $order Order by clause, excluding ORDER BY.
-     */
-    protected function __construct(PdoDatabase $database, $table, $targetClass, $order = null)
-    {
-        $this->database = $database;
-        $this->table = $table;
-        $this->orderBy = $order;
-        $this->targetClass = $targetClass;
-    }
-
-    /**
-     * Finalises the database query, and executes it, returning a set of objects.
-     *
-     * @return DataObject[]
-     */
-    public function fetch()
-    {
-        $statement = $this->getData();
-
-        /** @var DataObject[] $returnedObjects */
-        $returnedObjects = $statement->fetchAll(PDO::FETCH_CLASS, $this->targetClass);
-        foreach ($returnedObjects as $req) {
-            $req->setDatabase($this->database);
-        }
-
-        return $returnedObjects;
-    }
-
-    /**
-     * Finalises the database query, and executes it, returning only the requested column.
-     *
-     * @param string $column The required column
-     * @return array
-     */
-    public function fetchColumn($column){
-        $statement = $this->getData($column);
-
-        return $statement->fetchAll(PDO::FETCH_COLUMN);
-    }
-
-    /**
-     * @param int $count Returns the record count of the result set
-     *
-     * @return $this
-     */
-    public function getRecordCount(&$count)
-    {
-        $query = 'SELECT /* SearchHelper */ COUNT(*) FROM ' . $this->table . ' origin ';
-        $query .= $this->joinClause . $this->whereClause;
-
-        $statement = $this->database->prepare($query);
-        $statement->execute($this->parameterList);
-
-        $count = $statement->fetchColumn(0);
-        $statement->closeCursor();
-
-        return $this;
-    }
-
-    /**
-     * Limits the results
-     *
-     * @param integer      $limit
-     * @param integer|null $offset
-     *
-     * @return $this
-     *
-     */
-    public function limit($limit, $offset = null)
-    {
-        $this->limit = $limit;
-        $this->offset = $offset;
-
-        return $this;
-    }
-
-    private function applyLimit()
-    {
-        $clause = '';
-        if ($this->limit !== null) {
-            $clause = ' LIMIT ?';
-            $this->parameterList[] = $this->limit;
-
-            if ($this->offset !== null) {
-                $clause .= ' OFFSET ?';
-                $this->parameterList[] = $this->offset;
-            }
-        }
-
-        return $clause;
-    }
-
-    private function applyOrder()
-    {
-        if ($this->orderBy !== null) {
-            return ' ORDER BY ' . $this->orderBy;
-        }
-
-        return '';
-    }
-
-    /**
-     * @param $column
-     *
-     * @return PDOStatement
-     */
-    private function getData($column = '*')
-    {
-        $query = $this->buildQuery($column);
-        $query .= $this->applyOrder();
-        $query .= $this->applyLimit();
-
-        $statement = $this->database->prepare($query);
-        $statement->execute($this->parameterList);
-
-        return $statement;
-    }
-
-    /**
-     * @param $column
-     *
-     * @return string
-     */
-    protected function buildQuery($column)
-    {
-        $query = 'SELECT /* SearchHelper */ origin.' . $column . ' FROM ' . $this->table . ' origin ';
-        $query .= $this->joinClause . $this->whereClause;
-
-        return $query;
-    }
-
-    public function inIds($idList) {
-        $this->inClause('id', $idList);
-        return $this;
-    }
-
-    protected function inClause($column, $values) {
-        if (count($values) === 0) {
-            return;
-        }
-
-        // Urgh. OK. You can't use IN() with parameters directly, so let's munge something together.
-        $valueCount = count($values);
-
-        // Firstly, let's create a string of question marks, which will do as positional parameters.
-        $inSection = str_repeat('?,', $valueCount - 1) . '?';
-
-        $this->whereClause .= " AND {$column} IN ({$inSection})";
-        $this->parameterList = array_merge($this->parameterList, $values);
-    }
+	/** @var PdoDatabase */
+	protected $database;
+	/** @var array */
+	protected $parameterList = array();
+	/** @var null|int */
+	private $limit = null;
+	/** @var null|int */
+	private $offset = null;
+	private $orderBy = null;
+	/**
+	 * @var string The where clause.
+	 *
+	 * (the 1=1 condition will be optimised out of the query by the query planner, and simplifies our code here). Note
+	 * that we use positional parameters instead of named parameters because we don't know many times different options
+	 * will be called (looking at excluding() here, but there's the option for others).
+	 */
+	protected $whereClause = ' WHERE 1 = 1';
+	/** @var string */
+	protected $table;
+	protected $joinClause = '';
+	private $targetClass;
+
+	/**
+	 * SearchHelperBase constructor.
+	 *
+	 * @param PdoDatabase $database
+	 * @param string      $table
+	 * @param             $targetClass
+	 * @param null|string $order Order by clause, excluding ORDER BY.
+	 */
+	protected function __construct(PdoDatabase $database, $table, $targetClass, $order = null)
+	{
+		$this->database = $database;
+		$this->table = $table;
+		$this->orderBy = $order;
+		$this->targetClass = $targetClass;
+	}
+
+	/**
+	 * Finalises the database query, and executes it, returning a set of objects.
+	 *
+	 * @return DataObject[]
+	 */
+	public function fetch()
+	{
+		$statement = $this->getData();
+
+		/** @var DataObject[] $returnedObjects */
+		$returnedObjects = $statement->fetchAll(PDO::FETCH_CLASS, $this->targetClass);
+		foreach ($returnedObjects as $req) {
+			$req->setDatabase($this->database);
+		}
+
+		return $returnedObjects;
+	}
+
+	/**
+	 * Finalises the database query, and executes it, returning only the requested column.
+	 *
+	 * @param string $column The required column
+	 * @return array
+	 */
+	public function fetchColumn($column){
+		$statement = $this->getData($column);
+
+		return $statement->fetchAll(PDO::FETCH_COLUMN);
+	}
+
+	/**
+	 * @param int $count Returns the record count of the result set
+	 *
+	 * @return $this
+	 */
+	public function getRecordCount(&$count)
+	{
+		$query = 'SELECT /* SearchHelper */ COUNT(*) FROM ' . $this->table . ' origin ';
+		$query .= $this->joinClause . $this->whereClause;
+
+		$statement = $this->database->prepare($query);
+		$statement->execute($this->parameterList);
+
+		$count = $statement->fetchColumn(0);
+		$statement->closeCursor();
+
+		return $this;
+	}
+
+	/**
+	 * Limits the results
+	 *
+	 * @param integer      $limit
+	 * @param integer|null $offset
+	 *
+	 * @return $this
+	 *
+	 */
+	public function limit($limit, $offset = null)
+	{
+		$this->limit = $limit;
+		$this->offset = $offset;
+
+		return $this;
+	}
+
+	private function applyLimit()
+	{
+		$clause = '';
+		if ($this->limit !== null) {
+			$clause = ' LIMIT ?';
+			$this->parameterList[] = $this->limit;
+
+			if ($this->offset !== null) {
+				$clause .= ' OFFSET ?';
+				$this->parameterList[] = $this->offset;
+			}
+		}
+
+		return $clause;
+	}
+
+	private function applyOrder()
+	{
+		if ($this->orderBy !== null) {
+			return ' ORDER BY ' . $this->orderBy;
+		}
+
+		return '';
+	}
+
+	/**
+	 * @param $column
+	 *
+	 * @return PDOStatement
+	 */
+	private function getData($column = '*')
+	{
+		$query = $this->buildQuery($column);
+		$query .= $this->applyOrder();
+		$query .= $this->applyLimit();
+
+		$statement = $this->database->prepare($query);
+		$statement->execute($this->parameterList);
+
+		return $statement;
+	}
+
+	/**
+	 * @param $column
+	 *
+	 * @return string
+	 */
+	protected function buildQuery($column)
+	{
+		$query = 'SELECT /* SearchHelper */ origin.' . $column . ' FROM ' . $this->table . ' origin ';
+		$query .= $this->joinClause . $this->whereClause;
+
+		return $query;
+	}
+
+	public function inIds($idList) {
+		$this->inClause('id', $idList);
+		return $this;
+	}
+
+	protected function inClause($column, $values) {
+		if (count($values) === 0) {
+			return;
+		}
+
+		// Urgh. OK. You can't use IN() with parameters directly, so let's munge something together.
+		$valueCount = count($values);
+
+		// Firstly, let's create a string of question marks, which will do as positional parameters.
+		$inSection = str_repeat('?,', $valueCount - 1) . '?';
+
+		$this->whereClause .= " AND {$column} IN ({$inSection})";
+		$this->parameterList = array_merge($this->parameterList, $values);
+	}
 }

Please login to merge, or discard this patch.

includes/Tasks/PageBase.php 1 patch

Indentation +337 added lines, -337 removed lines patch added patch discarded remove patch

@@ -20,341 +20,341 @@
 block discarded – undo
 
 abstract class PageBase extends TaskBase implements IRoutedTask
 {
-    use TemplateOutput;
-    /** @var string Smarty template to display */
-    protected $template = "base.tpl";
-    /** @var string HTML title. Currently unused. */
-    protected $htmlTitle;
-    /** @var bool Determines if the page is a redirect or not */
-    protected $isRedirecting = false;
-    /** @var array Queue of headers to be sent on successful completion */
-    protected $headerQueue = array();
-    /** @var string The name of the route to use, as determined by the request router. */
-    private $routeName = null;
-    /** @var TokenManager */
-    protected $tokenManager;
-    /** @var string[] Extra CSS files to include */
-    private $extraCss = array();
-    /** @var string[] Extra JS files to include */
-    private $extraJs = array();
-
-    /**
-     * Sets the route the request will take. Only should be called from the request router or barrier test.
-     *
-     * @param string $routeName        The name of the route
-     * @param bool   $skipCallableTest Don't use this unless you know what you're doing, and what the implications are.
-     *
-     * @throws Exception
-     * @category Security-Critical
-     */
-    final public function setRoute($routeName, $skipCallableTest = false)
-    {
-        // Test the new route is callable before adopting it.
-        if (!$skipCallableTest && !is_callable(array($this, $routeName))) {
-            throw new Exception("Proposed route '$routeName' is not callable.");
-        }
-
-        // Adopt the new route
-        $this->routeName = $routeName;
-    }
-
-    /**
-     * Gets the name of the route that has been passed from the request router.
-     * @return string
-     */
-    final public function getRouteName()
-    {
-        return $this->routeName;
-    }
-
-    /**
-     * Performs generic page setup actions
-     */
-    final protected function setupPage()
-    {
-        $this->setUpSmarty();
-
-        $siteNoticeText = SiteNotice::get($this->getDatabase());
-
-        $this->assign('siteNoticeText', $siteNoticeText);
-
-        $currentUser = User::getCurrent($this->getDatabase());
-        $this->assign('currentUser', $currentUser);
-        $this->assign('loggedIn', (!$currentUser->isCommunityUser()));
-    }
-
-    /**
-     * Runs the page logic as routed by the RequestRouter
-     *
-     * Only should be called after a security barrier! That means only from execute().
-     */
-    final protected function runPage()
-    {
-        $database = $this->getDatabase();
-
-        // initialise a database transaction
-        if (!$database->beginTransaction()) {
-            throw new Exception('Failed to start transaction on primary database.');
-        }
-
-        try {
-            // run the page code
-            $this->{$this->getRouteName()}();
-
-            $database->commit();
-        }
-        catch (ApplicationLogicException $ex) {
-            // it's an application logic exception, so nothing went seriously wrong with the site. We can use the
-            // standard templating system for this.
-
-            // Firstly, let's undo anything that happened to the database.
-            $database->rollBack();
-
-            // Reset smarty
-            $this->setUpSmarty();
-
-            // Set the template
-            $this->setTemplate('exception/application-logic.tpl');
-            $this->assign('message', $ex->getMessage());
-
-            // Force this back to false
-            $this->isRedirecting = false;
-            $this->headerQueue = array();
-        }
-        catch (OptimisticLockFailedException $ex) {
-            // it's an optimistic lock failure exception, so nothing went seriously wrong with the site. We can use the
-            // standard templating system for this.
-
-            // Firstly, let's undo anything that happened to the database.
-            $database->rollBack();
-
-            // Reset smarty
-            $this->setUpSmarty();
-
-            // Set the template
-            $this->setTemplate('exception/optimistic-lock-failure.tpl');
-            $this->assign('message', $ex->getMessage());
-
-            // Force this back to false
-            $this->isRedirecting = false;
-            $this->headerQueue = array();
-        }
-        finally {
-            // Catch any hanging on transactions
-            if ($database->hasActiveTransaction()) {
-                $database->rollBack();
-            }
-        }
-
-        // run any finalisation code needed before we send the output to the browser.
-        $this->finalisePage();
-
-        // Send the headers
-        $this->sendResponseHeaders();
-
-        // Check we have a template to use!
-        if ($this->template !== null) {
-            $content = $this->fetchTemplate($this->template);
-            ob_clean();
-            print($content);
-            ob_flush();
-
-            return;
-        }
-    }
-
-    /**
-     * Performs final tasks needed before rendering the page.
-     */
-    protected function finalisePage()
-    {
-        if ($this->isRedirecting) {
-            $this->template = null;
-
-            return;
-        }
-
-        $this->assign('extraCss', $this->extraCss);
-        $this->assign('extraJs', $this->extraJs);
-
-        // If we're actually displaying content, we want to add the session alerts here!
-        $this->assign('alerts', SessionAlert::getAlerts());
-        SessionAlert::clearAlerts();
-
-        $this->assign('htmlTitle', $this->htmlTitle);
-    }
-
-    /**
-     * @return TokenManager
-     */
-    public function getTokenManager()
-    {
-        return $this->tokenManager;
-    }
-
-    /**
-     * @param TokenManager $tokenManager
-     */
-    public function setTokenManager($tokenManager)
-    {
-        $this->tokenManager = $tokenManager;
-    }
-
-    /**
-     * Sends the redirect headers to perform a GET at the destination page.
-     *
-     * Also nullifies the set template so Smarty does not render it.
-     *
-     * @param string      $page   The page to redirect requests to (as used in the UR)
-     * @param null|string $action The action to use on the page.
-     * @param null|array  $parameters
-     * @param null|string $script The script (relative to index.php) to redirect to
-     */
-    final protected function redirect($page = '', $action = null, $parameters = null, $script = null)
-    {
-        $currentScriptName = WebRequest::scriptName();
-
-        // Are we changing script?
-        if ($script === null || substr($currentScriptName, -1 * count($script)) === $script) {
-            $targetScriptName = $currentScriptName;
-        }
-        else {
-            $targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
-        }
-
-        $pathInfo = array($targetScriptName);
-
-        $pathInfo[1] = $page;
-
-        if ($action !== null) {
-            $pathInfo[2] = $action;
-        }
-
-        $url = implode('/', $pathInfo);
-
-        if (is_array($parameters) && count($parameters) > 0) {
-            $url .= '?' . http_build_query($parameters);
-        }
-
-        $this->redirectUrl($url);
-    }
-
-    /**
-     * Sends the redirect headers to perform a GET at the new address.
-     *
-     * Also nullifies the set template so Smarty does not render it.
-     *
-     * @param string $path URL to redirect to
-     */
-    final protected function redirectUrl($path)
-    {
-        // 303 See Other = re-request at new address with a GET.
-        $this->headerQueue[] = 'HTTP/1.1 303 See Other';
-        $this->headerQueue[] = "Location: $path";
-
-        $this->setTemplate(null);
-        $this->isRedirecting = true;
-    }
-
-    /**
-     * Sets the name of the template this page should display.
-     *
-     * @param string $name
-     *
-     * @throws Exception
-     */
-    final protected function setTemplate($name)
-    {
-        if ($this->isRedirecting) {
-            throw new Exception('This page has been set as a redirect, no template can be displayed!');
-        }
-
-        $this->template = $name;
-    }
-
-    /**
-     * Adds an extra CSS file to to the page
-     *
-     * @param string $path The path (relative to the application root) of the file
-     */
-    final protected function addCss($path) {
-        if(in_array($path, $this->extraCss)){
-            // nothing to do
-            return;
-        }
-
-        $this->extraCss[] = $path;
-    }
-
-    /**
-     * Adds an extra JS file to to the page
-     *
-     * @param string $path The path (relative to the application root) of the file
-     */
-    final protected function addJs($path){
-        if(in_array($path, $this->extraJs)){
-            // nothing to do
-            return;
-        }
-
-        $this->extraJs[] = $path;
-    }
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    abstract protected function main();
-
-    /**
-     * @param string $title
-     */
-    final protected function setHtmlTitle($title)
-    {
-        $this->htmlTitle = $title;
-    }
-
-    public function execute()
-    {
-        if ($this->getRouteName() === null) {
-            throw new Exception('Request is unrouted.');
-        }
-
-        if ($this->getSiteConfiguration() === null) {
-            throw new Exception('Page has no configuration!');
-        }
-
-        $this->setupPage();
-
-        $this->runPage();
-    }
-
-    public function assignCSRFToken()
-    {
-        $token = $this->tokenManager->getNewToken();
-        $this->assign('csrfTokenData', $token->getTokenData());
-    }
-
-    public function validateCSRFToken()
-    {
-        if (!$this->tokenManager->validateToken(WebRequest::postString('csrfTokenData'))) {
-            throw new ApplicationLogicException('Form token is not valid, please reload and try again');
-        }
-    }
-
-    protected function sendResponseHeaders()
-    {
-        if (headers_sent()) {
-            throw new ApplicationLogicException          ('Headers have already been sent! This is likely a bug in the application.');
-        }
-
-        foreach ($this->headerQueue as $item) {
-            if (mb_strpos($item, "\r") !== false || mb_strpos($item, "\n") !== false) {
-                // Oops. We're not allowed to do this.
-                throw new Exception('Unable to split header');
-            }
-
-            header($item);
-        }
-    }
+	use TemplateOutput;
+	/** @var string Smarty template to display */
+	protected $template = "base.tpl";
+	/** @var string HTML title. Currently unused. */
+	protected $htmlTitle;
+	/** @var bool Determines if the page is a redirect or not */
+	protected $isRedirecting = false;
+	/** @var array Queue of headers to be sent on successful completion */
+	protected $headerQueue = array();
+	/** @var string The name of the route to use, as determined by the request router. */
+	private $routeName = null;
+	/** @var TokenManager */
+	protected $tokenManager;
+	/** @var string[] Extra CSS files to include */
+	private $extraCss = array();
+	/** @var string[] Extra JS files to include */
+	private $extraJs = array();
+
+	/**
+	 * Sets the route the request will take. Only should be called from the request router or barrier test.
+	 *
+	 * @param string $routeName        The name of the route
+	 * @param bool   $skipCallableTest Don't use this unless you know what you're doing, and what the implications are.
+	 *
+	 * @throws Exception
+	 * @category Security-Critical
+	 */
+	final public function setRoute($routeName, $skipCallableTest = false)
+	{
+		// Test the new route is callable before adopting it.
+		if (!$skipCallableTest && !is_callable(array($this, $routeName))) {
+			throw new Exception("Proposed route '$routeName' is not callable.");
+		}
+
+		// Adopt the new route
+		$this->routeName = $routeName;
+	}
+
+	/**
+	 * Gets the name of the route that has been passed from the request router.
+	 * @return string
+	 */
+	final public function getRouteName()
+	{
+		return $this->routeName;
+	}
+
+	/**
+	 * Performs generic page setup actions
+	 */
+	final protected function setupPage()
+	{
+		$this->setUpSmarty();
+
+		$siteNoticeText = SiteNotice::get($this->getDatabase());
+
+		$this->assign('siteNoticeText', $siteNoticeText);
+
+		$currentUser = User::getCurrent($this->getDatabase());
+		$this->assign('currentUser', $currentUser);
+		$this->assign('loggedIn', (!$currentUser->isCommunityUser()));
+	}
+
+	/**
+	 * Runs the page logic as routed by the RequestRouter
+	 *
+	 * Only should be called after a security barrier! That means only from execute().
+	 */
+	final protected function runPage()
+	{
+		$database = $this->getDatabase();
+
+		// initialise a database transaction
+		if (!$database->beginTransaction()) {
+			throw new Exception('Failed to start transaction on primary database.');
+		}
+
+		try {
+			// run the page code
+			$this->{$this->getRouteName()}();
+
+			$database->commit();
+		}
+		catch (ApplicationLogicException $ex) {
+			// it's an application logic exception, so nothing went seriously wrong with the site. We can use the
+			// standard templating system for this.
+
+			// Firstly, let's undo anything that happened to the database.
+			$database->rollBack();
+
+			// Reset smarty
+			$this->setUpSmarty();
+
+			// Set the template
+			$this->setTemplate('exception/application-logic.tpl');
+			$this->assign('message', $ex->getMessage());
+
+			// Force this back to false
+			$this->isRedirecting = false;
+			$this->headerQueue = array();
+		}
+		catch (OptimisticLockFailedException $ex) {
+			// it's an optimistic lock failure exception, so nothing went seriously wrong with the site. We can use the
+			// standard templating system for this.
+
+			// Firstly, let's undo anything that happened to the database.
+			$database->rollBack();
+
+			// Reset smarty
+			$this->setUpSmarty();
+
+			// Set the template
+			$this->setTemplate('exception/optimistic-lock-failure.tpl');
+			$this->assign('message', $ex->getMessage());
+
+			// Force this back to false
+			$this->isRedirecting = false;
+			$this->headerQueue = array();
+		}
+		finally {
+			// Catch any hanging on transactions
+			if ($database->hasActiveTransaction()) {
+				$database->rollBack();
+			}
+		}
+
+		// run any finalisation code needed before we send the output to the browser.
+		$this->finalisePage();
+
+		// Send the headers
+		$this->sendResponseHeaders();
+
+		// Check we have a template to use!
+		if ($this->template !== null) {
+			$content = $this->fetchTemplate($this->template);
+			ob_clean();
+			print($content);
+			ob_flush();
+
+			return;
+		}
+	}
+
+	/**
+	 * Performs final tasks needed before rendering the page.
+	 */
+	protected function finalisePage()
+	{
+		if ($this->isRedirecting) {
+			$this->template = null;
+
+			return;
+		}
+
+		$this->assign('extraCss', $this->extraCss);
+		$this->assign('extraJs', $this->extraJs);
+
+		// If we're actually displaying content, we want to add the session alerts here!
+		$this->assign('alerts', SessionAlert::getAlerts());
+		SessionAlert::clearAlerts();
+
+		$this->assign('htmlTitle', $this->htmlTitle);
+	}
+
+	/**
+	 * @return TokenManager
+	 */
+	public function getTokenManager()
+	{
+		return $this->tokenManager;
+	}
+
+	/**
+	 * @param TokenManager $tokenManager
+	 */
+	public function setTokenManager($tokenManager)
+	{
+		$this->tokenManager = $tokenManager;
+	}
+
+	/**
+	 * Sends the redirect headers to perform a GET at the destination page.
+	 *
+	 * Also nullifies the set template so Smarty does not render it.
+	 *
+	 * @param string      $page   The page to redirect requests to (as used in the UR)
+	 * @param null|string $action The action to use on the page.
+	 * @param null|array  $parameters
+	 * @param null|string $script The script (relative to index.php) to redirect to
+	 */
+	final protected function redirect($page = '', $action = null, $parameters = null, $script = null)
+	{
+		$currentScriptName = WebRequest::scriptName();
+
+		// Are we changing script?
+		if ($script === null || substr($currentScriptName, -1 * count($script)) === $script) {
+			$targetScriptName = $currentScriptName;
+		}
+		else {
+			$targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
+		}
+
+		$pathInfo = array($targetScriptName);
+
+		$pathInfo[1] = $page;
+
+		if ($action !== null) {
+			$pathInfo[2] = $action;
+		}
+
+		$url = implode('/', $pathInfo);
+
+		if (is_array($parameters) && count($parameters) > 0) {
+			$url .= '?' . http_build_query($parameters);
+		}
+
+		$this->redirectUrl($url);
+	}
+
+	/**
+	 * Sends the redirect headers to perform a GET at the new address.
+	 *
+	 * Also nullifies the set template so Smarty does not render it.
+	 *
+	 * @param string $path URL to redirect to
+	 */
+	final protected function redirectUrl($path)
+	{
+		// 303 See Other = re-request at new address with a GET.
+		$this->headerQueue[] = 'HTTP/1.1 303 See Other';
+		$this->headerQueue[] = "Location: $path";
+
+		$this->setTemplate(null);
+		$this->isRedirecting = true;
+	}
+
+	/**
+	 * Sets the name of the template this page should display.
+	 *
+	 * @param string $name
+	 *
+	 * @throws Exception
+	 */
+	final protected function setTemplate($name)
+	{
+		if ($this->isRedirecting) {
+			throw new Exception('This page has been set as a redirect, no template can be displayed!');
+		}
+
+		$this->template = $name;
+	}
+
+	/**
+	 * Adds an extra CSS file to to the page
+	 *
+	 * @param string $path The path (relative to the application root) of the file
+	 */
+	final protected function addCss($path) {
+		if(in_array($path, $this->extraCss)){
+			// nothing to do
+			return;
+		}
+
+		$this->extraCss[] = $path;
+	}
+
+	/**
+	 * Adds an extra JS file to to the page
+	 *
+	 * @param string $path The path (relative to the application root) of the file
+	 */
+	final protected function addJs($path){
+		if(in_array($path, $this->extraJs)){
+			// nothing to do
+			return;
+		}
+
+		$this->extraJs[] = $path;
+	}
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	abstract protected function main();
+
+	/**
+	 * @param string $title
+	 */
+	final protected function setHtmlTitle($title)
+	{
+		$this->htmlTitle = $title;
+	}
+
+	public function execute()
+	{
+		if ($this->getRouteName() === null) {
+			throw new Exception('Request is unrouted.');
+		}
+
+		if ($this->getSiteConfiguration() === null) {
+			throw new Exception('Page has no configuration!');
+		}
+
+		$this->setupPage();
+
+		$this->runPage();
+	}
+
+	public function assignCSRFToken()
+	{
+		$token = $this->tokenManager->getNewToken();
+		$this->assign('csrfTokenData', $token->getTokenData());
+	}
+
+	public function validateCSRFToken()
+	{
+		if (!$this->tokenManager->validateToken(WebRequest::postString('csrfTokenData'))) {
+			throw new ApplicationLogicException('Form token is not valid, please reload and try again');
+		}
+	}
+
+	protected function sendResponseHeaders()
+	{
+		if (headers_sent()) {
+			throw new ApplicationLogicException          ('Headers have already been sent! This is likely a bug in the application.');
+		}
+
+		foreach ($this->headerQueue as $item) {
+			if (mb_strpos($item, "\r") !== false || mb_strpos($item, "\n") !== false) {
+				// Oops. We're not allowed to do this.
+				throw new Exception('Unable to split header');
+			}
+
+			header($item);
+		}
+	}
 }

Please login to merge, or discard this patch.

includes/DataObjects/User.php 1 patch

Indentation +1128 added lines, -1128 removed lines patch added patch discarded remove patch

@@ -27,285 +27,285 @@  discard block
 block discarded – undo
  */
 class User extends DataObject
 {
-    const STATUS_USER = 'User';
-    const STATUS_ADMIN = 'Admin';
-    const STATUS_SUSPENDED = 'Suspended';
-    const STATUS_DECLINED = 'Declined';
-    const STATUS_NEW = 'New';
-    private $username;
-    private $email;
-    private $password;
-    private $status = self::STATUS_NEW;
-    private $onwikiname = "##OAUTH##";
-    private $welcome_sig = "";
-    private $lastactive = "0000-00-00 00:00:00";
-    private $forcelogout = 0;
-    private $checkuser = 0;
-    private $forceidentified = null;
-    private $welcome_template = 0;
-    private $abortpref = 0;
-    private $confirmationdiff = 0;
-    private $emailsig = "";
-    /** @var null|string */
-    private $oauthrequesttoken = null;
-    /** @var null|string */
-    private $oauthrequestsecret = null;
-    /** @var null|string */
-    private $oauthaccesstoken = null;
-    /** @var null|string */
-    private $oauthaccesssecret = null;
-    private $oauthidentitycache = null;
-    /** @var User Cache variable of the current user - it's never going to change in the middle of a request. */
-    private static $currentUser;
-    /** @var null|JWT The identity cache */
-    private $identityCache = null;
-    #region Object load methods
-
-    /**
-     * Gets the currently logged in user
-     *
-     * @param PdoDatabase $database
-     *
-     * @return User|CommunityUser
-     */
-    public static function getCurrent(PdoDatabase $database)
-    {
-        if (self::$currentUser === null) {
-            $sessionId = WebRequest::getSessionUserId();
-
-            if ($sessionId !== null) {
-                /** @var User $user */
-                $user = self::getById($sessionId, $database);
-
-                if ($user === false) {
-                    self::$currentUser = new CommunityUser();
-                }
-                else {
-                    self::$currentUser = $user;
-                }
-            }
-            else {
-                $anonymousCoward = new CommunityUser();
-
-                self::$currentUser = $anonymousCoward;
-            }
-        }
-
-        return self::$currentUser;
-    }
-
-    /**
-     * Gets a user by their user ID
-     *
-     * Pass -1 to get the community user.
-     *
-     * @param int|null    $id
-     * @param PdoDatabase $database
-     *
-     * @return User|false
-     */
-    public static function getById($id, PdoDatabase $database)
-    {
-        if ($id === null || $id == -1) {
-            return new CommunityUser();
-        }
-
-        /** @var User|false $user */
-        $user = parent::getById($id, $database);
-
-        return $user;
-    }
-
-    /**
-     * @return CommunityUser
-     */
-    public static function getCommunity()
-    {
-        return new CommunityUser();
-    }
-
-    /**
-     * Gets a user by their username
-     *
-     * @param  string      $username
-     * @param  PdoDatabase $database
-     *
-     * @return CommunityUser|User|false
-     */
-    public static function getByUsername($username, PdoDatabase $database)
-    {
-        global $communityUsername;
-        if ($username == $communityUsername) {
-            return new CommunityUser();
-        }
-
-        $statement = $database->prepare("SELECT * FROM user WHERE username = :id LIMIT 1;");
-        $statement->bindValue(":id", $username);
-
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    /**
-     * Gets a user by their on-wiki username.
-     *
-     * Don't use without asking me first. It's really inefficient in it's current implementation.
-     * We need to restructure the user table again to make this more efficient.
-     * We don't actually store the on-wiki name in the table any more, instead we
-     * are storing JSON in a column (!!). Yep, my fault. Code review is an awesome thing.
-     *            -- stw 2015-10-20
-     *
-     * @param string      $username
-     * @param PdoDatabase $database
-     *
-     * @return User|false
-     */
-    public static function getByOnWikiUsername($username, PdoDatabase $database)
-    {
-        // Firstly, try to search by the efficient database lookup.
-        $statement = $database->prepare("SELECT * FROM user WHERE onwikiname = :id LIMIT 1;");
-        $statement->bindValue(":id", $username);
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-
-            return $resultObject;
-        }
-
-        // For active users, the above has failed. Let's do it the hard way.
-        $sqlStatement = "SELECT * FROM user WHERE onwikiname = '##OAUTH##' AND oauthaccesstoken IS NOT NULL;";
-        $statement = $database->prepare($sqlStatement);
-        $statement->execute();
-        $resultSet = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
-
-        /** @var User $user */
-        foreach ($resultSet as $user) {
-            // We have to set this before doing OAuth queries. :(
-            $user->setDatabase($database);
-
-            // Using cached data here!
-            if ($user->getOAuthOnWikiName(true) == $username) {
-                // Success.
-                return $user;
-            }
-        }
-
-        // Cached data failed. Let's do it the *REALLY* hard way.
-        foreach ($resultSet as $user) {
-            // We have to set this before doing OAuth queries. :(
-            $user->setDatabase($database);
-
-            // Don't use the cached data, but instead query the API.
-            if ($user->getOAuthOnWikiName(false) == $username) {
-                // Success.
-                return $user;
-            }
-        }
-
-        // Nope. Sorry.
-        return false;
-    }
-
-    /**
-     * Gets a user by their OAuth request token
-     *
-     * @param string      $requestToken
-     * @param PdoDatabase $database
-     *
-     * @return User|false
-     */
-    public static function getByRequestToken($requestToken, PdoDatabase $database)
-    {
-        $statement = $database->prepare("SELECT * FROM user WHERE oauthrequesttoken = :id LIMIT 1;");
-        $statement->bindValue(":id", $requestToken);
-
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    /**
-     * Gets all users with a supplied status
-     *
-     * @param string      $status
-     * @param PdoDatabase $database
-     *
-     * @return User[]
-     */
-    public static function getAllWithStatus($status, PdoDatabase $database)
-    {
-        $statement = $database->prepare("SELECT * FROM user WHERE status = :status");
-        $statement->execute(array(":status" => $status));
-
-        $resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
-
-        /** @var User $u */
-        foreach ($resultObject as $u) {
-            $u->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    /**
-     * Gets all checkusers
-     *
-     * @param PdoDatabase $database
-     *
-     * @return User[]
-     */
-    public static function getAllCheckusers(PdoDatabase $database)
-    {
-        $statement = $database->prepare("SELECT * FROM user WHERE checkuser = 1;");
-        $statement->execute();
-
-        $resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
-
-        $resultsCollection = array();
-
-        /** @var User $u */
-        foreach ($resultObject as $u) {
-            $u->setDatabase($database);
-
-            if (!$u->isCheckuser()) {
-                continue;
-            }
-
-            $resultsCollection[] = $u;
-        }
-
-        return $resultsCollection;
-    }
-
-    /**
-     * Gets all inactive users
-     *
-     * @param PdoDatabase $database
-     *
-     * @return User[]
-     */
-    public static function getAllInactive(PdoDatabase $database)
-    {
-        $date = new DateTime();
-        $date->modify("-45 days");
-
-        $statement = $database->prepare(<<<SQL
+	const STATUS_USER = 'User';
+	const STATUS_ADMIN = 'Admin';
+	const STATUS_SUSPENDED = 'Suspended';
+	const STATUS_DECLINED = 'Declined';
+	const STATUS_NEW = 'New';
+	private $username;
+	private $email;
+	private $password;
+	private $status = self::STATUS_NEW;
+	private $onwikiname = "##OAUTH##";
+	private $welcome_sig = "";
+	private $lastactive = "0000-00-00 00:00:00";
+	private $forcelogout = 0;
+	private $checkuser = 0;
+	private $forceidentified = null;
+	private $welcome_template = 0;
+	private $abortpref = 0;
+	private $confirmationdiff = 0;
+	private $emailsig = "";
+	/** @var null|string */
+	private $oauthrequesttoken = null;
+	/** @var null|string */
+	private $oauthrequestsecret = null;
+	/** @var null|string */
+	private $oauthaccesstoken = null;
+	/** @var null|string */
+	private $oauthaccesssecret = null;
+	private $oauthidentitycache = null;
+	/** @var User Cache variable of the current user - it's never going to change in the middle of a request. */
+	private static $currentUser;
+	/** @var null|JWT The identity cache */
+	private $identityCache = null;
+	#region Object load methods
+
+	/**
+	 * Gets the currently logged in user
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|CommunityUser
+	 */
+	public static function getCurrent(PdoDatabase $database)
+	{
+		if (self::$currentUser === null) {
+			$sessionId = WebRequest::getSessionUserId();
+
+			if ($sessionId !== null) {
+				/** @var User $user */
+				$user = self::getById($sessionId, $database);
+
+				if ($user === false) {
+					self::$currentUser = new CommunityUser();
+				}
+				else {
+					self::$currentUser = $user;
+				}
+			}
+			else {
+				$anonymousCoward = new CommunityUser();
+
+				self::$currentUser = $anonymousCoward;
+			}
+		}
+
+		return self::$currentUser;
+	}
+
+	/**
+	 * Gets a user by their user ID
+	 *
+	 * Pass -1 to get the community user.
+	 *
+	 * @param int|null    $id
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|false
+	 */
+	public static function getById($id, PdoDatabase $database)
+	{
+		if ($id === null || $id == -1) {
+			return new CommunityUser();
+		}
+
+		/** @var User|false $user */
+		$user = parent::getById($id, $database);
+
+		return $user;
+	}
+
+	/**
+	 * @return CommunityUser
+	 */
+	public static function getCommunity()
+	{
+		return new CommunityUser();
+	}
+
+	/**
+	 * Gets a user by their username
+	 *
+	 * @param  string      $username
+	 * @param  PdoDatabase $database
+	 *
+	 * @return CommunityUser|User|false
+	 */
+	public static function getByUsername($username, PdoDatabase $database)
+	{
+		global $communityUsername;
+		if ($username == $communityUsername) {
+			return new CommunityUser();
+		}
+
+		$statement = $database->prepare("SELECT * FROM user WHERE username = :id LIMIT 1;");
+		$statement->bindValue(":id", $username);
+
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	/**
+	 * Gets a user by their on-wiki username.
+	 *
+	 * Don't use without asking me first. It's really inefficient in it's current implementation.
+	 * We need to restructure the user table again to make this more efficient.
+	 * We don't actually store the on-wiki name in the table any more, instead we
+	 * are storing JSON in a column (!!). Yep, my fault. Code review is an awesome thing.
+	 *            -- stw 2015-10-20
+	 *
+	 * @param string      $username
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|false
+	 */
+	public static function getByOnWikiUsername($username, PdoDatabase $database)
+	{
+		// Firstly, try to search by the efficient database lookup.
+		$statement = $database->prepare("SELECT * FROM user WHERE onwikiname = :id LIMIT 1;");
+		$statement->bindValue(":id", $username);
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+
+			return $resultObject;
+		}
+
+		// For active users, the above has failed. Let's do it the hard way.
+		$sqlStatement = "SELECT * FROM user WHERE onwikiname = '##OAUTH##' AND oauthaccesstoken IS NOT NULL;";
+		$statement = $database->prepare($sqlStatement);
+		$statement->execute();
+		$resultSet = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
+
+		/** @var User $user */
+		foreach ($resultSet as $user) {
+			// We have to set this before doing OAuth queries. :(
+			$user->setDatabase($database);
+
+			// Using cached data here!
+			if ($user->getOAuthOnWikiName(true) == $username) {
+				// Success.
+				return $user;
+			}
+		}
+
+		// Cached data failed. Let's do it the *REALLY* hard way.
+		foreach ($resultSet as $user) {
+			// We have to set this before doing OAuth queries. :(
+			$user->setDatabase($database);
+
+			// Don't use the cached data, but instead query the API.
+			if ($user->getOAuthOnWikiName(false) == $username) {
+				// Success.
+				return $user;
+			}
+		}
+
+		// Nope. Sorry.
+		return false;
+	}
+
+	/**
+	 * Gets a user by their OAuth request token
+	 *
+	 * @param string      $requestToken
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|false
+	 */
+	public static function getByRequestToken($requestToken, PdoDatabase $database)
+	{
+		$statement = $database->prepare("SELECT * FROM user WHERE oauthrequesttoken = :id LIMIT 1;");
+		$statement->bindValue(":id", $requestToken);
+
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	/**
+	 * Gets all users with a supplied status
+	 *
+	 * @param string      $status
+	 * @param PdoDatabase $database
+	 *
+	 * @return User[]
+	 */
+	public static function getAllWithStatus($status, PdoDatabase $database)
+	{
+		$statement = $database->prepare("SELECT * FROM user WHERE status = :status");
+		$statement->execute(array(":status" => $status));
+
+		$resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
+
+		/** @var User $u */
+		foreach ($resultObject as $u) {
+			$u->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	/**
+	 * Gets all checkusers
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return User[]
+	 */
+	public static function getAllCheckusers(PdoDatabase $database)
+	{
+		$statement = $database->prepare("SELECT * FROM user WHERE checkuser = 1;");
+		$statement->execute();
+
+		$resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
+
+		$resultsCollection = array();
+
+		/** @var User $u */
+		foreach ($resultObject as $u) {
+			$u->setDatabase($database);
+
+			if (!$u->isCheckuser()) {
+				continue;
+			}
+
+			$resultsCollection[] = $u;
+		}
+
+		return $resultsCollection;
+	}
+
+	/**
+	 * Gets all inactive users
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return User[]
+	 */
+	public static function getAllInactive(PdoDatabase $database)
+	{
+		$date = new DateTime();
+		$date->modify("-45 days");
+
+		$statement = $database->prepare(<<<SQL
 			SELECT * 
 			FROM user 
 			WHERE lastactive < :lastactivelimit 
@@ -314,104 +314,104 @@  discard block
 block discarded – undo
 				AND status != 'New' 
 			ORDER BY lastactive ASC;
 SQL
-        );
-        $statement->execute(array(":lastactivelimit" => $date->format("Y-m-d H:i:s")));
-
-        $resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
-
-        /** @var User $u */
-        foreach ($resultObject as $u) {
-            $u->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    /**
-     * Gets all the usernames in the system
-     *
-     * @param PdoDatabase      $database
-     * @param null|bool|string $filter If null, no filter. If true, active users only, otherwise provided status.
-     *
-     * @return string[]
-     */
-    public static function getAllUsernames(PdoDatabase $database, $filter = null)
-    {
-        if ($filter === null) {
-            $userListQuery = "SELECT username FROM user;";
-            $userListResult = $database->query($userListQuery);
-        }
-        elseif ($filter === true) {
-            $userListQuery = "SELECT username FROM user WHERE status IN ('User', 'Admin');";
-            $userListResult = $database->query($userListQuery);
-        }
-        else {
-            $userListQuery = "SELECT username FROM user WHERE status = :status;";
-            $userListResult = $database->prepare($userListQuery);
-            $userListResult->execute(array(":status" => $filter));
-        }
-
-        return $userListResult->fetchAll(PDO::FETCH_COLUMN);
-    }
-
-    /**
-     * @param array       $userIds
-     * @param PdoDatabase $database
-     *
-     * @return array
-     * @throws Exception
-     */
-    public static function getUsernames($userIds, PdoDatabase $database)
-    {
-        if (!is_array($userIds)) {
-            throw new Exception('getUsernames() expects array');
-        }
-
-        if (count($userIds) === 0) {
-            // empty set of data
-            return array();
-        }
-
-        // Urgh. OK. You can't use IN() with parameters directly, so let's munge something together.
-        $userCount = count($userIds);
-
-        // Firstly, let's create a string of question marks, which will do as positional parameters.
-        $inSection = str_repeat('?,', $userCount - 1) . '?';
-
-        // Now, let's put that into the query. Direct string building here is OK, we're not dealing with user input,
-        // only the *count* of user input, which is safe.
-        $query = "SELECT id, username FROM user WHERE id IN ({$inSection})";
-
-        // Prepare the query
-        $statement = $database->prepare($query);
-
-        // Bind the parameters and execute - in one go - since we already have a handy array kicking around.
-        $statement->execute($userIds);
-
-        $resultSet = $statement->fetchAll(PDO::FETCH_ASSOC);
-
-        $users = array();
-        foreach ($resultSet as $row) {
-            $users[$row['id']] = $row['username'];
-        }
-
-        $statement->closeCursor();
-
-        return $users;
-    }
-
-    #endregion
-
-    /**
-     * Saves the current object
-     *
-     * @throws Exception
-     */
-    public function save()
-    {
-        if ($this->isNew()) {
-            // insert
-            $statement = $this->dbObject->prepare(<<<SQL
+		);
+		$statement->execute(array(":lastactivelimit" => $date->format("Y-m-d H:i:s")));
+
+		$resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
+
+		/** @var User $u */
+		foreach ($resultObject as $u) {
+			$u->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	/**
+	 * Gets all the usernames in the system
+	 *
+	 * @param PdoDatabase      $database
+	 * @param null|bool|string $filter If null, no filter. If true, active users only, otherwise provided status.
+	 *
+	 * @return string[]
+	 */
+	public static function getAllUsernames(PdoDatabase $database, $filter = null)
+	{
+		if ($filter === null) {
+			$userListQuery = "SELECT username FROM user;";
+			$userListResult = $database->query($userListQuery);
+		}
+		elseif ($filter === true) {
+			$userListQuery = "SELECT username FROM user WHERE status IN ('User', 'Admin');";
+			$userListResult = $database->query($userListQuery);
+		}
+		else {
+			$userListQuery = "SELECT username FROM user WHERE status = :status;";
+			$userListResult = $database->prepare($userListQuery);
+			$userListResult->execute(array(":status" => $filter));
+		}
+
+		return $userListResult->fetchAll(PDO::FETCH_COLUMN);
+	}
+
+	/**
+	 * @param array       $userIds
+	 * @param PdoDatabase $database
+	 *
+	 * @return array
+	 * @throws Exception
+	 */
+	public static function getUsernames($userIds, PdoDatabase $database)
+	{
+		if (!is_array($userIds)) {
+			throw new Exception('getUsernames() expects array');
+		}
+
+		if (count($userIds) === 0) {
+			// empty set of data
+			return array();
+		}
+
+		// Urgh. OK. You can't use IN() with parameters directly, so let's munge something together.
+		$userCount = count($userIds);
+
+		// Firstly, let's create a string of question marks, which will do as positional parameters.
+		$inSection = str_repeat('?,', $userCount - 1) . '?';
+
+		// Now, let's put that into the query. Direct string building here is OK, we're not dealing with user input,
+		// only the *count* of user input, which is safe.
+		$query = "SELECT id, username FROM user WHERE id IN ({$inSection})";
+
+		// Prepare the query
+		$statement = $database->prepare($query);
+
+		// Bind the parameters and execute - in one go - since we already have a handy array kicking around.
+		$statement->execute($userIds);
+
+		$resultSet = $statement->fetchAll(PDO::FETCH_ASSOC);
+
+		$users = array();
+		foreach ($resultSet as $row) {
+			$users[$row['id']] = $row['username'];
+		}
+
+		$statement->closeCursor();
+
+		return $users;
+	}
+
+	#endregion
+
+	/**
+	 * Saves the current object
+	 *
+	 * @throws Exception
+	 */
+	public function save()
+	{
+		if ($this->isNew()) {
+			// insert
+			$statement = $this->dbObject->prepare(<<<SQL
 				INSERT INTO `user` ( 
 					username, email, password, status, onwikiname, welcome_sig, 
 					lastactive, forcelogout, checkuser, forceidentified,
@@ -425,36 +425,36 @@  discard block
 block discarded – undo
 					:ort, :ors, :oat, :oas
 				);
 SQL
-            );
-            $statement->bindValue(":username", $this->username);
-            $statement->bindValue(":email", $this->email);
-            $statement->bindValue(":password", $this->password);
-            $statement->bindValue(":status", $this->status);
-            $statement->bindValue(":onwikiname", $this->onwikiname);
-            $statement->bindValue(":welcome_sig", $this->welcome_sig);
-            $statement->bindValue(":lastactive", $this->lastactive);
-            $statement->bindValue(":forcelogout", $this->forcelogout);
-            $statement->bindValue(":checkuser", $this->checkuser);
-            $statement->bindValue(":forceidentified", $this->forceidentified);
-            $statement->bindValue(":welcome_template", $this->welcome_template);
-            $statement->bindValue(":abortpref", $this->abortpref);
-            $statement->bindValue(":confirmationdiff", $this->confirmationdiff);
-            $statement->bindValue(":emailsig", $this->emailsig);
-            $statement->bindValue(":ort", $this->oauthrequesttoken);
-            $statement->bindValue(":ors", $this->oauthrequestsecret);
-            $statement->bindValue(":oat", $this->oauthaccesstoken);
-            $statement->bindValue(":oas", $this->oauthaccesssecret);
-
-            if ($statement->execute()) {
-                $this->id = (int)$this->dbObject->lastInsertId();
-            }
-            else {
-                throw new Exception($statement->errorInfo());
-            }
-        }
-        else {
-            // update
-            $statement = $this->dbObject->prepare(<<<SQL
+			);
+			$statement->bindValue(":username", $this->username);
+			$statement->bindValue(":email", $this->email);
+			$statement->bindValue(":password", $this->password);
+			$statement->bindValue(":status", $this->status);
+			$statement->bindValue(":onwikiname", $this->onwikiname);
+			$statement->bindValue(":welcome_sig", $this->welcome_sig);
+			$statement->bindValue(":lastactive", $this->lastactive);
+			$statement->bindValue(":forcelogout", $this->forcelogout);
+			$statement->bindValue(":checkuser", $this->checkuser);
+			$statement->bindValue(":forceidentified", $this->forceidentified);
+			$statement->bindValue(":welcome_template", $this->welcome_template);
+			$statement->bindValue(":abortpref", $this->abortpref);
+			$statement->bindValue(":confirmationdiff", $this->confirmationdiff);
+			$statement->bindValue(":emailsig", $this->emailsig);
+			$statement->bindValue(":ort", $this->oauthrequesttoken);
+			$statement->bindValue(":ors", $this->oauthrequestsecret);
+			$statement->bindValue(":oat", $this->oauthaccesstoken);
+			$statement->bindValue(":oas", $this->oauthaccesssecret);
+
+			if ($statement->execute()) {
+				$this->id = (int)$this->dbObject->lastInsertId();
+			}
+			else {
+				throw new Exception($statement->errorInfo());
+			}
+		}
+		else {
+			// update
+			$statement = $this->dbObject->prepare(<<<SQL
 				UPDATE `user` SET 
 					username = :username, email = :email, 
 					password = :password, status = :status,
@@ -469,721 +469,721 @@  discard block
 block discarded – undo
 				WHERE id = :id AND updateversion = :updateversion
 				LIMIT 1;
 SQL
-            );
-            $statement->bindValue(":forceidentified", $this->forceidentified);
-
-            $statement->bindValue(':id', $this->id);
-            $statement->bindValue(':updateversion', $this->updateversion);
-
-            $statement->bindValue(':username', $this->username);
-            $statement->bindValue(':email', $this->email);
-            $statement->bindValue(':password', $this->password);
-            $statement->bindValue(':status', $this->status);
-            $statement->bindValue(':onwikiname', $this->onwikiname);
-            $statement->bindValue(':welcome_sig', $this->welcome_sig);
-            $statement->bindValue(':lastactive', $this->lastactive);
-            $statement->bindValue(':forcelogout', $this->forcelogout);
-            $statement->bindValue(':checkuser', $this->checkuser);
-            $statement->bindValue(':forceidentified', $this->forceidentified);
-            $statement->bindValue(':welcome_template', $this->welcome_template);
-            $statement->bindValue(':abortpref', $this->abortpref);
-            $statement->bindValue(':confirmationdiff', $this->confirmationdiff);
-            $statement->bindValue(':emailsig', $this->emailsig);
-            $statement->bindValue(':ort', $this->oauthrequesttoken);
-            $statement->bindValue(':ors', $this->oauthrequestsecret);
-            $statement->bindValue(':oat', $this->oauthaccesstoken);
-            $statement->bindValue(':oas', $this->oauthaccesssecret);
-
-            if (!$statement->execute()) {
-                throw new Exception($statement->errorInfo());
-            }
-
-            if ($statement->rowCount() !== 1) {
-                throw new OptimisticLockFailedException();
-            }
-
-            $this->updateversion++;
-        }
-    }
-
-    /**
-     * Authenticates the user with the supplied password
-     *
-     * @param string $password
-     *
-     * @return bool
-     * @throws Exception
-     * @category Security-Critical
-     */
-    public function authenticate($password)
-    {
-        $result = AuthUtility::testCredentials($password, $this->password);
-
-        if ($result === true) {
-            // password version is out of date, update it.
-            if (!AuthUtility::isCredentialVersionLatest($this->password)) {
-                $this->password = AuthUtility::encryptPassword($password);
-                $this->save();
-            }
-        }
-
-        return $result;
-    }
-
-    #region properties
-
-    /**
-     * Gets the tool username
-     * @return string
-     */
-    public function getUsername()
-    {
-        return $this->username;
-    }
-
-    /**
-     * Sets the tool username
-     *
-     * @param string $username
-     */
-    public function setUsername($username)
-    {
-        $this->username = $username;
-
-        // If this isn't a brand new user, then it's a rename, force the logout
-        if (!$this->isNew()) {
-            $this->forcelogout = 1;
-        }
-    }
-
-    /**
-     * Gets the user's email address
-     * @return string
-     */
-    public function getEmail()
-    {
-        return $this->email;
-    }
-
-    /**
-     * Sets the user's email address
-     *
-     * @param string $email
-     */
-    public function setEmail($email)
-    {
-        $this->email = $email;
-    }
-
-    /**
-     * Sets the user's password
-     *
-     * @param string $password the plaintext password
-     *
-     * @category Security-Critical
-     */
-    public function setPassword($password)
-    {
-        $this->password = AuthUtility::encryptPassword($password);
-    }
-
-    /**
-     * Gets the status (User, Admin, Suspended, etc - excludes checkuser) of the user.
-     * @return string
-     */
-    public function getStatus()
-    {
-        return $this->status;
-    }
-
-    /**
-     * @param string $status
-     */
-    public function setStatus($status)
-    {
-        $this->status = $status;
-    }
-
-    /**
-     * Gets the user's on-wiki name
-     * @return string
-     */
-    public function getOnWikiName()
-    {
-        if ($this->oauthaccesstoken !== null) {
-            try {
-                return $this->getOAuthOnWikiName();
-            }
-            catch (Exception $ex) {
-                // urm.. log this?
-                return $this->onwikiname;
-            }
-        }
-
-        return $this->onwikiname;
-    }
-
-    /**
-     * This is probably NOT the function you want!
-     *
-     * Take a look at getOnWikiName() instead.
-     * @return string
-     */
-    public function getStoredOnWikiName()
-    {
-        return $this->onwikiname;
-    }
-
-    /**
-     * Sets the user's on-wiki name
-     *
-     * This can have interesting side-effects with OAuth.
-     *
-     * @param string $onWikiName
-     */
-    public function setOnWikiName($onWikiName)
-    {
-        $this->onwikiname = $onWikiName;
-    }
-
-    /**
-     * Gets the welcome signature
-     * @return string
-     */
-    public function getWelcomeSig()
-    {
-        return $this->welcome_sig;
-    }
-
-    /**
-     * Sets the welcome signature
-     *
-     * @param string $welcomeSig
-     */
-    public function setWelcomeSig($welcomeSig)
-    {
-        $this->welcome_sig = $welcomeSig;
-    }
-
-    /**
-     * Gets the last activity date for the user
-     *
-     * @return string
-     * @todo This should probably return an instance of DateTime
-     */
-    public function getLastActive()
-    {
-        return $this->lastactive;
-    }
-
-    /**
-     * Gets the user's forced logout status
-     *
-     * @return bool
-     */
-    public function getForceLogout()
-    {
-        return $this->forcelogout == 1;
-    }
-
-    /**
-     * Sets the user's forced logout status
-     *
-     * @param bool $forceLogout
-     */
-    public function setForceLogout($forceLogout)
-    {
-        $this->forcelogout = $forceLogout ? 1 : 0;
-    }
-
-    /**
-     * Returns the ID of the welcome template used.
-     * @return int
-     */
-    public function getWelcomeTemplate()
-    {
-        return $this->welcome_template;
-    }
-
-    /**
-     * Sets the ID of the welcome template used.
-     *
-     * @param int $welcomeTemplate
-     */
-    public function setWelcomeTemplate($welcomeTemplate)
-    {
-        $this->welcome_template = $welcomeTemplate;
-    }
-
-    /**
-     * Gets the user's abort preference
-     * @todo this is badly named too! Also a bool that's actually an int.
-     * @return int
-     */
-    public function getAbortPref()
-    {
-        return $this->abortpref;
-    }
-
-    /**
-     * Sets the user's abort preference
-     * @todo rename, retype, and re-comment.
-     *
-     * @param int $abortPreference
-     */
-    public function setAbortPref($abortPreference)
-    {
-        $this->abortpref = $abortPreference;
-    }
-
-    /**
-     * Gets the user's confirmation diff. Unused if OAuth is in use.
-     * @return int the diff ID
-     */
-    public function getConfirmationDiff()
-    {
-        return $this->confirmationdiff;
-    }
-
-    /**
-     * Sets the user's confirmation diff.
-     *
-     * @param int $confirmationDiff
-     */
-    public function setConfirmationDiff($confirmationDiff)
-    {
-        $this->confirmationdiff = $confirmationDiff;
-    }
-
-    /**
-     * Gets the users' email signature used on outbound mail.
-     * @todo rename me!
-     * @return string
-     */
-    public function getEmailSig()
-    {
-        return $this->emailsig;
-    }
-
-    /**
-     * Sets the user's email signature for outbound mail.
-     *
-     * @param string $emailSignature
-     */
-    public function setEmailSig($emailSignature)
-    {
-        $this->emailsig = $emailSignature;
-    }
-
-    /**
-     * Gets the user's OAuth request token.
-     *
-     * @todo move me to a collaborator.
-     * @return null|string
-     */
-    public function getOAuthRequestToken()
-    {
-        return $this->oauthrequesttoken;
-    }
-
-    /**
-     * Sets the user's OAuth request token
-     * @todo move me to a collaborator
-     *
-     * @param string $oAuthRequestToken
-     */
-    public function setOAuthRequestToken($oAuthRequestToken)
-    {
-        $this->oauthrequesttoken = $oAuthRequestToken;
-    }
-
-    /**
-     * Gets the users OAuth request secret
-     * @category Security-Critical
-     * @todo     move me to a collaborator
-     * @return null|string
-     */
-    public function getOAuthRequestSecret()
-    {
-        return $this->oauthrequestsecret;
-    }
-
-    /**
-     * Sets the user's OAuth request secret
-     * @todo move me to a collaborator
-     *
-     * @param string $oAuthRequestSecret
-     */
-    public function setOAuthRequestSecret($oAuthRequestSecret)
-    {
-        $this->oauthrequestsecret = $oAuthRequestSecret;
-    }
-
-    /**
-     * Gets the user's access token
-     * @category Security-Critical
-     * @todo     move me to a collaborator
-     * @return null|string
-     */
-    public function getOAuthAccessToken()
-    {
-        return $this->oauthaccesstoken;
-    }
-
-    /**
-     * Sets the user's access token
-     * @todo move me to a collaborator
-     *
-     * @param string $oAuthAccessToken
-     */
-    public function setOAuthAccessToken($oAuthAccessToken)
-    {
-        $this->oauthaccesstoken = $oAuthAccessToken;
-    }
-
-    /**
-     * Gets the user's OAuth access secret
-     * @category Security-Critical
-     * @todo     move me to a collaborator
-     * @return null|string
-     */
-    public function getOAuthAccessSecret()
-    {
-        return $this->oauthaccesssecret;
-    }
-
-    /**
-     * Sets the user's OAuth access secret
-     * @todo move me to a collaborator
-     *
-     * @param string $oAuthAccessSecret
-     */
-    public function setOAuthAccessSecret($oAuthAccessSecret)
-    {
-        $this->oauthaccesssecret = $oAuthAccessSecret;
-    }
-
-    #endregion
-
-    #region user access checks
-
-    /**
-     * Tests if the user is an admin
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isAdmin()
-    {
-        return $this->status == self::STATUS_ADMIN;
-    }
-
-    /**
-     * Tests if the user is a checkuser
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isCheckuser()
-    {
-        return $this->checkuser == 1 || $this->oauthCanCheckUser();
-    }
-
-    /**
-     * Tests if the user is identified
-     *
-     * @param IdentificationVerifier $iv
-     *
-     * @return bool
-     * @todo     Figure out what on earth is going on with PDO's typecasting here.  Apparently, it returns string("0") for
-     *       the force-unidentified case, and int(1) for the identified case?!  This is quite ugly, but probably needed
-     *       to play it safe for now.
-     * @category Security-Critical
-     */
-    public function isIdentified(IdentificationVerifier $iv)
-    {
-        if ($this->forceidentified === 0 || $this->forceidentified === "0") {
-            // User forced to unidentified in the database.
-            return false;
-        }
-        elseif ($this->forceidentified === 1 || $this->forceidentified === "1") {
-            // User forced to identified in the database.
-            return true;
-        }
-        else {
-            // User not forced to any particular identified status; consult IdentificationVerifier
-            return $iv->isUserIdentified($this->getOnWikiName());
-        }
-    }
-
-    /**
-     * Tests if the user is suspended
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isSuspended()
-    {
-        return $this->status == self::STATUS_SUSPENDED;
-    }
-
-    /**
-     * Tests if the user is new
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isNewUser()
-    {
-        return $this->status == self::STATUS_NEW;
-    }
-
-    /**
-     * Tests if the user is a standard-level user
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isUser()
-    {
-        return $this->status == self::STATUS_USER;
-    }
-
-    /**
-     * Tests if the user has been declined access to the tool
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isDeclined()
-    {
-        return $this->status == self::STATUS_DECLINED;
-    }
-
-    /**
-     * Tests if the user is the community user
-     *
-     * @todo     decide if this means logged out. I think it usually does.
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isCommunityUser()
-    {
-        return false;
-    }
-
-    #endregion 
-
-    #region OAuth
-
-    /**
-     * @todo     move me to a collaborator
-     *
-     * @param bool $useCached
-     *
-     * @return mixed|null
-     * @category Security-Critical
-     */
-    public function getOAuthIdentity($useCached = false)
-    {
-        if ($this->oauthaccesstoken === null) {
-            $this->clearOAuthData();
-        }
-
-        global $oauthConsumerToken, $oauthMediaWikiCanonicalServer;
-
-        if ($this->oauthidentitycache == null) {
-            $this->identityCache = null;
-        }
-        else {
-            $this->identityCache = unserialize($this->oauthidentitycache);
-        }
-
-        // check the cache
-        if (
-            $this->identityCache != null &&
-            $this->identityCache->aud == $oauthConsumerToken &&
-            $this->identityCache->iss == $oauthMediaWikiCanonicalServer
-        ) {
-            if (
-                $useCached || (
-                    DateTime::createFromFormat("U", $this->identityCache->iat) < new DateTime() &&
-                    DateTime::createFromFormat("U", $this->identityCache->exp) > new DateTime()
-                )
-            ) {
-                // Use cached value - it's either valid or we don't care.
-                return $this->identityCache;
-            }
-            else {
-                // Cache expired and not forcing use of cached value
-                $this->getIdentityCache();
-
-                return $this->identityCache;
-            }
-        }
-        else {
-            // Cache isn't ours or doesn't exist
-            $this->getIdentityCache();
-
-            return $this->identityCache;
-        }
-    }
-
-    /**
-     * @todo     move me to a collaborator
-     *
-     * @param mixed $useCached Set to false for everything where up-to-date data is important.
-     *
-     * @return mixed
-     * @category Security-Critical
-     */
-    private function getOAuthOnWikiName($useCached = false)
-    {
-        $identity = $this->getOAuthIdentity($useCached);
-        if ($identity !== null) {
-            return $identity->username;
-        }
-
-        return false;
-    }
-
-    /**
-     * @return bool
-     * @todo move me to a collaborator
-     */
-    public function isOAuthLinked()
-    {
-        if ($this->onwikiname === "##OAUTH##") {
-            return true; // special value. If an account must be oauth linked, this is true.
-        }
-
-        return $this->oauthaccesstoken !== null;
-    }
-
-    /**
-     * @return null
-     * @todo move me to a collaborator
-     */
-    public function clearOAuthData()
-    {
-        $this->identityCache = null;
-        $this->oauthidentitycache = null;
-        $clearCacheQuery = "UPDATE user SET oauthidentitycache = NULL WHERE id = :id;";
-        $this->dbObject->prepare($clearCacheQuery)->execute(array(":id" => $this->id));
-
-        return null;
-    }
-
-    /**
-     * @throws Exception
-     * @todo     move me to a collaborator
-     * @category Security-Critical
-     */
-    private function getIdentityCache()
-    {
-        /** @var IOAuthHelper $oauthHelper */
-        global $oauthHelper;
-
-        try {
-            $this->identityCache = $oauthHelper->getIdentityTicket($this->oauthaccesstoken, $this->oauthaccesssecret);
-
-            $this->oauthidentitycache = serialize($this->identityCache);
-            $this->dbObject->prepare("UPDATE user SET oauthidentitycache = :identity WHERE id = :id;")
-                ->execute(array(":id" => $this->id, ":identity" => $this->oauthidentitycache));
-        }
-        catch (UnexpectedValueException $ex) {
-            $this->identityCache = null;
-            $this->oauthidentitycache = null;
-            $this->dbObject->prepare("UPDATE user SET oauthidentitycache = NULL WHERE id = :id;")
-                ->execute(array(":id" => $this->id));
-
-            SessionAlert::warning("OAuth error getting identity from MediaWiki: " . $ex->getMessage());
-        }
-    }
-
-    /**
-     * @return bool
-     * @todo move me to a collaborator
-     */
-    public function oauthCanUse()
-    {
-        try {
-            return in_array('useoauth', $this->getOAuthIdentity()->grants);
-        }
-        catch (Exception $ex) {
-            return false;
-        }
-    }
-
-    /**
-     * @return bool
-     * @todo move me to a collaborator
-     */
-    public function oauthCanEdit()
-    {
-        try {
-            return in_array('useoauth', $this->getOAuthIdentity()->grants)
-            && in_array('createeditmovepage', $this->getOAuthIdentity()->grants)
-            && in_array('createtalk', $this->getOAuthIdentity()->rights)
-            && in_array('edit', $this->getOAuthIdentity()->rights)
-            && in_array('writeapi', $this->getOAuthIdentity()->rights);
-        }
-        catch (Exception $ex) {
-            return false;
-        }
-    }
-
-    /**
-     * @return bool
-     * @todo move me to a collaborator
-     */
-    public function oauthCanCreateAccount()
-    {
-        try {
-            return in_array('useoauth', $this->getOAuthIdentity()->grants)
-            && in_array('createaccount', $this->getOAuthIdentity()->grants)
-            && in_array('createaccount', $this->getOAuthIdentity()->rights)
-            && in_array('writeapi', $this->getOAuthIdentity()->rights);
-        }
-        catch (Exception $ex) {
-            return false;
-        }
-    }
-
-    /**
-     * @return bool
-     * @todo     move me to a collaborator
-     * @category Security-Critical
-     */
-    protected function oauthCanCheckUser()
-    {
-        if (!$this->isOAuthLinked()) {
-            return false;
-        }
-
-        try {
-            $identity = $this->getOAuthIdentity();
-
-            return in_array('checkuser', $identity->rights);
-        }
-        catch (Exception $ex) {
-            return false;
-        }
-    }
-
-    #endregion
-
-    /**
-     * Gets a hash of data for the user to reset their password with.
-     * @category Security-Critical
-     * @return string
-     */
-    public function getForgottenPasswordHash()
-    {
-        return md5($this->username . $this->email . $this->welcome_template . $this->id . $this->password);
-    }
-
-    /**
-     * Gets the approval date of the user
-     * @return DateTime|false
-     */
-    public function getApprovalDate()
-    {
-        $query = $this->dbObject->prepare(<<<SQL
+			);
+			$statement->bindValue(":forceidentified", $this->forceidentified);
+
+			$statement->bindValue(':id', $this->id);
+			$statement->bindValue(':updateversion', $this->updateversion);
+
+			$statement->bindValue(':username', $this->username);
+			$statement->bindValue(':email', $this->email);
+			$statement->bindValue(':password', $this->password);
+			$statement->bindValue(':status', $this->status);
+			$statement->bindValue(':onwikiname', $this->onwikiname);
+			$statement->bindValue(':welcome_sig', $this->welcome_sig);
+			$statement->bindValue(':lastactive', $this->lastactive);
+			$statement->bindValue(':forcelogout', $this->forcelogout);
+			$statement->bindValue(':checkuser', $this->checkuser);
+			$statement->bindValue(':forceidentified', $this->forceidentified);
+			$statement->bindValue(':welcome_template', $this->welcome_template);
+			$statement->bindValue(':abortpref', $this->abortpref);
+			$statement->bindValue(':confirmationdiff', $this->confirmationdiff);
+			$statement->bindValue(':emailsig', $this->emailsig);
+			$statement->bindValue(':ort', $this->oauthrequesttoken);
+			$statement->bindValue(':ors', $this->oauthrequestsecret);
+			$statement->bindValue(':oat', $this->oauthaccesstoken);
+			$statement->bindValue(':oas', $this->oauthaccesssecret);
+
+			if (!$statement->execute()) {
+				throw new Exception($statement->errorInfo());
+			}
+
+			if ($statement->rowCount() !== 1) {
+				throw new OptimisticLockFailedException();
+			}
+
+			$this->updateversion++;
+		}
+	}
+
+	/**
+	 * Authenticates the user with the supplied password
+	 *
+	 * @param string $password
+	 *
+	 * @return bool
+	 * @throws Exception
+	 * @category Security-Critical
+	 */
+	public function authenticate($password)
+	{
+		$result = AuthUtility::testCredentials($password, $this->password);
+
+		if ($result === true) {
+			// password version is out of date, update it.
+			if (!AuthUtility::isCredentialVersionLatest($this->password)) {
+				$this->password = AuthUtility::encryptPassword($password);
+				$this->save();
+			}
+		}
+
+		return $result;
+	}
+
+	#region properties
+
+	/**
+	 * Gets the tool username
+	 * @return string
+	 */
+	public function getUsername()
+	{
+		return $this->username;
+	}
+
+	/**
+	 * Sets the tool username
+	 *
+	 * @param string $username
+	 */
+	public function setUsername($username)
+	{
+		$this->username = $username;
+
+		// If this isn't a brand new user, then it's a rename, force the logout
+		if (!$this->isNew()) {
+			$this->forcelogout = 1;
+		}
+	}
+
+	/**
+	 * Gets the user's email address
+	 * @return string
+	 */
+	public function getEmail()
+	{
+		return $this->email;
+	}
+
+	/**
+	 * Sets the user's email address
+	 *
+	 * @param string $email
+	 */
+	public function setEmail($email)
+	{
+		$this->email = $email;
+	}
+
+	/**
+	 * Sets the user's password
+	 *
+	 * @param string $password the plaintext password
+	 *
+	 * @category Security-Critical
+	 */
+	public function setPassword($password)
+	{
+		$this->password = AuthUtility::encryptPassword($password);
+	}
+
+	/**
+	 * Gets the status (User, Admin, Suspended, etc - excludes checkuser) of the user.
+	 * @return string
+	 */
+	public function getStatus()
+	{
+		return $this->status;
+	}
+
+	/**
+	 * @param string $status
+	 */
+	public function setStatus($status)
+	{
+		$this->status = $status;
+	}
+
+	/**
+	 * Gets the user's on-wiki name
+	 * @return string
+	 */
+	public function getOnWikiName()
+	{
+		if ($this->oauthaccesstoken !== null) {
+			try {
+				return $this->getOAuthOnWikiName();
+			}
+			catch (Exception $ex) {
+				// urm.. log this?
+				return $this->onwikiname;
+			}
+		}
+
+		return $this->onwikiname;
+	}
+
+	/**
+	 * This is probably NOT the function you want!
+	 *
+	 * Take a look at getOnWikiName() instead.
+	 * @return string
+	 */
+	public function getStoredOnWikiName()
+	{
+		return $this->onwikiname;
+	}
+
+	/**
+	 * Sets the user's on-wiki name
+	 *
+	 * This can have interesting side-effects with OAuth.
+	 *
+	 * @param string $onWikiName
+	 */
+	public function setOnWikiName($onWikiName)
+	{
+		$this->onwikiname = $onWikiName;
+	}
+
+	/**
+	 * Gets the welcome signature
+	 * @return string
+	 */
+	public function getWelcomeSig()
+	{
+		return $this->welcome_sig;
+	}
+
+	/**
+	 * Sets the welcome signature
+	 *
+	 * @param string $welcomeSig
+	 */
+	public function setWelcomeSig($welcomeSig)
+	{
+		$this->welcome_sig = $welcomeSig;
+	}
+
+	/**
+	 * Gets the last activity date for the user
+	 *
+	 * @return string
+	 * @todo This should probably return an instance of DateTime
+	 */
+	public function getLastActive()
+	{
+		return $this->lastactive;
+	}
+
+	/**
+	 * Gets the user's forced logout status
+	 *
+	 * @return bool
+	 */
+	public function getForceLogout()
+	{
+		return $this->forcelogout == 1;
+	}
+
+	/**
+	 * Sets the user's forced logout status
+	 *
+	 * @param bool $forceLogout
+	 */
+	public function setForceLogout($forceLogout)
+	{
+		$this->forcelogout = $forceLogout ? 1 : 0;
+	}
+
+	/**
+	 * Returns the ID of the welcome template used.
+	 * @return int
+	 */
+	public function getWelcomeTemplate()
+	{
+		return $this->welcome_template;
+	}
+
+	/**
+	 * Sets the ID of the welcome template used.
+	 *
+	 * @param int $welcomeTemplate
+	 */
+	public function setWelcomeTemplate($welcomeTemplate)
+	{
+		$this->welcome_template = $welcomeTemplate;
+	}
+
+	/**
+	 * Gets the user's abort preference
+	 * @todo this is badly named too! Also a bool that's actually an int.
+	 * @return int
+	 */
+	public function getAbortPref()
+	{
+		return $this->abortpref;
+	}
+
+	/**
+	 * Sets the user's abort preference
+	 * @todo rename, retype, and re-comment.
+	 *
+	 * @param int $abortPreference
+	 */
+	public function setAbortPref($abortPreference)
+	{
+		$this->abortpref = $abortPreference;
+	}
+
+	/**
+	 * Gets the user's confirmation diff. Unused if OAuth is in use.
+	 * @return int the diff ID
+	 */
+	public function getConfirmationDiff()
+	{
+		return $this->confirmationdiff;
+	}
+
+	/**
+	 * Sets the user's confirmation diff.
+	 *
+	 * @param int $confirmationDiff
+	 */
+	public function setConfirmationDiff($confirmationDiff)
+	{
+		$this->confirmationdiff = $confirmationDiff;
+	}
+
+	/**
+	 * Gets the users' email signature used on outbound mail.
+	 * @todo rename me!
+	 * @return string
+	 */
+	public function getEmailSig()
+	{
+		return $this->emailsig;
+	}
+
+	/**
+	 * Sets the user's email signature for outbound mail.
+	 *
+	 * @param string $emailSignature
+	 */
+	public function setEmailSig($emailSignature)
+	{
+		$this->emailsig = $emailSignature;
+	}
+
+	/**
+	 * Gets the user's OAuth request token.
+	 *
+	 * @todo move me to a collaborator.
+	 * @return null|string
+	 */
+	public function getOAuthRequestToken()
+	{
+		return $this->oauthrequesttoken;
+	}
+
+	/**
+	 * Sets the user's OAuth request token
+	 * @todo move me to a collaborator
+	 *
+	 * @param string $oAuthRequestToken
+	 */
+	public function setOAuthRequestToken($oAuthRequestToken)
+	{
+		$this->oauthrequesttoken = $oAuthRequestToken;
+	}
+
+	/**
+	 * Gets the users OAuth request secret
+	 * @category Security-Critical
+	 * @todo     move me to a collaborator
+	 * @return null|string
+	 */
+	public function getOAuthRequestSecret()
+	{
+		return $this->oauthrequestsecret;
+	}
+
+	/**
+	 * Sets the user's OAuth request secret
+	 * @todo move me to a collaborator
+	 *
+	 * @param string $oAuthRequestSecret
+	 */
+	public function setOAuthRequestSecret($oAuthRequestSecret)
+	{
+		$this->oauthrequestsecret = $oAuthRequestSecret;
+	}
+
+	/**
+	 * Gets the user's access token
+	 * @category Security-Critical
+	 * @todo     move me to a collaborator
+	 * @return null|string
+	 */
+	public function getOAuthAccessToken()
+	{
+		return $this->oauthaccesstoken;
+	}
+
+	/**
+	 * Sets the user's access token
+	 * @todo move me to a collaborator
+	 *
+	 * @param string $oAuthAccessToken
+	 */
+	public function setOAuthAccessToken($oAuthAccessToken)
+	{
+		$this->oauthaccesstoken = $oAuthAccessToken;
+	}
+
+	/**
+	 * Gets the user's OAuth access secret
+	 * @category Security-Critical
+	 * @todo     move me to a collaborator
+	 * @return null|string
+	 */
+	public function getOAuthAccessSecret()
+	{
+		return $this->oauthaccesssecret;
+	}
+
+	/**
+	 * Sets the user's OAuth access secret
+	 * @todo move me to a collaborator
+	 *
+	 * @param string $oAuthAccessSecret
+	 */
+	public function setOAuthAccessSecret($oAuthAccessSecret)
+	{
+		$this->oauthaccesssecret = $oAuthAccessSecret;
+	}
+
+	#endregion
+
+	#region user access checks
+
+	/**
+	 * Tests if the user is an admin
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isAdmin()
+	{
+		return $this->status == self::STATUS_ADMIN;
+	}
+
+	/**
+	 * Tests if the user is a checkuser
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isCheckuser()
+	{
+		return $this->checkuser == 1 || $this->oauthCanCheckUser();
+	}
+
+	/**
+	 * Tests if the user is identified
+	 *
+	 * @param IdentificationVerifier $iv
+	 *
+	 * @return bool
+	 * @todo     Figure out what on earth is going on with PDO's typecasting here.  Apparently, it returns string("0") for
+	 *       the force-unidentified case, and int(1) for the identified case?!  This is quite ugly, but probably needed
+	 *       to play it safe for now.
+	 * @category Security-Critical
+	 */
+	public function isIdentified(IdentificationVerifier $iv)
+	{
+		if ($this->forceidentified === 0 || $this->forceidentified === "0") {
+			// User forced to unidentified in the database.
+			return false;
+		}
+		elseif ($this->forceidentified === 1 || $this->forceidentified === "1") {
+			// User forced to identified in the database.
+			return true;
+		}
+		else {
+			// User not forced to any particular identified status; consult IdentificationVerifier
+			return $iv->isUserIdentified($this->getOnWikiName());
+		}
+	}
+
+	/**
+	 * Tests if the user is suspended
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isSuspended()
+	{
+		return $this->status == self::STATUS_SUSPENDED;
+	}
+
+	/**
+	 * Tests if the user is new
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isNewUser()
+	{
+		return $this->status == self::STATUS_NEW;
+	}
+
+	/**
+	 * Tests if the user is a standard-level user
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isUser()
+	{
+		return $this->status == self::STATUS_USER;
+	}
+
+	/**
+	 * Tests if the user has been declined access to the tool
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isDeclined()
+	{
+		return $this->status == self::STATUS_DECLINED;
+	}
+
+	/**
+	 * Tests if the user is the community user
+	 *
+	 * @todo     decide if this means logged out. I think it usually does.
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isCommunityUser()
+	{
+		return false;
+	}
+
+	#endregion 
+
+	#region OAuth
+
+	/**
+	 * @todo     move me to a collaborator
+	 *
+	 * @param bool $useCached
+	 *
+	 * @return mixed|null
+	 * @category Security-Critical
+	 */
+	public function getOAuthIdentity($useCached = false)
+	{
+		if ($this->oauthaccesstoken === null) {
+			$this->clearOAuthData();
+		}
+
+		global $oauthConsumerToken, $oauthMediaWikiCanonicalServer;
+
+		if ($this->oauthidentitycache == null) {
+			$this->identityCache = null;
+		}
+		else {
+			$this->identityCache = unserialize($this->oauthidentitycache);
+		}
+
+		// check the cache
+		if (
+			$this->identityCache != null &&
+			$this->identityCache->aud == $oauthConsumerToken &&
+			$this->identityCache->iss == $oauthMediaWikiCanonicalServer
+		) {
+			if (
+				$useCached || (
+					DateTime::createFromFormat("U", $this->identityCache->iat) < new DateTime() &&
+					DateTime::createFromFormat("U", $this->identityCache->exp) > new DateTime()
+				)
+			) {
+				// Use cached value - it's either valid or we don't care.
+				return $this->identityCache;
+			}
+			else {
+				// Cache expired and not forcing use of cached value
+				$this->getIdentityCache();
+
+				return $this->identityCache;
+			}
+		}
+		else {
+			// Cache isn't ours or doesn't exist
+			$this->getIdentityCache();
+
+			return $this->identityCache;
+		}
+	}
+
+	/**
+	 * @todo     move me to a collaborator
+	 *
+	 * @param mixed $useCached Set to false for everything where up-to-date data is important.
+	 *
+	 * @return mixed
+	 * @category Security-Critical
+	 */
+	private function getOAuthOnWikiName($useCached = false)
+	{
+		$identity = $this->getOAuthIdentity($useCached);
+		if ($identity !== null) {
+			return $identity->username;
+		}
+
+		return false;
+	}
+
+	/**
+	 * @return bool
+	 * @todo move me to a collaborator
+	 */
+	public function isOAuthLinked()
+	{
+		if ($this->onwikiname === "##OAUTH##") {
+			return true; // special value. If an account must be oauth linked, this is true.
+		}
+
+		return $this->oauthaccesstoken !== null;
+	}
+
+	/**
+	 * @return null
+	 * @todo move me to a collaborator
+	 */
+	public function clearOAuthData()
+	{
+		$this->identityCache = null;
+		$this->oauthidentitycache = null;
+		$clearCacheQuery = "UPDATE user SET oauthidentitycache = NULL WHERE id = :id;";
+		$this->dbObject->prepare($clearCacheQuery)->execute(array(":id" => $this->id));
+
+		return null;
+	}
+
+	/**
+	 * @throws Exception
+	 * @todo     move me to a collaborator
+	 * @category Security-Critical
+	 */
+	private function getIdentityCache()
+	{
+		/** @var IOAuthHelper $oauthHelper */
+		global $oauthHelper;
+
+		try {
+			$this->identityCache = $oauthHelper->getIdentityTicket($this->oauthaccesstoken, $this->oauthaccesssecret);
+
+			$this->oauthidentitycache = serialize($this->identityCache);
+			$this->dbObject->prepare("UPDATE user SET oauthidentitycache = :identity WHERE id = :id;")
+				->execute(array(":id" => $this->id, ":identity" => $this->oauthidentitycache));
+		}
+		catch (UnexpectedValueException $ex) {
+			$this->identityCache = null;
+			$this->oauthidentitycache = null;
+			$this->dbObject->prepare("UPDATE user SET oauthidentitycache = NULL WHERE id = :id;")
+				->execute(array(":id" => $this->id));
+
+			SessionAlert::warning("OAuth error getting identity from MediaWiki: " . $ex->getMessage());
+		}
+	}
+
+	/**
+	 * @return bool
+	 * @todo move me to a collaborator
+	 */
+	public function oauthCanUse()
+	{
+		try {
+			return in_array('useoauth', $this->getOAuthIdentity()->grants);
+		}
+		catch (Exception $ex) {
+			return false;
+		}
+	}
+
+	/**
+	 * @return bool
+	 * @todo move me to a collaborator
+	 */
+	public function oauthCanEdit()
+	{
+		try {
+			return in_array('useoauth', $this->getOAuthIdentity()->grants)
+			&& in_array('createeditmovepage', $this->getOAuthIdentity()->grants)
+			&& in_array('createtalk', $this->getOAuthIdentity()->rights)
+			&& in_array('edit', $this->getOAuthIdentity()->rights)
+			&& in_array('writeapi', $this->getOAuthIdentity()->rights);
+		}
+		catch (Exception $ex) {
+			return false;
+		}
+	}
+
+	/**
+	 * @return bool
+	 * @todo move me to a collaborator
+	 */
+	public function oauthCanCreateAccount()
+	{
+		try {
+			return in_array('useoauth', $this->getOAuthIdentity()->grants)
+			&& in_array('createaccount', $this->getOAuthIdentity()->grants)
+			&& in_array('createaccount', $this->getOAuthIdentity()->rights)
+			&& in_array('writeapi', $this->getOAuthIdentity()->rights);
+		}
+		catch (Exception $ex) {
+			return false;
+		}
+	}
+
+	/**
+	 * @return bool
+	 * @todo     move me to a collaborator
+	 * @category Security-Critical
+	 */
+	protected function oauthCanCheckUser()
+	{
+		if (!$this->isOAuthLinked()) {
+			return false;
+		}
+
+		try {
+			$identity = $this->getOAuthIdentity();
+
+			return in_array('checkuser', $identity->rights);
+		}
+		catch (Exception $ex) {
+			return false;
+		}
+	}
+
+	#endregion
+
+	/**
+	 * Gets a hash of data for the user to reset their password with.
+	 * @category Security-Critical
+	 * @return string
+	 */
+	public function getForgottenPasswordHash()
+	{
+		return md5($this->username . $this->email . $this->welcome_template . $this->id . $this->password);
+	}
+
+	/**
+	 * Gets the approval date of the user
+	 * @return DateTime|false
+	 */
+	public function getApprovalDate()
+	{
+		$query = $this->dbObject->prepare(<<<SQL
 			SELECT timestamp 
 			FROM log 
 			WHERE objectid = :userid
@@ -1192,12 +1192,12 @@  discard block
 block discarded – undo
 			ORDER BY id DESC 
 			LIMIT 1;
 SQL
-        );
-        $query->execute(array(":userid" => $this->id));
+		);
+		$query->execute(array(":userid" => $this->id));
 
-        $data = DateTime::createFromFormat("Y-m-d H:i:s", $query->fetchColumn());
-        $query->closeCursor();
+		$data = DateTime::createFromFormat("Y-m-d H:i:s", $query->fetchColumn());
+		$query->closeCursor();
 
-        return $data;
-    }
+		return $data;
+	}
 }

Please login to merge, or discard this patch.

includes/Fragments/TemplateOutput.php 1 patch

Indentation +61 added lines, -61 removed lines patch added patch discarded remove patch

@@ -15,75 +15,75 @@
 block discarded – undo
 
 trait TemplateOutput
 {
-    /** @var Smarty */
-    private $smarty;
-    /** @var string Extra JavaScript to include at the end of the page's execution */
-    private $tailScript;
+	/** @var Smarty */
+	private $smarty;
+	/** @var string Extra JavaScript to include at the end of the page's execution */
+	private $tailScript;
 
-    /**
-     * @return SiteConfiguration
-     */
-    protected abstract function getSiteConfiguration();
+	/**
+	 * @return SiteConfiguration
+	 */
+	protected abstract function getSiteConfiguration();
 
-    /**
-     * Include extra JavaScript at the end of the page's execution
-     *
-     * @param $script string JavaScript to include at the end of the page
-     */
-    final protected function setTailScript($script)
-    {
-        $this->tailScript = $script;
-    }
+	/**
+	 * Include extra JavaScript at the end of the page's execution
+	 *
+	 * @param $script string JavaScript to include at the end of the page
+	 */
+	final protected function setTailScript($script)
+	{
+		$this->tailScript = $script;
+	}
 
-    /**
-     * Assigns a Smarty variable
-     *
-     * @param  array|string $name  the template variable name(s)
-     * @param  mixed        $value the value to assign
-     */
-    final protected function assign($name, $value)
-    {
-        $this->smarty->assign($name, $value);
-    }
+	/**
+	 * Assigns a Smarty variable
+	 *
+	 * @param  array|string $name  the template variable name(s)
+	 * @param  mixed        $value the value to assign
+	 */
+	final protected function assign($name, $value)
+	{
+		$this->smarty->assign($name, $value);
+	}
 
-    /**
-     * Sets up the variables used by the main Smarty base template.
-     *
-     * This list is getting kinda long.
-     */
-    final protected function setUpSmarty()
-    {
-        $this->smarty = new Smarty();
-        $this->smarty->addPluginsDir($this->getSiteConfiguration()->getFilePath() . '/smarty-plugins');
+	/**
+	 * Sets up the variables used by the main Smarty base template.
+	 *
+	 * This list is getting kinda long.
+	 */
+	final protected function setUpSmarty()
+	{
+		$this->smarty = new Smarty();
+		$this->smarty->addPluginsDir($this->getSiteConfiguration()->getFilePath() . '/smarty-plugins');
 
-        $this->assign('currentUser', User::getCommunity());
-        $this->assign('loggedIn', false);
-        $this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
-        $this->assign('mediawikiScriptPath', $this->getSiteConfiguration()->getMediawikiScriptPath());
+		$this->assign('currentUser', User::getCommunity());
+		$this->assign('loggedIn', false);
+		$this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
+		$this->assign('mediawikiScriptPath', $this->getSiteConfiguration()->getMediawikiScriptPath());
 
-        $this->assign('siteNoticeText', '');
-        $this->assign('toolversion', Environment::getToolVersion());
+		$this->assign('siteNoticeText', '');
+		$this->assign('toolversion', Environment::getToolVersion());
 
-        // default these
-        $this->assign('onlineusers', array());
-        $this->assign('typeAheadBlock', '');
-        $this->assign('extraJs', array());
-        $this->assign('extraCss', array());
+		// default these
+		$this->assign('onlineusers', array());
+		$this->assign('typeAheadBlock', '');
+		$this->assign('extraJs', array());
+		$this->assign('extraCss', array());
 
-        $this->assign('page', $this);
-    }
+		$this->assign('page', $this);
+	}
 
-    /**
-     * Fetches a rendered Smarty template
-     *
-     * @param $template string Template file path, relative to /templates/
-     *
-     * @return string Templated HTML
-     */
-    final protected function fetchTemplate($template)
-    {
-        $this->assign("tailScript", $this->tailScript);
+	/**
+	 * Fetches a rendered Smarty template
+	 *
+	 * @param $template string Template file path, relative to /templates/
+	 *
+	 * @return string Templated HTML
+	 */
+	final protected function fetchTemplate($template)
+	{
+		$this->assign("tailScript", $this->tailScript);
 
-        return $this->smarty->fetch($template);
-    }
+		return $this->smarty->fetch($template);
+	}
 }

Please login to merge, or discard this patch.

includes/Pages/PageUserManagement.php 1 patch

Indentation +508 added lines, -508 removed lines patch added patch discarded remove patch

@@ -22,512 +22,512 @@
 block discarded – undo
  */
 class PageUserManagement extends InternalPageBase
 {
-    /** @var string */
-    private $adminMailingList = '[email protected]';
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        if (WebRequest::getBoolean("showAll")) {
-            $this->assign("showAll", true);
-
-            $this->assign("suspendedUsers", User::getAllWithStatus(User::STATUS_SUSPENDED, $database));
-            $this->assign("declinedUsers", User::getAllWithStatus(User::STATUS_DECLINED, $database));
-        }
-        else {
-            $this->assign("showAll", false);
-            $this->assign("suspendedUsers", array());
-            $this->assign("declinedUsers", array());
-        }
-
-        $this->assign("newUsers", User::getAllWithStatus(User::STATUS_NEW, $database));
-        $this->assign("normalUsers", User::getAllWithStatus(User::STATUS_USER, $database));
-        $this->assign("adminUsers", User::getAllWithStatus(User::STATUS_ADMIN, $database));
-        $this->assign("checkUsers", User::getAllCheckusers($database));
-
-        $this->getTypeAheadHelper()->defineTypeAheadSource('username-typeahead', function() use ($database) {
-            return User::getAllUsernames($database);
-        });
-
-        $this->setTemplate("usermanagement/main.tpl");
-    }
-
-    #region Access control
-
-    /**
-     * Action target for suspending users
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function suspend()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-
-        /** @var User $user */
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to suspend could not be found.');
-        }
-
-        if ($user->isSuspended()) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to suspend is already suspended.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $reason = WebRequest::postString('reason');
-
-            if ($reason === null || trim($reason) === "") {
-                throw new ApplicationLogicException('No reason provided');
-            }
-
-            $user->setStatus(User::STATUS_SUSPENDED);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $user->save();
-            Logger::suspendedUser($database, $user, $reason);
-
-            $this->getNotificationHelper()->userSuspended($user, $reason);
-            SessionAlert::quick('Suspended user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
-
-            // send email
-            $this->sendStatusChangeEmail(
-                'Your WP:ACC account has been suspended',
-                'usermanagement/emails/suspended.tpl',
-                $reason,
-                $user,
-                User::getCurrent($database)->getUsername()
-            );
-
-            $this->redirect('userManagement');
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('usermanagement/changelevel-reason.tpl');
-            $this->assign('user', $user);
-            $this->assign('status', 'Suspended');
-            $this->assign("showReason", true);
-        }
-    }
-
-    /**
-     * Entry point for the decline action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function decline()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to decline could not be found.');
-        }
-
-        if (!$user->isNewUser()) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to decline is not new.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $reason = WebRequest::postString('reason');
-
-            if ($reason === null || trim($reason) === "") {
-                throw new ApplicationLogicException('No reason provided');
-            }
-
-            $user->setStatus(User::STATUS_DECLINED);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $user->save();
-            Logger::declinedUser($database, $user, $reason);
-
-            $this->getNotificationHelper()->userDeclined($user, $reason);
-            SessionAlert::quick('Declined user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
-
-            // send email
-            $this->sendStatusChangeEmail(
-                'Your WP:ACC account has been declined',
-                'usermanagement/emails/declined.tpl',
-                $reason,
-                $user,
-                User::getCurrent($database)->getUsername()
-            );
-
-            $this->redirect('userManagement');
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('usermanagement/changelevel-reason.tpl');
-            $this->assign('user', $user);
-            $this->assign('status', 'Declined');
-            $this->assign("showReason", true);
-        }
-    }
-
-    /**
-     * Entry point for the demote action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function demote()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to demote could not be found.');
-        }
-
-        if (!$user->isAdmin()) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to demote is not an admin.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $reason = WebRequest::postString('reason');
-
-            if ($reason === null || trim($reason) === "") {
-                throw new ApplicationLogicException('No reason provided');
-            }
-
-            $user->setStatus(User::STATUS_USER);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $user->save();
-            Logger::demotedUser($database, $user, $reason);
-
-            $this->getNotificationHelper()->userDemoted($user, $reason);
-            SessionAlert::quick('Demoted user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
-
-            // send email
-            $this->sendStatusChangeEmail(
-                'Your WP:ACC account has been demoted',
-                'usermanagement/emails/demoted.tpl',
-                $reason,
-                $user,
-                User::getCurrent($database)->getUsername()
-            );
-
-            $this->redirect('userManagement');
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('usermanagement/changelevel-reason.tpl');
-            $this->assign('user', $user);
-            $this->assign('status', 'User');
-            $this->assign("showReason", true);
-        }
-    }
-
-    /**
-     * Entry point for the approve action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function approve()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to approve could not be found.');
-        }
-
-        if ($user->isUser() || $user->isAdmin()) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to approve is already an active user.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $user->setStatus(User::STATUS_USER);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $user->save();
-            Logger::approvedUser($database, $user);
-
-            $this->getNotificationHelper()->userApproved($user);
-            SessionAlert::quick('Approved user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
-
-            // send email
-            $this->sendStatusChangeEmail(
-                'Your WP:ACC account has been approved',
-                'usermanagement/emails/approved.tpl',
-                null,
-                $user,
-                User::getCurrent($database)->getUsername()
-            );
-
-            $this->redirect("userManagement");
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate("usermanagement/changelevel-reason.tpl");
-            $this->assign("user", $user);
-            $this->assign("status", "User");
-            $this->assign("showReason", false);
-        }
-    }
-
-    /**
-     * Entry point for the promote action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function promote()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to promote could not be found.');
-        }
-
-        if ($user->isAdmin()) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to promote is already an admin.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $user->setStatus(User::STATUS_ADMIN);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $user->save();
-            Logger::promotedUser($database, $user);
-
-            $this->getNotificationHelper()->userPromoted($user);
-            SessionAlert::quick('Promoted user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
-
-            // send email
-            $this->sendStatusChangeEmail(
-                'Your WP:ACC account has been promoted',
-                'usermanagement/emails/promoted.tpl',
-                null,
-                $user,
-                User::getCurrent($database)->getUsername()
-            );
-
-            $this->redirect("userManagement");
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate("usermanagement/changelevel-reason.tpl");
-            $this->assign("user", $user);
-            $this->assign("status", "Admin");
-            $this->assign("showReason", false);
-        }
-    }
-
-    #endregion
-
-    #region Renaming / Editing
-
-    /**
-     * Entry point for the rename action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function rename()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to rename could not be found.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $newUsername = WebRequest::postString('newname');
-
-            if ($newUsername === null || trim($newUsername) === "") {
-                throw new ApplicationLogicException('The new username cannot be empty');
-            }
-
-            if (User::getByUsername($newUsername, $database) != false) {
-                throw new ApplicationLogicException('The new username already exists');
-            }
-
-            $oldUsername = $user->getUsername();
-            $user->setUsername($newUsername);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-
-            $user->save();
-
-            $logEntryData = serialize(array(
-                'old' => $oldUsername,
-                'new' => $newUsername,
-            ));
-
-            Logger::renamedUser($database, $user, $logEntryData);
-
-            SessionAlert::quick("Changed User "
-                . htmlentities($oldUsername, ENT_COMPAT, 'UTF-8')
-                . " name to "
-                . htmlentities($newUsername, ENT_COMPAT, 'UTF-8'));
-
-            $this->getNotificationHelper()->userRenamed($user, $oldUsername);
-
-            // send an email to the user.
-            $this->assign('targetUsername', $user->getUsername());
-            $this->assign('toolAdmin', User::getCurrent($database)->getUsername());
-            $this->assign('oldUsername', $oldUsername);
-            $this->assign('mailingList', $this->adminMailingList);
-
-            $this->getEmailHelper()->sendMail(
-                $user->getEmail(),
-                'Your username on WP:ACC has been changed',
-                $this->fetchTemplate('usermanagement/emails/renamed.tpl'),
-                array('Reply-To' => $this->adminMailingList)
-            );
-
-            $this->redirect("userManagement");
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('usermanagement/renameuser.tpl');
-            $this->assign('user', $user);
-        }
-    }
-
-    /**
-     * Entry point for the edit action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function editUser()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to edit could not be found.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $newEmail = WebRequest::postEmail('user_email');
-            $newOnWikiName = WebRequest::postString('user_onwikiname');
-
-            if ($newEmail === null) {
-                throw new ApplicationLogicException('Invalid email address');
-            }
-
-            if (!$user->isOAuthLinked()) {
-                if (trim($newOnWikiName) == "") {
-                    throw new ApplicationLogicException('New on-wiki username cannot be blank');
-                }
-
-                $user->setOnWikiName($newOnWikiName);
-            }
-
-            $user->setEmail($newEmail);
-
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-
-            $user->save();
-
-            Logger::userPreferencesChange($database, $user);
-            $this->getNotificationHelper()->userPrefChange($user);
-            SessionAlert::quick('Changes to user\'s preferences have been saved');
-
-            $this->redirect("userManagement");
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('usermanagement/edituser.tpl');
-            $this->assign('user', $user);
-        }
-    }
-
-    #endregion
-
-    /**
-     * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
-     * the return value from this function.
-     *
-     * If this page even supports actions, you will need to check the route
-     *
-     * @return SecurityConfiguration
-     * @category Security-Critical
-     */
-    protected function getSecurityConfiguration()
-    {
-        return $this->getSecurityManager()->configure()->asAdminPage();
-    }
-
-    /**
-     * Sends a status change email to the user.
-     *
-     * @param string      $subject           The subject of the email
-     * @param string      $template          The smarty template to use
-     * @param string|null $reason            The reason for performing the status change
-     * @param User        $user              The user affected
-     * @param string      $toolAdminUsername The tool admin's username who is making the edit
-     */
-    private function sendStatusChangeEmail($subject, $template, $reason, $user, $toolAdminUsername)
-    {
-        $this->assign('targetUsername', $user->getUsername());
-        $this->assign('toolAdmin', $toolAdminUsername);
-        $this->assign('actionReason', $reason);
-        $this->assign('mailingList', $this->adminMailingList);
-
-        $this->getEmailHelper()->sendMail(
-            $user->getEmail(),
-            $subject,
-            $this->fetchTemplate($template),
-            array('Reply-To' => $this->adminMailingList)
-        );
-    }
+	/** @var string */
+	private $adminMailingList = '[email protected]';
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		if (WebRequest::getBoolean("showAll")) {
+			$this->assign("showAll", true);
+
+			$this->assign("suspendedUsers", User::getAllWithStatus(User::STATUS_SUSPENDED, $database));
+			$this->assign("declinedUsers", User::getAllWithStatus(User::STATUS_DECLINED, $database));
+		}
+		else {
+			$this->assign("showAll", false);
+			$this->assign("suspendedUsers", array());
+			$this->assign("declinedUsers", array());
+		}
+
+		$this->assign("newUsers", User::getAllWithStatus(User::STATUS_NEW, $database));
+		$this->assign("normalUsers", User::getAllWithStatus(User::STATUS_USER, $database));
+		$this->assign("adminUsers", User::getAllWithStatus(User::STATUS_ADMIN, $database));
+		$this->assign("checkUsers", User::getAllCheckusers($database));
+
+		$this->getTypeAheadHelper()->defineTypeAheadSource('username-typeahead', function() use ($database) {
+			return User::getAllUsernames($database);
+		});
+
+		$this->setTemplate("usermanagement/main.tpl");
+	}
+
+	#region Access control
+
+	/**
+	 * Action target for suspending users
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function suspend()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+
+		/** @var User $user */
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to suspend could not be found.');
+		}
+
+		if ($user->isSuspended()) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to suspend is already suspended.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$reason = WebRequest::postString('reason');
+
+			if ($reason === null || trim($reason) === "") {
+				throw new ApplicationLogicException('No reason provided');
+			}
+
+			$user->setStatus(User::STATUS_SUSPENDED);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$user->save();
+			Logger::suspendedUser($database, $user, $reason);
+
+			$this->getNotificationHelper()->userSuspended($user, $reason);
+			SessionAlert::quick('Suspended user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
+
+			// send email
+			$this->sendStatusChangeEmail(
+				'Your WP:ACC account has been suspended',
+				'usermanagement/emails/suspended.tpl',
+				$reason,
+				$user,
+				User::getCurrent($database)->getUsername()
+			);
+
+			$this->redirect('userManagement');
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('usermanagement/changelevel-reason.tpl');
+			$this->assign('user', $user);
+			$this->assign('status', 'Suspended');
+			$this->assign("showReason", true);
+		}
+	}
+
+	/**
+	 * Entry point for the decline action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function decline()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to decline could not be found.');
+		}
+
+		if (!$user->isNewUser()) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to decline is not new.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$reason = WebRequest::postString('reason');
+
+			if ($reason === null || trim($reason) === "") {
+				throw new ApplicationLogicException('No reason provided');
+			}
+
+			$user->setStatus(User::STATUS_DECLINED);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$user->save();
+			Logger::declinedUser($database, $user, $reason);
+
+			$this->getNotificationHelper()->userDeclined($user, $reason);
+			SessionAlert::quick('Declined user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
+
+			// send email
+			$this->sendStatusChangeEmail(
+				'Your WP:ACC account has been declined',
+				'usermanagement/emails/declined.tpl',
+				$reason,
+				$user,
+				User::getCurrent($database)->getUsername()
+			);
+
+			$this->redirect('userManagement');
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('usermanagement/changelevel-reason.tpl');
+			$this->assign('user', $user);
+			$this->assign('status', 'Declined');
+			$this->assign("showReason", true);
+		}
+	}
+
+	/**
+	 * Entry point for the demote action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function demote()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to demote could not be found.');
+		}
+
+		if (!$user->isAdmin()) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to demote is not an admin.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$reason = WebRequest::postString('reason');
+
+			if ($reason === null || trim($reason) === "") {
+				throw new ApplicationLogicException('No reason provided');
+			}
+
+			$user->setStatus(User::STATUS_USER);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$user->save();
+			Logger::demotedUser($database, $user, $reason);
+
+			$this->getNotificationHelper()->userDemoted($user, $reason);
+			SessionAlert::quick('Demoted user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
+
+			// send email
+			$this->sendStatusChangeEmail(
+				'Your WP:ACC account has been demoted',
+				'usermanagement/emails/demoted.tpl',
+				$reason,
+				$user,
+				User::getCurrent($database)->getUsername()
+			);
+
+			$this->redirect('userManagement');
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('usermanagement/changelevel-reason.tpl');
+			$this->assign('user', $user);
+			$this->assign('status', 'User');
+			$this->assign("showReason", true);
+		}
+	}
+
+	/**
+	 * Entry point for the approve action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function approve()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to approve could not be found.');
+		}
+
+		if ($user->isUser() || $user->isAdmin()) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to approve is already an active user.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$user->setStatus(User::STATUS_USER);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$user->save();
+			Logger::approvedUser($database, $user);
+
+			$this->getNotificationHelper()->userApproved($user);
+			SessionAlert::quick('Approved user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
+
+			// send email
+			$this->sendStatusChangeEmail(
+				'Your WP:ACC account has been approved',
+				'usermanagement/emails/approved.tpl',
+				null,
+				$user,
+				User::getCurrent($database)->getUsername()
+			);
+
+			$this->redirect("userManagement");
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate("usermanagement/changelevel-reason.tpl");
+			$this->assign("user", $user);
+			$this->assign("status", "User");
+			$this->assign("showReason", false);
+		}
+	}
+
+	/**
+	 * Entry point for the promote action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function promote()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to promote could not be found.');
+		}
+
+		if ($user->isAdmin()) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to promote is already an admin.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$user->setStatus(User::STATUS_ADMIN);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$user->save();
+			Logger::promotedUser($database, $user);
+
+			$this->getNotificationHelper()->userPromoted($user);
+			SessionAlert::quick('Promoted user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
+
+			// send email
+			$this->sendStatusChangeEmail(
+				'Your WP:ACC account has been promoted',
+				'usermanagement/emails/promoted.tpl',
+				null,
+				$user,
+				User::getCurrent($database)->getUsername()
+			);
+
+			$this->redirect("userManagement");
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate("usermanagement/changelevel-reason.tpl");
+			$this->assign("user", $user);
+			$this->assign("status", "Admin");
+			$this->assign("showReason", false);
+		}
+	}
+
+	#endregion
+
+	#region Renaming / Editing
+
+	/**
+	 * Entry point for the rename action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function rename()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to rename could not be found.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$newUsername = WebRequest::postString('newname');
+
+			if ($newUsername === null || trim($newUsername) === "") {
+				throw new ApplicationLogicException('The new username cannot be empty');
+			}
+
+			if (User::getByUsername($newUsername, $database) != false) {
+				throw new ApplicationLogicException('The new username already exists');
+			}
+
+			$oldUsername = $user->getUsername();
+			$user->setUsername($newUsername);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+
+			$user->save();
+
+			$logEntryData = serialize(array(
+				'old' => $oldUsername,
+				'new' => $newUsername,
+			));
+
+			Logger::renamedUser($database, $user, $logEntryData);
+
+			SessionAlert::quick("Changed User "
+				. htmlentities($oldUsername, ENT_COMPAT, 'UTF-8')
+				. " name to "
+				. htmlentities($newUsername, ENT_COMPAT, 'UTF-8'));
+
+			$this->getNotificationHelper()->userRenamed($user, $oldUsername);
+
+			// send an email to the user.
+			$this->assign('targetUsername', $user->getUsername());
+			$this->assign('toolAdmin', User::getCurrent($database)->getUsername());
+			$this->assign('oldUsername', $oldUsername);
+			$this->assign('mailingList', $this->adminMailingList);
+
+			$this->getEmailHelper()->sendMail(
+				$user->getEmail(),
+				'Your username on WP:ACC has been changed',
+				$this->fetchTemplate('usermanagement/emails/renamed.tpl'),
+				array('Reply-To' => $this->adminMailingList)
+			);
+
+			$this->redirect("userManagement");
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('usermanagement/renameuser.tpl');
+			$this->assign('user', $user);
+		}
+	}
+
+	/**
+	 * Entry point for the edit action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function editUser()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to edit could not be found.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$newEmail = WebRequest::postEmail('user_email');
+			$newOnWikiName = WebRequest::postString('user_onwikiname');
+
+			if ($newEmail === null) {
+				throw new ApplicationLogicException('Invalid email address');
+			}
+
+			if (!$user->isOAuthLinked()) {
+				if (trim($newOnWikiName) == "") {
+					throw new ApplicationLogicException('New on-wiki username cannot be blank');
+				}
+
+				$user->setOnWikiName($newOnWikiName);
+			}
+
+			$user->setEmail($newEmail);
+
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+
+			$user->save();
+
+			Logger::userPreferencesChange($database, $user);
+			$this->getNotificationHelper()->userPrefChange($user);
+			SessionAlert::quick('Changes to user\'s preferences have been saved');
+
+			$this->redirect("userManagement");
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('usermanagement/edituser.tpl');
+			$this->assign('user', $user);
+		}
+	}
+
+	#endregion
+
+	/**
+	 * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
+	 * the return value from this function.
+	 *
+	 * If this page even supports actions, you will need to check the route
+	 *
+	 * @return SecurityConfiguration
+	 * @category Security-Critical
+	 */
+	protected function getSecurityConfiguration()
+	{
+		return $this->getSecurityManager()->configure()->asAdminPage();
+	}
+
+	/**
+	 * Sends a status change email to the user.
+	 *
+	 * @param string      $subject           The subject of the email
+	 * @param string      $template          The smarty template to use
+	 * @param string|null $reason            The reason for performing the status change
+	 * @param User        $user              The user affected
+	 * @param string      $toolAdminUsername The tool admin's username who is making the edit
+	 */
+	private function sendStatusChangeEmail($subject, $template, $reason, $user, $toolAdminUsername)
+	{
+		$this->assign('targetUsername', $user->getUsername());
+		$this->assign('toolAdmin', $toolAdminUsername);
+		$this->assign('actionReason', $reason);
+		$this->assign('mailingList', $this->adminMailingList);
+
+		$this->getEmailHelper()->sendMail(
+			$user->getEmail(),
+			$subject,
+			$this->fetchTemplate($template),
+			array('Reply-To' => $this->adminMailingList)
+		);
+	}
 }
\ No newline at end of file

Please login to merge, or discard this patch.

includes/IdentificationVerifier.php 1 patch

Indentation +157 added lines, -157 removed lines patch added patch discarded remove patch

@@ -26,131 +26,131 @@  discard block
 block discarded – undo
  */
 class IdentificationVerifier
 {
-    /**
-     * This field is an array of parameters, in key => value format, that should be appended to the Meta Wikimedia
-     * Web Service Endpoint URL to query if a user is listed on the Identification Noticeboard.  Note that URL encoding
-     * of these values is *not* necessary; this is done automatically.
-     *
-     * @var string[]
-     * @category Security-Critical
-     */
-    private static $apiQueryParameters = array(
-        'action'   => 'query',
-        'format'   => 'json',
-        'prop'     => 'links',
-        'titles'   => 'Access to nonpublic information policy/Noticeboard',
-        // Username of the user to be checked, with User: prefix, goes here!  Set in isIdentifiedOnWiki()
-        'pltitles' => '',
-    );
-    /** @var HttpHelper */
-    private $httpHelper;
-    /** @var SiteConfiguration */
-    private $siteConfiguration;
-    /** @var PdoDatabase */
-    private $dbObject;
-
-    /**
-     * IdentificationVerifier constructor.
-     *
-     * @param HttpHelper        $httpHelper
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $dbObject
-     */
-    public function __construct(HttpHelper $httpHelper, SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
-    {
-        $this->httpHelper = $httpHelper;
-        $this->siteConfiguration = $siteConfiguration;
-        $this->dbObject = $dbObject;
-    }
-
-    /**
-     * Checks if the given user is identified to the Wikimedia Foundation.
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isUserIdentified($onWikiName)
-    {
-        if ($this->checkIdentificationCache($onWikiName)) {
-            return true;
-        }
-        else {
-            if ($this->isIdentifiedOnWiki($onWikiName)) {
-                $this->cacheIdentificationStatus($onWikiName);
-
-                return true;
-            }
-            else {
-                return false;
-            }
-        }
-    }
-
-    /**
-     * Checks if the given user has a valid entry in the idcache table.
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    private function checkIdentificationCache($onWikiName)
-    {
-        $interval = $this->siteConfiguration->getIdentificationCacheExpiry();
-
-        $query = <<<SQL
+	/**
+	 * This field is an array of parameters, in key => value format, that should be appended to the Meta Wikimedia
+	 * Web Service Endpoint URL to query if a user is listed on the Identification Noticeboard.  Note that URL encoding
+	 * of these values is *not* necessary; this is done automatically.
+	 *
+	 * @var string[]
+	 * @category Security-Critical
+	 */
+	private static $apiQueryParameters = array(
+		'action'   => 'query',
+		'format'   => 'json',
+		'prop'     => 'links',
+		'titles'   => 'Access to nonpublic information policy/Noticeboard',
+		// Username of the user to be checked, with User: prefix, goes here!  Set in isIdentifiedOnWiki()
+		'pltitles' => '',
+	);
+	/** @var HttpHelper */
+	private $httpHelper;
+	/** @var SiteConfiguration */
+	private $siteConfiguration;
+	/** @var PdoDatabase */
+	private $dbObject;
+
+	/**
+	 * IdentificationVerifier constructor.
+	 *
+	 * @param HttpHelper        $httpHelper
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $dbObject
+	 */
+	public function __construct(HttpHelper $httpHelper, SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
+	{
+		$this->httpHelper = $httpHelper;
+		$this->siteConfiguration = $siteConfiguration;
+		$this->dbObject = $dbObject;
+	}
+
+	/**
+	 * Checks if the given user is identified to the Wikimedia Foundation.
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isUserIdentified($onWikiName)
+	{
+		if ($this->checkIdentificationCache($onWikiName)) {
+			return true;
+		}
+		else {
+			if ($this->isIdentifiedOnWiki($onWikiName)) {
+				$this->cacheIdentificationStatus($onWikiName);
+
+				return true;
+			}
+			else {
+				return false;
+			}
+		}
+	}
+
+	/**
+	 * Checks if the given user has a valid entry in the idcache table.
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	private function checkIdentificationCache($onWikiName)
+	{
+		$interval = $this->siteConfiguration->getIdentificationCacheExpiry();
+
+		$query = <<<SQL
 			SELECT COUNT(`id`)
 			FROM `idcache`
 			WHERE `onwikiusername` = :onwikiname
 				AND DATE_ADD(`checktime`, INTERVAL {$interval}) >= NOW();
 SQL;
-        $stmt = $this->dbObject->prepare($query);
-        $stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
-        $stmt->execute();
-
-        // Guaranteed by the query to only return a single row with a single column
-        $results = $stmt->fetch(PDO::FETCH_NUM);
-
-        // I don't expect this to ever be a value other than 0 or 1 since the `onwikiusername` column is declared as a
-        // unique key - but meh.
-        return $results[0] != 0;
-    }
-
-    /**
-     * Does pretty much exactly what it says on the label - this method will clear all expired idcache entries from the
-     * idcache table.  Meant to be called periodically by a maintenance script.
-     *
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $dbObject
-     *
-     * @return void
-     */
-    public static function clearExpiredCacheEntries(SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
-    {
-        $interval = $siteConfiguration->getIdentificationCacheExpiry();
-
-        $query = <<<SQL
+		$stmt = $this->dbObject->prepare($query);
+		$stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
+		$stmt->execute();
+
+		// Guaranteed by the query to only return a single row with a single column
+		$results = $stmt->fetch(PDO::FETCH_NUM);
+
+		// I don't expect this to ever be a value other than 0 or 1 since the `onwikiusername` column is declared as a
+		// unique key - but meh.
+		return $results[0] != 0;
+	}
+
+	/**
+	 * Does pretty much exactly what it says on the label - this method will clear all expired idcache entries from the
+	 * idcache table.  Meant to be called periodically by a maintenance script.
+	 *
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $dbObject
+	 *
+	 * @return void
+	 */
+	public static function clearExpiredCacheEntries(SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
+	{
+		$interval = $siteConfiguration->getIdentificationCacheExpiry();
+
+		$query = <<<SQL
 			DELETE FROM `idcache`
 			WHERE DATE_ADD(`checktime`, INTERVAL {$interval}) < NOW();
 SQL;
-        $dbObject->prepare($query)->execute();
-    }
-
-    /**
-     * This method will add an entry to the idcache that the given Wikipedia user has been verified as identified.  This
-     * is so we don't have to hit the API every single time we check.  The cache entry is valid for as long as specified
-     * in the ACC configuration (validity enforced by checkIdentificationCache() and clearExpiredCacheEntries()).
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return void
-     * @category Security-Critical
-     */
-    private function cacheIdentificationStatus($onWikiName)
-    {
-        $query = <<<SQL
+		$dbObject->prepare($query)->execute();
+	}
+
+	/**
+	 * This method will add an entry to the idcache that the given Wikipedia user has been verified as identified.  This
+	 * is so we don't have to hit the API every single time we check.  The cache entry is valid for as long as specified
+	 * in the ACC configuration (validity enforced by checkIdentificationCache() and clearExpiredCacheEntries()).
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return void
+	 * @category Security-Critical
+	 */
+	private function cacheIdentificationStatus($onWikiName)
+	{
+		$query = <<<SQL
 			INSERT INTO `idcache`
 				(`onwikiusername`)
 			VALUES
@@ -159,44 +159,44 @@  discard block
 block discarded – undo
 				`onwikiusername` = VALUES(`onwikiusername`),
 				`checktime` = CURRENT_TIMESTAMP;
 SQL;
-        $stmt = $this->dbObject->prepare($query);
-        $stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
-        $stmt->execute();
-    }
-
-    /**
-     * Queries the Wikimedia API to determine if the specified user is listed on the identification noticeboard.
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return bool
-     * @throws EnvironmentException
-     * @category Security-Critical
-     */
-    private function isIdentifiedOnWiki($onWikiName)
-    {
-        $strings = new StringFunctions();
-
-        // First character of Wikipedia usernames is always capitalized.
-        $onWikiName = $strings->ucfirst($onWikiName);
-
-        $parameters = self::$apiQueryParameters;
-        $parameters['pltitles'] = "User:" . $onWikiName;
-
-        try {
-            $endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
-            $response = $this->httpHelper->get($endpoint, $parameters);
-            $response = json_decode($response, true);
-        } catch (CurlException $ex) {
-            // failed getting identification status, so throw a nicer error.
-            $m = 'Could not contact metawiki API to determine user\' identification status. '
-                . 'This is probably a transient error, so please try again.';
-
-            throw new EnvironmentException($m, 0, $ex);
-        }
-
-        $page = @array_pop($response['query']['pages']);
-
-        return @$page['links'][0]['title'] === "User:" . $onWikiName;
-    }
+		$stmt = $this->dbObject->prepare($query);
+		$stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
+		$stmt->execute();
+	}
+
+	/**
+	 * Queries the Wikimedia API to determine if the specified user is listed on the identification noticeboard.
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return bool
+	 * @throws EnvironmentException
+	 * @category Security-Critical
+	 */
+	private function isIdentifiedOnWiki($onWikiName)
+	{
+		$strings = new StringFunctions();
+
+		// First character of Wikipedia usernames is always capitalized.
+		$onWikiName = $strings->ucfirst($onWikiName);
+
+		$parameters = self::$apiQueryParameters;
+		$parameters['pltitles'] = "User:" . $onWikiName;
+
+		try {
+			$endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
+			$response = $this->httpHelper->get($endpoint, $parameters);
+			$response = json_decode($response, true);
+		} catch (CurlException $ex) {
+			// failed getting identification status, so throw a nicer error.
+			$m = 'Could not contact metawiki API to determine user\' identification status. '
+				. 'This is probably a transient error, so please try again.';
+
+			throw new EnvironmentException($m, 0, $ex);
+		}
+
+		$page = @array_pop($response['query']['pages']);
+
+		return @$page['links'][0]['title'] === "User:" . $onWikiName;
+	}
 }

Please login to merge, or discard this patch.

		@@ -14,117 +14,117 @@
		block discarded – undo
14	14
15	15	class RequestSearchHelper extends SearchHelperBase
16	16	{
17		- /**
18		- * RequestSearchHelper constructor.
19		- *
20		- * @param PdoDatabase $database
21		- */
22		- protected function __construct(PdoDatabase $database)
23		- {
24		- parent::__construct($database, 'request', Request::class);
25		- }
26		-
27		- /**
28		- * Initiates a search for requests
29		- *
30		- * @param PdoDatabase $database
31		- *
32		- * @return RequestSearchHelper
33		- */
34		- public static function get(PdoDatabase $database)
35		- {
36		- $helper = new RequestSearchHelper($database);
37		-
38		- return $helper;
39		- }
40		-
41		- /**
42		- * Filters the results by IP address
43		- *
44		- * @param string $ipAddress
45		- *
46		- * @return $this
47		- */
48		- public function byIp($ipAddress)
49		- {
50		- $this->whereClause .= ' AND (ip LIKE ? OR forwardedip LIKE ?)';
51		- $this->parameterList[] = $ipAddress;
52		- $this->parameterList[] = '%' . trim($ipAddress, '%') . '%';
53		-
54		- return $this;
55		- }
56		-
57		- /**
58		- * Filters the results by email address
59		- *
60		- * @param string $emailAddress
61		- *
62		- * @return $this
63		- */
64		- public function byEmailAddress($emailAddress)
65		- {
66		- $this->whereClause .= ' AND email LIKE ?';
67		- $this->parameterList[] = $emailAddress;
68		-
69		- return $this;
70		- }
71		-
72		- /**
73		- * Filters the results by name
74		- *
75		- * @param string $name
76		- *
77		- * @return $this
78		- */
79		- public function byName($name)
80		- {
81		- $this->whereClause .= ' AND name LIKE ?';
82		- $this->parameterList[] = $name;
83		-
84		- return $this;
85		- }
86		-
87		- /**
88		- * Excludes a request from the results
89		- *
90		- * @param int $requestId
91		- *
92		- * @return $this
93		- */
94		- public function excludingRequest($requestId)
95		- {
96		- $this->whereClause .= ' AND id <> ?';
97		- $this->parameterList[] = $requestId;
98		-
99		- return $this;
100		- }
101		-
102		- /**
103		- * Filters the results to only those with a confirmed email address
104		- *
105		- * @return $this
106		- */
107		- public function withConfirmedEmail()
108		- {
109		- $this->whereClause .= ' AND emailconfirm = ?';
110		- $this->parameterList[] = 'Confirmed';
111		-
112		- return $this;
113		- }
114		-
115		- /**
116		- * Filters the results to exclude purged data
117		- *
118		- * @param SiteConfiguration $configuration
119		- *
120		- * @return $this
121		- */
122		- public function excludingPurgedData(SiteConfiguration $configuration)
123		- {
124		- $this->whereClause .= ' AND ip <> ? AND email <> ?';
125		- $this->parameterList[] = $configuration->getDataClearIp();
126		- $this->parameterList[] = $configuration->getDataClearEmail();
127		-
128		- return $this;
129		- }
	17	+ /**
	18	+ * RequestSearchHelper constructor.
	19	+ *
	20	+ * @param PdoDatabase $database
	21	+ */
	22	+ protected function __construct(PdoDatabase $database)
	23	+ {
	24	+ parent::__construct($database, 'request', Request::class);
	25	+ }
	26	+
	27	+ /**
	28	+ * Initiates a search for requests
	29	+ *
	30	+ * @param PdoDatabase $database
	31	+ *
	32	+ * @return RequestSearchHelper
	33	+ */
	34	+ public static function get(PdoDatabase $database)
	35	+ {
	36	+ $helper = new RequestSearchHelper($database);
	37	+
	38	+ return $helper;
	39	+ }
	40	+
	41	+ /**
	42	+ * Filters the results by IP address
	43	+ *
	44	+ * @param string $ipAddress
	45	+ *
	46	+ * @return $this
	47	+ */
	48	+ public function byIp($ipAddress)
	49	+ {
	50	+ $this->whereClause .= ' AND (ip LIKE ? OR forwardedip LIKE ?)';
	51	+ $this->parameterList[] = $ipAddress;
	52	+ $this->parameterList[] = '%' . trim($ipAddress, '%') . '%';
	53	+
	54	+ return $this;
	55	+ }
	56	+
	57	+ /**
	58	+ * Filters the results by email address
	59	+ *
	60	+ * @param string $emailAddress
	61	+ *
	62	+ * @return $this
	63	+ */
	64	+ public function byEmailAddress($emailAddress)
	65	+ {
	66	+ $this->whereClause .= ' AND email LIKE ?';
	67	+ $this->parameterList[] = $emailAddress;
	68	+
	69	+ return $this;
	70	+ }
	71	+
	72	+ /**
	73	+ * Filters the results by name
	74	+ *
	75	+ * @param string $name
	76	+ *
	77	+ * @return $this
	78	+ */
	79	+ public function byName($name)
	80	+ {
	81	+ $this->whereClause .= ' AND name LIKE ?';
	82	+ $this->parameterList[] = $name;
	83	+
	84	+ return $this;
	85	+ }
	86	+
	87	+ /**
	88	+ * Excludes a request from the results
	89	+ *
	90	+ * @param int $requestId
	91	+ *
	92	+ * @return $this
	93	+ */
	94	+ public function excludingRequest($requestId)
	95	+ {
	96	+ $this->whereClause .= ' AND id <> ?';
	97	+ $this->parameterList[] = $requestId;
	98	+
	99	+ return $this;
	100	+ }
	101	+
	102	+ /**
	103	+ * Filters the results to only those with a confirmed email address
	104	+ *
	105	+ * @return $this
	106	+ */
	107	+ public function withConfirmedEmail()
	108	+ {
	109	+ $this->whereClause .= ' AND emailconfirm = ?';
	110	+ $this->parameterList[] = 'Confirmed';
	111	+
	112	+ return $this;
	113	+ }
	114	+
	115	+ /**
	116	+ * Filters the results to exclude purged data
	117	+ *
	118	+ * @param SiteConfiguration $configuration
	119	+ *
	120	+ * @return $this
	121	+ */
	122	+ public function excludingPurgedData(SiteConfiguration $configuration)
	123	+ {
	124	+ $this->whereClause .= ' AND ip <> ? AND email <> ?';
	125	+ $this->parameterList[] = $configuration->getDataClearIp();
	126	+ $this->parameterList[] = $configuration->getDataClearEmail();
	127	+
	128	+ return $this;
	129	+ }
130	130	}
131	131	\ No newline at end of file

		@@ -13,87 +13,87 @@
		block discarded – undo
13	13
14	14	class LogSearchHelper extends SearchHelperBase
15	15	{
16		- /**
17		- * LogSearchHelper constructor.
18		- *
19		- * @param PdoDatabase $database
20		- */
21		- protected function __construct(PdoDatabase $database)
22		- {
23		- parent::__construct($database, 'log', Log::class, 'timestamp DESC');
24		- }
	16	+ /**
	17	+ * LogSearchHelper constructor.
	18	+ *
	19	+ * @param PdoDatabase $database
	20	+ */
	21	+ protected function __construct(PdoDatabase $database)
	22	+ {
	23	+ parent::__construct($database, 'log', Log::class, 'timestamp DESC');
	24	+ }
25	25
26		- /**
27		- * Initiates a search for requests
28		- *
29		- * @param PdoDatabase $database
30		- *
31		- * @return LogSearchHelper
32		- */
33		- public static function get(PdoDatabase $database)
34		- {
35		- $helper = new LogSearchHelper($database);
	26	+ /**
	27	+ * Initiates a search for requests
	28	+ *
	29	+ * @param PdoDatabase $database
	30	+ *
	31	+ * @return LogSearchHelper
	32	+ */
	33	+ public static function get(PdoDatabase $database)
	34	+ {
	35	+ $helper = new LogSearchHelper($database);
36	36
37		- return $helper;
38		- }
	37	+ return $helper;
	38	+ }
39	39
40		- /**
41		- * Filters the results by user
42		- *
43		- * @param int $userId
44		- *
45		- * @return $this
46		- */
47		- public function byUser($userId)
48		- {
49		- $this->whereClause .= ' AND user = ?';
50		- $this->parameterList[] = $userId;
	40	+ /**
	41	+ * Filters the results by user
	42	+ *
	43	+ * @param int $userId
	44	+ *
	45	+ * @return $this
	46	+ */
	47	+ public function byUser($userId)
	48	+ {
	49	+ $this->whereClause .= ' AND user = ?';
	50	+ $this->parameterList[] = $userId;
51	51
52		- return $this;
53		- }
	52	+ return $this;
	53	+ }
54	54
55		- /**
56		- * Filters the results by log action
57		- *
58		- * @param string $action
59		- *
60		- * @return $this
61		- */
62		- public function byAction($action)
63		- {
64		- $this->whereClause .= ' AND action = ?';
65		- $this->parameterList[] = $action;
	55	+ /**
	56	+ * Filters the results by log action
	57	+ *
	58	+ * @param string $action
	59	+ *
	60	+ * @return $this
	61	+ */
	62	+ public function byAction($action)
	63	+ {
	64	+ $this->whereClause .= ' AND action = ?';
	65	+ $this->parameterList[] = $action;
66	66
67		- return $this;
68		- }
	67	+ return $this;
	68	+ }
69	69
70		- /**
71		- * Filters the results by object type
72		- *
73		- * @param string $objectType
74		- *
75		- * @return $this
76		- */
77		- public function byObjectType($objectType)
78		- {
79		- $this->whereClause .= ' AND objecttype = ?';
80		- $this->parameterList[] = $objectType;
	70	+ /**
	71	+ * Filters the results by object type
	72	+ *
	73	+ * @param string $objectType
	74	+ *
	75	+ * @return $this
	76	+ */
	77	+ public function byObjectType($objectType)
	78	+ {
	79	+ $this->whereClause .= ' AND objecttype = ?';
	80	+ $this->parameterList[] = $objectType;
81	81
82		- return $this;
83		- }
	82	+ return $this;
	83	+ }
84	84
85		- /**
86		- * Filters the results by object type
87		- *
88		- * @param integer $objectId
89		- *
90		- * @return $this
91		- */
92		- public function byObjectId($objectId)
93		- {
94		- $this->whereClause .= ' AND objectid = ?';
95		- $this->parameterList[] = $objectId;
	85	+ /**
	86	+ * Filters the results by object type
	87	+ *
	88	+ * @param integer $objectId
	89	+ *
	90	+ * @return $this
	91	+ */
	92	+ public function byObjectId($objectId)
	93	+ {
	94	+ $this->whereClause .= ' AND objectid = ?';
	95	+ $this->parameterList[] = $objectId;
96	96
97		- return $this;
98		- }
	97	+ return $this;
	98	+ }
99	99	}
100	100	\ No newline at end of file

		@@ -15,182 +15,182 @@
		block discarded – undo
15	15
16	16	abstract class SearchHelperBase
17	17	{
18		- /** @var PdoDatabase */
19		- protected $database;
20		- /** @var array */
21		- protected $parameterList = array();
22		- /** @var null\|int */
23		- private $limit = null;
24		- /** @var null\|int */
25		- private $offset = null;
26		- private $orderBy = null;
27		- /**
28		- * @var string The where clause.
29		- *
30		- * (the 1=1 condition will be optimised out of the query by the query planner, and simplifies our code here). Note
31		- * that we use positional parameters instead of named parameters because we don't know many times different options
32		- * will be called (looking at excluding() here, but there's the option for others).
33		- */
34		- protected $whereClause = ' WHERE 1 = 1';
35		- /** @var string */
36		- protected $table;
37		- protected $joinClause = '';
38		- private $targetClass;
39		-
40		- /**
41		- * SearchHelperBase constructor.
42		- *
43		- * @param PdoDatabase $database
44		- * @param string $table
45		- * @param $targetClass
46		- * @param null\|string $order Order by clause, excluding ORDER BY.
47		- */
48		- protected function __construct(PdoDatabase $database, $table, $targetClass, $order = null)
49		- {
50		- $this->database = $database;
51		- $this->table = $table;
52		- $this->orderBy = $order;
53		- $this->targetClass = $targetClass;
54		- }
55		-
56		- /**
57		- * Finalises the database query, and executes it, returning a set of objects.
58		- *
59		- * @return DataObject[]
60		- */
61		- public function fetch()
62		- {
63		- $statement = $this->getData();
64		-
65		- /** @var DataObject[] $returnedObjects */
66		- $returnedObjects = $statement->fetchAll(PDO::FETCH_CLASS, $this->targetClass);
67		- foreach ($returnedObjects as $req) {
68		- $req->setDatabase($this->database);
69		- }
70		-
71		- return $returnedObjects;
72		- }
73		-
74		- /**
75		- * Finalises the database query, and executes it, returning only the requested column.
76		- *
77		- * @param string $column The required column
78		- * @return array
79		- */
80		- public function fetchColumn($column){
81		- $statement = $this->getData($column);
82		-
83		- return $statement->fetchAll(PDO::FETCH_COLUMN);
84		- }
85		-
86		- /**
87		- * @param int $count Returns the record count of the result set
88		- *
89		- * @return $this
90		- */
91		- public function getRecordCount(&$count)
92		- {
93		- $query = 'SELECT /* SearchHelper / COUNT() FROM ' . $this->table . ' origin ';
94		- $query .= $this->joinClause . $this->whereClause;
95		-
96		- $statement = $this->database->prepare($query);
97		- $statement->execute($this->parameterList);
98		-
99		- $count = $statement->fetchColumn(0);
100		- $statement->closeCursor();
101		-
102		- return $this;
103		- }
104		-
105		- /**
106		- * Limits the results
107		- *
108		- * @param integer $limit
109		- * @param integer\|null $offset
110		- *
111		- * @return $this
112		- *
113		- */
114		- public function limit($limit, $offset = null)
115		- {
116		- $this->limit = $limit;
117		- $this->offset = $offset;
118		-
119		- return $this;
120		- }
121		-
122		- private function applyLimit()
123		- {
124		- $clause = '';
125		- if ($this->limit !== null) {
126		- $clause = ' LIMIT ?';
127		- $this->parameterList[] = $this->limit;
128		-
129		- if ($this->offset !== null) {
130		- $clause .= ' OFFSET ?';
131		- $this->parameterList[] = $this->offset;
132		- }
133		- }
134		-
135		- return $clause;
136		- }
137		-
138		- private function applyOrder()
139		- {
140		- if ($this->orderBy !== null) {
141		- return ' ORDER BY ' . $this->orderBy;
142		- }
143		-
144		- return '';
145		- }
146		-
147		- /**
148		- * @param $column
149		- *
150		- * @return PDOStatement
151		- */
152		- private function getData($column = '*')
153		- {
154		- $query = $this->buildQuery($column);
155		- $query .= $this->applyOrder();
156		- $query .= $this->applyLimit();
157		-
158		- $statement = $this->database->prepare($query);
159		- $statement->execute($this->parameterList);
160		-
161		- return $statement;
162		- }
163		-
164		- /**
165		- * @param $column
166		- *
167		- * @return string
168		- */
169		- protected function buildQuery($column)
170		- {
171		- $query = 'SELECT /* SearchHelper */ origin.' . $column . ' FROM ' . $this->table . ' origin ';
172		- $query .= $this->joinClause . $this->whereClause;
173		-
174		- return $query;
175		- }
176		-
177		- public function inIds($idList) {
178		- $this->inClause('id', $idList);
179		- return $this;
180		- }
181		-
182		- protected function inClause($column, $values) {
183		- if (count($values) === 0) {
184		- return;
185		- }
186		-
187		- // Urgh. OK. You can't use IN() with parameters directly, so let's munge something together.
188		- $valueCount = count($values);
189		-
190		- // Firstly, let's create a string of question marks, which will do as positional parameters.
191		- $inSection = str_repeat('?,', $valueCount - 1) . '?';
192		-
193		- $this->whereClause .= " AND {$column} IN ({$inSection})";
194		- $this->parameterList = array_merge($this->parameterList, $values);
195		- }
	18	+ /** @var PdoDatabase */
	19	+ protected $database;
	20	+ /** @var array */
	21	+ protected $parameterList = array();
	22	+ /** @var null\|int */
	23	+ private $limit = null;
	24	+ /** @var null\|int */
	25	+ private $offset = null;
	26	+ private $orderBy = null;
	27	+ /**
	28	+ * @var string The where clause.
	29	+ *
	30	+ * (the 1=1 condition will be optimised out of the query by the query planner, and simplifies our code here). Note
	31	+ * that we use positional parameters instead of named parameters because we don't know many times different options
	32	+ * will be called (looking at excluding() here, but there's the option for others).
	33	+ */
	34	+ protected $whereClause = ' WHERE 1 = 1';
	35	+ /** @var string */
	36	+ protected $table;
	37	+ protected $joinClause = '';
	38	+ private $targetClass;
	39	+
	40	+ /**
	41	+ * SearchHelperBase constructor.
	42	+ *
	43	+ * @param PdoDatabase $database
	44	+ * @param string $table
	45	+ * @param $targetClass
	46	+ * @param null\|string $order Order by clause, excluding ORDER BY.
	47	+ */
	48	+ protected function __construct(PdoDatabase $database, $table, $targetClass, $order = null)
	49	+ {
	50	+ $this->database = $database;
	51	+ $this->table = $table;
	52	+ $this->orderBy = $order;
	53	+ $this->targetClass = $targetClass;
	54	+ }
	55	+
	56	+ /**
	57	+ * Finalises the database query, and executes it, returning a set of objects.
	58	+ *
	59	+ * @return DataObject[]
	60	+ */
	61	+ public function fetch()
	62	+ {
	63	+ $statement = $this->getData();
	64	+
	65	+ /** @var DataObject[] $returnedObjects */
	66	+ $returnedObjects = $statement->fetchAll(PDO::FETCH_CLASS, $this->targetClass);
	67	+ foreach ($returnedObjects as $req) {
	68	+ $req->setDatabase($this->database);
	69	+ }
	70	+
	71	+ return $returnedObjects;
	72	+ }
	73	+
	74	+ /**
	75	+ * Finalises the database query, and executes it, returning only the requested column.
	76	+ *
	77	+ * @param string $column The required column
	78	+ * @return array
	79	+ */
	80	+ public function fetchColumn($column){
	81	+ $statement = $this->getData($column);
	82	+
	83	+ return $statement->fetchAll(PDO::FETCH_COLUMN);
	84	+ }
	85	+
	86	+ /**
	87	+ * @param int $count Returns the record count of the result set
	88	+ *
	89	+ * @return $this
	90	+ */
	91	+ public function getRecordCount(&$count)
	92	+ {
	93	+ $query = 'SELECT /* SearchHelper / COUNT() FROM ' . $this->table . ' origin ';
	94	+ $query .= $this->joinClause . $this->whereClause;
	95	+
	96	+ $statement = $this->database->prepare($query);
	97	+ $statement->execute($this->parameterList);
	98	+
	99	+ $count = $statement->fetchColumn(0);
	100	+ $statement->closeCursor();
	101	+
	102	+ return $this;
	103	+ }
	104	+
	105	+ /**
	106	+ * Limits the results
	107	+ *
	108	+ * @param integer $limit
	109	+ * @param integer\|null $offset
	110	+ *
	111	+ * @return $this
	112	+ *
	113	+ */
	114	+ public function limit($limit, $offset = null)
	115	+ {
	116	+ $this->limit = $limit;
	117	+ $this->offset = $offset;
	118	+
	119	+ return $this;
	120	+ }
	121	+
	122	+ private function applyLimit()
	123	+ {
	124	+ $clause = '';
	125	+ if ($this->limit !== null) {
	126	+ $clause = ' LIMIT ?';
	127	+ $this->parameterList[] = $this->limit;
	128	+
	129	+ if ($this->offset !== null) {
	130	+ $clause .= ' OFFSET ?';
	131	+ $this->parameterList[] = $this->offset;
	132	+ }
	133	+ }
	134	+
	135	+ return $clause;
	136	+ }
	137	+
	138	+ private function applyOrder()
	139	+ {
	140	+ if ($this->orderBy !== null) {
	141	+ return ' ORDER BY ' . $this->orderBy;
	142	+ }
	143	+
	144	+ return '';
	145	+ }
	146	+
	147	+ /**
	148	+ * @param $column
	149	+ *
	150	+ * @return PDOStatement
	151	+ */
	152	+ private function getData($column = '*')
	153	+ {
	154	+ $query = $this->buildQuery($column);
	155	+ $query .= $this->applyOrder();
	156	+ $query .= $this->applyLimit();
	157	+
	158	+ $statement = $this->database->prepare($query);
	159	+ $statement->execute($this->parameterList);
	160	+
	161	+ return $statement;
	162	+ }
	163	+
	164	+ /**
	165	+ * @param $column
	166	+ *
	167	+ * @return string
	168	+ */
	169	+ protected function buildQuery($column)
	170	+ {
	171	+ $query = 'SELECT /* SearchHelper */ origin.' . $column . ' FROM ' . $this->table . ' origin ';
	172	+ $query .= $this->joinClause . $this->whereClause;
	173	+
	174	+ return $query;
	175	+ }
	176	+
	177	+ public function inIds($idList) {
	178	+ $this->inClause('id', $idList);
	179	+ return $this;
	180	+ }
	181	+
	182	+ protected function inClause($column, $values) {
	183	+ if (count($values) === 0) {
	184	+ return;
	185	+ }
	186	+
	187	+ // Urgh. OK. You can't use IN() with parameters directly, so let's munge something together.
	188	+ $valueCount = count($values);
	189	+
	190	+ // Firstly, let's create a string of question marks, which will do as positional parameters.
	191	+ $inSection = str_repeat('?,', $valueCount - 1) . '?';
	192	+
	193	+ $this->whereClause .= " AND {$column} IN ({$inSection})";
	194	+ $this->parameterList = array_merge($this->parameterList, $values);
	195	+ }
196	196	}

		@@ -20,341 +20,341 @@
		block discarded – undo
20	20
21	21	abstract class PageBase extends TaskBase implements IRoutedTask
22	22	{
23		- use TemplateOutput;
24		- /** @var string Smarty template to display */
25		- protected $template = "base.tpl";
26		- /** @var string HTML title. Currently unused. */
27		- protected $htmlTitle;
28		- /** @var bool Determines if the page is a redirect or not */
29		- protected $isRedirecting = false;
30		- /** @var array Queue of headers to be sent on successful completion */
31		- protected $headerQueue = array();
32		- /** @var string The name of the route to use, as determined by the request router. */
33		- private $routeName = null;
34		- /** @var TokenManager */
35		- protected $tokenManager;
36		- /** @var string[] Extra CSS files to include */
37		- private $extraCss = array();
38		- /** @var string[] Extra JS files to include */
39		- private $extraJs = array();
40		-
41		- /**
42		- * Sets the route the request will take. Only should be called from the request router or barrier test.
43		- *
44		- * @param string $routeName The name of the route
45		- * @param bool $skipCallableTest Don't use this unless you know what you're doing, and what the implications are.
46		- *
47		- * @throws Exception
48		- * @category Security-Critical
49		- */
50		- final public function setRoute($routeName, $skipCallableTest = false)
51		- {
52		- // Test the new route is callable before adopting it.
53		- if (!$skipCallableTest && !is_callable(array($this, $routeName))) {
54		- throw new Exception("Proposed route '$routeName' is not callable.");
55		- }
56		-
57		- // Adopt the new route
58		- $this->routeName = $routeName;
59		- }
60		-
61		- /**
62		- * Gets the name of the route that has been passed from the request router.
63		- * @return string
64		- */
65		- final public function getRouteName()
66		- {
67		- return $this->routeName;
68		- }
69		-
70		- /**
71		- * Performs generic page setup actions
72		- */
73		- final protected function setupPage()
74		- {
75		- $this->setUpSmarty();
76		-
77		- $siteNoticeText = SiteNotice::get($this->getDatabase());
78		-
79		- $this->assign('siteNoticeText', $siteNoticeText);
80		-
81		- $currentUser = User::getCurrent($this->getDatabase());
82		- $this->assign('currentUser', $currentUser);
83		- $this->assign('loggedIn', (!$currentUser->isCommunityUser()));
84		- }
85		-
86		- /**
87		- * Runs the page logic as routed by the RequestRouter
88		- *
89		- * Only should be called after a security barrier! That means only from execute().
90		- */
91		- final protected function runPage()
92		- {
93		- $database = $this->getDatabase();
94		-
95		- // initialise a database transaction
96		- if (!$database->beginTransaction()) {
97		- throw new Exception('Failed to start transaction on primary database.');
98		- }
99		-
100		- try {
101		- // run the page code
102		- $this->{$this->getRouteName()}();
103		-
104		- $database->commit();
105		- }
106		- catch (ApplicationLogicException $ex) {
107		- // it's an application logic exception, so nothing went seriously wrong with the site. We can use the
108		- // standard templating system for this.
109		-
110		- // Firstly, let's undo anything that happened to the database.
111		- $database->rollBack();
112		-
113		- // Reset smarty
114		- $this->setUpSmarty();
115		-
116		- // Set the template
117		- $this->setTemplate('exception/application-logic.tpl');
118		- $this->assign('message', $ex->getMessage());
119		-
120		- // Force this back to false
121		- $this->isRedirecting = false;
122		- $this->headerQueue = array();
123		- }
124		- catch (OptimisticLockFailedException $ex) {
125		- // it's an optimistic lock failure exception, so nothing went seriously wrong with the site. We can use the
126		- // standard templating system for this.
127		-
128		- // Firstly, let's undo anything that happened to the database.
129		- $database->rollBack();
130		-
131		- // Reset smarty
132		- $this->setUpSmarty();
133		-
134		- // Set the template
135		- $this->setTemplate('exception/optimistic-lock-failure.tpl');
136		- $this->assign('message', $ex->getMessage());
137		-
138		- // Force this back to false
139		- $this->isRedirecting = false;
140		- $this->headerQueue = array();
141		- }
142		- finally {
143		- // Catch any hanging on transactions
144		- if ($database->hasActiveTransaction()) {
145		- $database->rollBack();
146		- }
147		- }
148		-
149		- // run any finalisation code needed before we send the output to the browser.
150		- $this->finalisePage();
151		-
152		- // Send the headers
153		- $this->sendResponseHeaders();
154		-
155		- // Check we have a template to use!
156		- if ($this->template !== null) {
157		- $content = $this->fetchTemplate($this->template);
158		- ob_clean();
159		- print($content);
160		- ob_flush();
161		-
162		- return;
163		- }
164		- }
165		-
166		- /**
167		- * Performs final tasks needed before rendering the page.
168		- */
169		- protected function finalisePage()
170		- {
171		- if ($this->isRedirecting) {
172		- $this->template = null;
173		-
174		- return;
175		- }
176		-
177		- $this->assign('extraCss', $this->extraCss);
178		- $this->assign('extraJs', $this->extraJs);
179		-
180		- // If we're actually displaying content, we want to add the session alerts here!
181		- $this->assign('alerts', SessionAlert::getAlerts());
182		- SessionAlert::clearAlerts();
183		-
184		- $this->assign('htmlTitle', $this->htmlTitle);
185		- }
186		-
187		- /**
188		- * @return TokenManager
189		- */
190		- public function getTokenManager()
191		- {
192		- return $this->tokenManager;
193		- }
194		-
195		- /**
196		- * @param TokenManager $tokenManager
197		- */
198		- public function setTokenManager($tokenManager)
199		- {
200		- $this->tokenManager = $tokenManager;
201		- }
202		-
203		- /**
204		- * Sends the redirect headers to perform a GET at the destination page.
205		- *
206		- * Also nullifies the set template so Smarty does not render it.
207		- *
208		- * @param string $page The page to redirect requests to (as used in the UR)
209		- * @param null\|string $action The action to use on the page.
210		- * @param null\|array $parameters
211		- * @param null\|string $script The script (relative to index.php) to redirect to
212		- */
213		- final protected function redirect($page = '', $action = null, $parameters = null, $script = null)
214		- {
215		- $currentScriptName = WebRequest::scriptName();
216		-
217		- // Are we changing script?
218		- if ($script === null \|\| substr($currentScriptName, -1 * count($script)) === $script) {
219		- $targetScriptName = $currentScriptName;
220		- }
221		- else {
222		- $targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
223		- }
224		-
225		- $pathInfo = array($targetScriptName);
226		-
227		- $pathInfo[1] = $page;
228		-
229		- if ($action !== null) {
230		- $pathInfo[2] = $action;
231		- }
232		-
233		- $url = implode('/', $pathInfo);
234		-
235		- if (is_array($parameters) && count($parameters) > 0) {
236		- $url .= '?' . http_build_query($parameters);
237		- }
238		-
239		- $this->redirectUrl($url);
240		- }
241		-
242		- /**
243		- * Sends the redirect headers to perform a GET at the new address.
244		- *
245		- * Also nullifies the set template so Smarty does not render it.
246		- *
247		- * @param string $path URL to redirect to
248		- */
249		- final protected function redirectUrl($path)
250		- {
251		- // 303 See Other = re-request at new address with a GET.
252		- $this->headerQueue[] = 'HTTP/1.1 303 See Other';
253		- $this->headerQueue[] = "Location: $path";
254		-
255		- $this->setTemplate(null);
256		- $this->isRedirecting = true;
257		- }
258		-
259		- /**
260		- * Sets the name of the template this page should display.
261		- *
262		- * @param string $name
263		- *
264		- * @throws Exception
265		- */
266		- final protected function setTemplate($name)
267		- {
268		- if ($this->isRedirecting) {
269		- throw new Exception('This page has been set as a redirect, no template can be displayed!');
270		- }
271		-
272		- $this->template = $name;
273		- }
274		-
275		- /**
276		- * Adds an extra CSS file to to the page
277		- *
278		- * @param string $path The path (relative to the application root) of the file
279		- */
280		- final protected function addCss($path) {
281		- if(in_array($path, $this->extraCss)){
282		- // nothing to do
283		- return;
284		- }
285		-
286		- $this->extraCss[] = $path;
287		- }
288		-
289		- /**
290		- * Adds an extra JS file to to the page
291		- *
292		- * @param string $path The path (relative to the application root) of the file
293		- */
294		- final protected function addJs($path){
295		- if(in_array($path, $this->extraJs)){
296		- // nothing to do
297		- return;
298		- }
299		-
300		- $this->extraJs[] = $path;
301		- }
302		-
303		- /**
304		- * Main function for this page, when no specific actions are called.
305		- * @return void
306		- */
307		- abstract protected function main();
308		-
309		- /**
310		- * @param string $title
311		- */
312		- final protected function setHtmlTitle($title)
313		- {
314		- $this->htmlTitle = $title;
315		- }
316		-
317		- public function execute()
318		- {
319		- if ($this->getRouteName() === null) {
320		- throw new Exception('Request is unrouted.');
321		- }
322		-
323		- if ($this->getSiteConfiguration() === null) {
324		- throw new Exception('Page has no configuration!');
325		- }
326		-
327		- $this->setupPage();
328		-
329		- $this->runPage();
330		- }
331		-
332		- public function assignCSRFToken()
333		- {
334		- $token = $this->tokenManager->getNewToken();
335		- $this->assign('csrfTokenData', $token->getTokenData());
336		- }
337		-
338		- public function validateCSRFToken()
339		- {
340		- if (!$this->tokenManager->validateToken(WebRequest::postString('csrfTokenData'))) {
341		- throw new ApplicationLogicException('Form token is not valid, please reload and try again');
342		- }
343		- }
344		-
345		- protected function sendResponseHeaders()
346		- {
347		- if (headers_sent()) {
348		- throw new ApplicationLogicException ('Headers have already been sent! This is likely a bug in the application.');
349		- }
350		-
351		- foreach ($this->headerQueue as $item) {
352		- if (mb_strpos($item, "\r") !== false \|\| mb_strpos($item, "\n") !== false) {
353		- // Oops. We're not allowed to do this.
354		- throw new Exception('Unable to split header');
355		- }
356		-
357		- header($item);
358		- }
359		- }
	23	+ use TemplateOutput;
	24	+ /** @var string Smarty template to display */
	25	+ protected $template = "base.tpl";
	26	+ /** @var string HTML title. Currently unused. */
	27	+ protected $htmlTitle;
	28	+ /** @var bool Determines if the page is a redirect or not */
	29	+ protected $isRedirecting = false;
	30	+ /** @var array Queue of headers to be sent on successful completion */
	31	+ protected $headerQueue = array();
	32	+ /** @var string The name of the route to use, as determined by the request router. */
	33	+ private $routeName = null;
	34	+ /** @var TokenManager */
	35	+ protected $tokenManager;
	36	+ /** @var string[] Extra CSS files to include */
	37	+ private $extraCss = array();
	38	+ /** @var string[] Extra JS files to include */
	39	+ private $extraJs = array();
	40	+
	41	+ /**
	42	+ * Sets the route the request will take. Only should be called from the request router or barrier test.
	43	+ *
	44	+ * @param string $routeName The name of the route
	45	+ * @param bool $skipCallableTest Don't use this unless you know what you're doing, and what the implications are.
	46	+ *
	47	+ * @throws Exception
	48	+ * @category Security-Critical
	49	+ */
	50	+ final public function setRoute($routeName, $skipCallableTest = false)
	51	+ {
	52	+ // Test the new route is callable before adopting it.
	53	+ if (!$skipCallableTest && !is_callable(array($this, $routeName))) {
	54	+ throw new Exception("Proposed route '$routeName' is not callable.");
	55	+ }
	56	+
	57	+ // Adopt the new route
	58	+ $this->routeName = $routeName;
	59	+ }
	60	+
	61	+ /**
	62	+ * Gets the name of the route that has been passed from the request router.
	63	+ * @return string
	64	+ */
	65	+ final public function getRouteName()
	66	+ {
	67	+ return $this->routeName;
	68	+ }
	69	+
	70	+ /**
	71	+ * Performs generic page setup actions
	72	+ */
	73	+ final protected function setupPage()
	74	+ {
	75	+ $this->setUpSmarty();
	76	+
	77	+ $siteNoticeText = SiteNotice::get($this->getDatabase());
	78	+
	79	+ $this->assign('siteNoticeText', $siteNoticeText);
	80	+
	81	+ $currentUser = User::getCurrent($this->getDatabase());
	82	+ $this->assign('currentUser', $currentUser);
	83	+ $this->assign('loggedIn', (!$currentUser->isCommunityUser()));
	84	+ }
	85	+
	86	+ /**
	87	+ * Runs the page logic as routed by the RequestRouter
	88	+ *
	89	+ * Only should be called after a security barrier! That means only from execute().
	90	+ */
	91	+ final protected function runPage()
	92	+ {
	93	+ $database = $this->getDatabase();
	94	+
	95	+ // initialise a database transaction
	96	+ if (!$database->beginTransaction()) {
	97	+ throw new Exception('Failed to start transaction on primary database.');
	98	+ }
	99	+
	100	+ try {
	101	+ // run the page code
	102	+ $this->{$this->getRouteName()}();
	103	+
	104	+ $database->commit();
	105	+ }
	106	+ catch (ApplicationLogicException $ex) {
	107	+ // it's an application logic exception, so nothing went seriously wrong with the site. We can use the
	108	+ // standard templating system for this.
	109	+
	110	+ // Firstly, let's undo anything that happened to the database.
	111	+ $database->rollBack();
	112	+
	113	+ // Reset smarty
	114	+ $this->setUpSmarty();
	115	+
	116	+ // Set the template
	117	+ $this->setTemplate('exception/application-logic.tpl');
	118	+ $this->assign('message', $ex->getMessage());
	119	+
	120	+ // Force this back to false
	121	+ $this->isRedirecting = false;
	122	+ $this->headerQueue = array();
	123	+ }
	124	+ catch (OptimisticLockFailedException $ex) {
	125	+ // it's an optimistic lock failure exception, so nothing went seriously wrong with the site. We can use the
	126	+ // standard templating system for this.
	127	+
	128	+ // Firstly, let's undo anything that happened to the database.
	129	+ $database->rollBack();
	130	+
	131	+ // Reset smarty
	132	+ $this->setUpSmarty();
	133	+
	134	+ // Set the template
	135	+ $this->setTemplate('exception/optimistic-lock-failure.tpl');
	136	+ $this->assign('message', $ex->getMessage());
	137	+
	138	+ // Force this back to false
	139	+ $this->isRedirecting = false;
	140	+ $this->headerQueue = array();
	141	+ }
	142	+ finally {
	143	+ // Catch any hanging on transactions
	144	+ if ($database->hasActiveTransaction()) {
	145	+ $database->rollBack();
	146	+ }
	147	+ }
	148	+
	149	+ // run any finalisation code needed before we send the output to the browser.
	150	+ $this->finalisePage();
	151	+
	152	+ // Send the headers
	153	+ $this->sendResponseHeaders();
	154	+
	155	+ // Check we have a template to use!
	156	+ if ($this->template !== null) {
	157	+ $content = $this->fetchTemplate($this->template);
	158	+ ob_clean();
	159	+ print($content);
	160	+ ob_flush();
	161	+
	162	+ return;
	163	+ }
	164	+ }
	165	+
	166	+ /**
	167	+ * Performs final tasks needed before rendering the page.
	168	+ */
	169	+ protected function finalisePage()
	170	+ {
	171	+ if ($this->isRedirecting) {
	172	+ $this->template = null;
	173	+
	174	+ return;
	175	+ }
	176	+
	177	+ $this->assign('extraCss', $this->extraCss);
	178	+ $this->assign('extraJs', $this->extraJs);
	179	+
	180	+ // If we're actually displaying content, we want to add the session alerts here!
	181	+ $this->assign('alerts', SessionAlert::getAlerts());
	182	+ SessionAlert::clearAlerts();
	183	+
	184	+ $this->assign('htmlTitle', $this->htmlTitle);
	185	+ }
	186	+
	187	+ /**
	188	+ * @return TokenManager
	189	+ */
	190	+ public function getTokenManager()
	191	+ {
	192	+ return $this->tokenManager;
	193	+ }
	194	+
	195	+ /**
	196	+ * @param TokenManager $tokenManager
	197	+ */
	198	+ public function setTokenManager($tokenManager)
	199	+ {
	200	+ $this->tokenManager = $tokenManager;
	201	+ }
	202	+
	203	+ /**
	204	+ * Sends the redirect headers to perform a GET at the destination page.
	205	+ *
	206	+ * Also nullifies the set template so Smarty does not render it.
	207	+ *
	208	+ * @param string $page The page to redirect requests to (as used in the UR)
	209	+ * @param null\|string $action The action to use on the page.
	210	+ * @param null\|array $parameters
	211	+ * @param null\|string $script The script (relative to index.php) to redirect to
	212	+ */
	213	+ final protected function redirect($page = '', $action = null, $parameters = null, $script = null)
	214	+ {
	215	+ $currentScriptName = WebRequest::scriptName();
	216	+
	217	+ // Are we changing script?
	218	+ if ($script === null \|\| substr($currentScriptName, -1 * count($script)) === $script) {
	219	+ $targetScriptName = $currentScriptName;
	220	+ }
	221	+ else {
	222	+ $targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
	223	+ }
	224	+
	225	+ $pathInfo = array($targetScriptName);
	226	+
	227	+ $pathInfo[1] = $page;
	228	+
	229	+ if ($action !== null) {
	230	+ $pathInfo[2] = $action;
	231	+ }
	232	+
	233	+ $url = implode('/', $pathInfo);
	234	+
	235	+ if (is_array($parameters) && count($parameters) > 0) {
	236	+ $url .= '?' . http_build_query($parameters);
	237	+ }
	238	+
	239	+ $this->redirectUrl($url);
	240	+ }
	241	+
	242	+ /**
	243	+ * Sends the redirect headers to perform a GET at the new address.
	244	+ *
	245	+ * Also nullifies the set template so Smarty does not render it.
	246	+ *
	247	+ * @param string $path URL to redirect to
	248	+ */
	249	+ final protected function redirectUrl($path)
	250	+ {
	251	+ // 303 See Other = re-request at new address with a GET.
	252	+ $this->headerQueue[] = 'HTTP/1.1 303 See Other';
	253	+ $this->headerQueue[] = "Location: $path";
	254	+
	255	+ $this->setTemplate(null);
	256	+ $this->isRedirecting = true;
	257	+ }
	258	+
	259	+ /**
	260	+ * Sets the name of the template this page should display.
	261	+ *
	262	+ * @param string $name
	263	+ *
	264	+ * @throws Exception
	265	+ */
	266	+ final protected function setTemplate($name)
	267	+ {
	268	+ if ($this->isRedirecting) {
	269	+ throw new Exception('This page has been set as a redirect, no template can be displayed!');
	270	+ }
	271	+
	272	+ $this->template = $name;
	273	+ }
	274	+
	275	+ /**
	276	+ * Adds an extra CSS file to to the page
	277	+ *
	278	+ * @param string $path The path (relative to the application root) of the file
	279	+ */
	280	+ final protected function addCss($path) {
	281	+ if(in_array($path, $this->extraCss)){
	282	+ // nothing to do
	283	+ return;
	284	+ }
	285	+
	286	+ $this->extraCss[] = $path;
	287	+ }
	288	+
	289	+ /**
	290	+ * Adds an extra JS file to to the page
	291	+ *
	292	+ * @param string $path The path (relative to the application root) of the file
	293	+ */
	294	+ final protected function addJs($path){
	295	+ if(in_array($path, $this->extraJs)){
	296	+ // nothing to do
	297	+ return;
	298	+ }
	299	+
	300	+ $this->extraJs[] = $path;
	301	+ }
	302	+
	303	+ /**
	304	+ * Main function for this page, when no specific actions are called.
	305	+ * @return void
	306	+ */
	307	+ abstract protected function main();
	308	+
	309	+ /**
	310	+ * @param string $title
	311	+ */
	312	+ final protected function setHtmlTitle($title)
	313	+ {
	314	+ $this->htmlTitle = $title;
	315	+ }
	316	+
	317	+ public function execute()
	318	+ {
	319	+ if ($this->getRouteName() === null) {
	320	+ throw new Exception('Request is unrouted.');
	321	+ }
	322	+
	323	+ if ($this->getSiteConfiguration() === null) {
	324	+ throw new Exception('Page has no configuration!');
	325	+ }
	326	+
	327	+ $this->setupPage();
	328	+
	329	+ $this->runPage();
	330	+ }
	331	+
	332	+ public function assignCSRFToken()
	333	+ {
	334	+ $token = $this->tokenManager->getNewToken();
	335	+ $this->assign('csrfTokenData', $token->getTokenData());
	336	+ }
	337	+
	338	+ public function validateCSRFToken()
	339	+ {
	340	+ if (!$this->tokenManager->validateToken(WebRequest::postString('csrfTokenData'))) {
	341	+ throw new ApplicationLogicException('Form token is not valid, please reload and try again');
	342	+ }
	343	+ }
	344	+
	345	+ protected function sendResponseHeaders()
	346	+ {
	347	+ if (headers_sent()) {
	348	+ throw new ApplicationLogicException ('Headers have already been sent! This is likely a bug in the application.');
	349	+ }
	350	+
	351	+ foreach ($this->headerQueue as $item) {
	352	+ if (mb_strpos($item, "\r") !== false \|\| mb_strpos($item, "\n") !== false) {
	353	+ // Oops. We're not allowed to do this.
	354	+ throw new Exception('Unable to split header');
	355	+ }
	356	+
	357	+ header($item);
	358	+ }
	359	+ }
360	360	}

		@@ -15,75 +15,75 @@
		block discarded – undo
15	15
16	16	trait TemplateOutput
17	17	{
18		- /** @var Smarty */
19		- private $smarty;
20		- /** @var string Extra JavaScript to include at the end of the page's execution */
21		- private $tailScript;
	18	+ /** @var Smarty */
	19	+ private $smarty;
	20	+ /** @var string Extra JavaScript to include at the end of the page's execution */
	21	+ private $tailScript;
22	22
23		- /**
24		- * @return SiteConfiguration
25		- */
26		- protected abstract function getSiteConfiguration();
	23	+ /**
	24	+ * @return SiteConfiguration
	25	+ */
	26	+ protected abstract function getSiteConfiguration();
27	27
28		- /**
29		- * Include extra JavaScript at the end of the page's execution
30		- *
31		- * @param $script string JavaScript to include at the end of the page
32		- */
33		- final protected function setTailScript($script)
34		- {
35		- $this->tailScript = $script;
36		- }
	28	+ /**
	29	+ * Include extra JavaScript at the end of the page's execution
	30	+ *
	31	+ * @param $script string JavaScript to include at the end of the page
	32	+ */
	33	+ final protected function setTailScript($script)
	34	+ {
	35	+ $this->tailScript = $script;
	36	+ }
37	37
38		- /**
39		- * Assigns a Smarty variable
40		- *
41		- * @param array\|string $name the template variable name(s)
42		- * @param mixed $value the value to assign
43		- */
44		- final protected function assign($name, $value)
45		- {
46		- $this->smarty->assign($name, $value);
47		- }
	38	+ /**
	39	+ * Assigns a Smarty variable
	40	+ *
	41	+ * @param array\|string $name the template variable name(s)
	42	+ * @param mixed $value the value to assign
	43	+ */
	44	+ final protected function assign($name, $value)
	45	+ {
	46	+ $this->smarty->assign($name, $value);
	47	+ }
48	48
49		- /**
50		- * Sets up the variables used by the main Smarty base template.
51		- *
52		- * This list is getting kinda long.
53		- */
54		- final protected function setUpSmarty()
55		- {
56		- $this->smarty = new Smarty();
57		- $this->smarty->addPluginsDir($this->getSiteConfiguration()->getFilePath() . '/smarty-plugins');
	49	+ /**
	50	+ * Sets up the variables used by the main Smarty base template.
	51	+ *
	52	+ * This list is getting kinda long.
	53	+ */
	54	+ final protected function setUpSmarty()
	55	+ {
	56	+ $this->smarty = new Smarty();
	57	+ $this->smarty->addPluginsDir($this->getSiteConfiguration()->getFilePath() . '/smarty-plugins');
58	58
59		- $this->assign('currentUser', User::getCommunity());
60		- $this->assign('loggedIn', false);
61		- $this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
62		- $this->assign('mediawikiScriptPath', $this->getSiteConfiguration()->getMediawikiScriptPath());
	59	+ $this->assign('currentUser', User::getCommunity());
	60	+ $this->assign('loggedIn', false);
	61	+ $this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
	62	+ $this->assign('mediawikiScriptPath', $this->getSiteConfiguration()->getMediawikiScriptPath());
63	63
64		- $this->assign('siteNoticeText', '');
65		- $this->assign('toolversion', Environment::getToolVersion());
	64	+ $this->assign('siteNoticeText', '');
	65	+ $this->assign('toolversion', Environment::getToolVersion());
66	66
67		- // default these
68		- $this->assign('onlineusers', array());
69		- $this->assign('typeAheadBlock', '');
70		- $this->assign('extraJs', array());
71		- $this->assign('extraCss', array());
	67	+ // default these
	68	+ $this->assign('onlineusers', array());
	69	+ $this->assign('typeAheadBlock', '');
	70	+ $this->assign('extraJs', array());
	71	+ $this->assign('extraCss', array());
72	72
73		- $this->assign('page', $this);
74		- }
	73	+ $this->assign('page', $this);
	74	+ }
75	75
76		- /**
77		- * Fetches a rendered Smarty template
78		- *
79		- * @param $template string Template file path, relative to /templates/
80		- *
81		- * @return string Templated HTML
82		- */
83		- final protected function fetchTemplate($template)
84		- {
85		- $this->assign("tailScript", $this->tailScript);
	76	+ /**
	77	+ * Fetches a rendered Smarty template
	78	+ *
	79	+ * @param $template string Template file path, relative to /templates/
	80	+ *
	81	+ * @return string Templated HTML
	82	+ */
	83	+ final protected function fetchTemplate($template)
	84	+ {
	85	+ $this->assign("tailScript", $this->tailScript);
86	86
87		- return $this->smarty->fetch($template);
88		- }
	87	+ return $this->smarty->fetch($template);
	88	+ }
89	89	}

		@@ -26,131 +26,131 @@ discard block
		block discarded – undo
26	26	*/
27	27	class IdentificationVerifier
28	28	{
29		- /**
30		- * This field is an array of parameters, in key => value format, that should be appended to the Meta Wikimedia
31		- * Web Service Endpoint URL to query if a user is listed on the Identification Noticeboard. Note that URL encoding
32		- * of these values is not necessary; this is done automatically.
33		- *
34		- * @var string[]
35		- * @category Security-Critical
36		- */
37		- private static $apiQueryParameters = array(
38		- 'action' => 'query',
39		- 'format' => 'json',
40		- 'prop' => 'links',
41		- 'titles' => 'Access to nonpublic information policy/Noticeboard',
42		- // Username of the user to be checked, with User: prefix, goes here! Set in isIdentifiedOnWiki()
43		- 'pltitles' => '',
44		- );
45		- /** @var HttpHelper */
46		- private $httpHelper;
47		- /** @var SiteConfiguration */
48		- private $siteConfiguration;
49		- /** @var PdoDatabase */
50		- private $dbObject;
51		-
52		- /**
53		- * IdentificationVerifier constructor.
54		- *
55		- * @param HttpHelper $httpHelper
56		- * @param SiteConfiguration $siteConfiguration
57		- * @param PdoDatabase $dbObject
58		- */
59		- public function __construct(HttpHelper $httpHelper, SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
60		- {
61		- $this->httpHelper = $httpHelper;
62		- $this->siteConfiguration = $siteConfiguration;
63		- $this->dbObject = $dbObject;
64		- }
65		-
66		- /**
67		- * Checks if the given user is identified to the Wikimedia Foundation.
68		- *
69		- * @param string $onWikiName The Wikipedia username of the user
70		- *
71		- * @return bool
72		- * @category Security-Critical
73		- */
74		- public function isUserIdentified($onWikiName)
75		- {
76		- if ($this->checkIdentificationCache($onWikiName)) {
77		- return true;
78		- }
79		- else {
80		- if ($this->isIdentifiedOnWiki($onWikiName)) {
81		- $this->cacheIdentificationStatus($onWikiName);
82		-
83		- return true;
84		- }
85		- else {
86		- return false;
87		- }
88		- }
89		- }
90		-
91		- /**
92		- * Checks if the given user has a valid entry in the idcache table.
93		- *
94		- * @param string $onWikiName The Wikipedia username of the user
95		- *
96		- * @return bool
97		- * @category Security-Critical
98		- */
99		- private function checkIdentificationCache($onWikiName)
100		- {
101		- $interval = $this->siteConfiguration->getIdentificationCacheExpiry();
102		-
103		- $query = <<<SQL
	29	+ /**
	30	+ * This field is an array of parameters, in key => value format, that should be appended to the Meta Wikimedia
	31	+ * Web Service Endpoint URL to query if a user is listed on the Identification Noticeboard. Note that URL encoding
	32	+ * of these values is not necessary; this is done automatically.
	33	+ *
	34	+ * @var string[]
	35	+ * @category Security-Critical
	36	+ */
	37	+ private static $apiQueryParameters = array(
	38	+ 'action' => 'query',
	39	+ 'format' => 'json',
	40	+ 'prop' => 'links',
	41	+ 'titles' => 'Access to nonpublic information policy/Noticeboard',
	42	+ // Username of the user to be checked, with User: prefix, goes here! Set in isIdentifiedOnWiki()
	43	+ 'pltitles' => '',
	44	+ );
	45	+ /** @var HttpHelper */
	46	+ private $httpHelper;
	47	+ /** @var SiteConfiguration */
	48	+ private $siteConfiguration;
	49	+ /** @var PdoDatabase */
	50	+ private $dbObject;
	51	+
	52	+ /**
	53	+ * IdentificationVerifier constructor.
	54	+ *
	55	+ * @param HttpHelper $httpHelper
	56	+ * @param SiteConfiguration $siteConfiguration
	57	+ * @param PdoDatabase $dbObject
	58	+ */
	59	+ public function __construct(HttpHelper $httpHelper, SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
	60	+ {
	61	+ $this->httpHelper = $httpHelper;
	62	+ $this->siteConfiguration = $siteConfiguration;
	63	+ $this->dbObject = $dbObject;
	64	+ }
	65	+
	66	+ /**
	67	+ * Checks if the given user is identified to the Wikimedia Foundation.
	68	+ *
	69	+ * @param string $onWikiName The Wikipedia username of the user
	70	+ *
	71	+ * @return bool
	72	+ * @category Security-Critical
	73	+ */
	74	+ public function isUserIdentified($onWikiName)
	75	+ {
	76	+ if ($this->checkIdentificationCache($onWikiName)) {
	77	+ return true;
	78	+ }
	79	+ else {
	80	+ if ($this->isIdentifiedOnWiki($onWikiName)) {
	81	+ $this->cacheIdentificationStatus($onWikiName);
	82	+
	83	+ return true;
	84	+ }
	85	+ else {
	86	+ return false;
	87	+ }
	88	+ }
	89	+ }
	90	+
	91	+ /**
	92	+ * Checks if the given user has a valid entry in the idcache table.
	93	+ *
	94	+ * @param string $onWikiName The Wikipedia username of the user
	95	+ *
	96	+ * @return bool
	97	+ * @category Security-Critical
	98	+ */
	99	+ private function checkIdentificationCache($onWikiName)
	100	+ {
	101	+ $interval = $this->siteConfiguration->getIdentificationCacheExpiry();
	102	+
	103	+ $query = <<<SQL
104	104	SELECT COUNT(`id`)
105	105	FROM `idcache`
106	106	WHERE `onwikiusername` = :onwikiname
107	107	AND DATE_ADD(`checktime`, INTERVAL {$interval}) >= NOW();
108	108	SQL;
109		- $stmt = $this->dbObject->prepare($query);
110		- $stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
111		- $stmt->execute();
112		-
113		- // Guaranteed by the query to only return a single row with a single column
114		- $results = $stmt->fetch(PDO::FETCH_NUM);
115		-
116		- // I don't expect this to ever be a value other than 0 or 1 since the `onwikiusername` column is declared as a
117		- // unique key - but meh.
118		- return $results[0] != 0;
119		- }
120		-
121		- /**
122		- * Does pretty much exactly what it says on the label - this method will clear all expired idcache entries from the
123		- * idcache table. Meant to be called periodically by a maintenance script.
124		- *
125		- * @param SiteConfiguration $siteConfiguration
126		- * @param PdoDatabase $dbObject
127		- *
128		- * @return void
129		- */
130		- public static function clearExpiredCacheEntries(SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
131		- {
132		- $interval = $siteConfiguration->getIdentificationCacheExpiry();
133		-
134		- $query = <<<SQL
	109	+ $stmt = $this->dbObject->prepare($query);
	110	+ $stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
	111	+ $stmt->execute();
	112	+
	113	+ // Guaranteed by the query to only return a single row with a single column
	114	+ $results = $stmt->fetch(PDO::FETCH_NUM);
	115	+
	116	+ // I don't expect this to ever be a value other than 0 or 1 since the `onwikiusername` column is declared as a
	117	+ // unique key - but meh.
	118	+ return $results[0] != 0;
	119	+ }
	120	+
	121	+ /**
	122	+ * Does pretty much exactly what it says on the label - this method will clear all expired idcache entries from the
	123	+ * idcache table. Meant to be called periodically by a maintenance script.
	124	+ *
	125	+ * @param SiteConfiguration $siteConfiguration
	126	+ * @param PdoDatabase $dbObject
	127	+ *
	128	+ * @return void
	129	+ */
	130	+ public static function clearExpiredCacheEntries(SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
	131	+ {
	132	+ $interval = $siteConfiguration->getIdentificationCacheExpiry();
	133	+
	134	+ $query = <<<SQL
135	135	DELETE FROM `idcache`
136	136	WHERE DATE_ADD(`checktime`, INTERVAL {$interval}) < NOW();
137	137	SQL;
138		- $dbObject->prepare($query)->execute();
139		- }
140		-
141		- /**
142		- * This method will add an entry to the idcache that the given Wikipedia user has been verified as identified. This
143		- * is so we don't have to hit the API every single time we check. The cache entry is valid for as long as specified
144		- * in the ACC configuration (validity enforced by checkIdentificationCache() and clearExpiredCacheEntries()).
145		- *
146		- * @param string $onWikiName The Wikipedia username of the user
147		- *
148		- * @return void
149		- * @category Security-Critical
150		- */
151		- private function cacheIdentificationStatus($onWikiName)
152		- {
153		- $query = <<<SQL
	138	+ $dbObject->prepare($query)->execute();
	139	+ }
	140	+
	141	+ /**
	142	+ * This method will add an entry to the idcache that the given Wikipedia user has been verified as identified. This
	143	+ * is so we don't have to hit the API every single time we check. The cache entry is valid for as long as specified
	144	+ * in the ACC configuration (validity enforced by checkIdentificationCache() and clearExpiredCacheEntries()).
	145	+ *
	146	+ * @param string $onWikiName The Wikipedia username of the user
	147	+ *
	148	+ * @return void
	149	+ * @category Security-Critical
	150	+ */
	151	+ private function cacheIdentificationStatus($onWikiName)
	152	+ {
	153	+ $query = <<<SQL
154	154	INSERT INTO `idcache`
155	155	(`onwikiusername`)
156	156	VALUES
		@@ -159,44 +159,44 @@ discard block
		block discarded – undo
159	159	`onwikiusername` = VALUES(`onwikiusername`),
160	160	`checktime` = CURRENT_TIMESTAMP;
161	161	SQL;
162		- $stmt = $this->dbObject->prepare($query);
163		- $stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
164		- $stmt->execute();
165		- }
166		-
167		- /**
168		- * Queries the Wikimedia API to determine if the specified user is listed on the identification noticeboard.
169		- *
170		- * @param string $onWikiName The Wikipedia username of the user
171		- *
172		- * @return bool
173		- * @throws EnvironmentException
174		- * @category Security-Critical
175		- */
176		- private function isIdentifiedOnWiki($onWikiName)
177		- {
178		- $strings = new StringFunctions();
179		-
180		- // First character of Wikipedia usernames is always capitalized.
181		- $onWikiName = $strings->ucfirst($onWikiName);
182		-
183		- $parameters = self::$apiQueryParameters;
184		- $parameters['pltitles'] = "User:" . $onWikiName;
185		-
186		- try {
187		- $endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
188		- $response = $this->httpHelper->get($endpoint, $parameters);
189		- $response = json_decode($response, true);
190		- } catch (CurlException $ex) {
191		- // failed getting identification status, so throw a nicer error.
192		- $m = 'Could not contact metawiki API to determine user\' identification status. '
193		- . 'This is probably a transient error, so please try again.';
194		-
195		- throw new EnvironmentException($m, 0, $ex);
196		- }
197		-
198		- $page = @array_pop($response['query']['pages']);
199		-
200		- return @$page['links'][0]['title'] === "User:" . $onWikiName;
201		- }
	162	+ $stmt = $this->dbObject->prepare($query);
	163	+ $stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
	164	+ $stmt->execute();
	165	+ }
	166	+
	167	+ /**
	168	+ * Queries the Wikimedia API to determine if the specified user is listed on the identification noticeboard.
	169	+ *
	170	+ * @param string $onWikiName The Wikipedia username of the user
	171	+ *
	172	+ * @return bool
	173	+ * @throws EnvironmentException
	174	+ * @category Security-Critical
	175	+ */
	176	+ private function isIdentifiedOnWiki($onWikiName)
	177	+ {
	178	+ $strings = new StringFunctions();
	179	+
	180	+ // First character of Wikipedia usernames is always capitalized.
	181	+ $onWikiName = $strings->ucfirst($onWikiName);
	182	+
	183	+ $parameters = self::$apiQueryParameters;
	184	+ $parameters['pltitles'] = "User:" . $onWikiName;
	185	+
	186	+ try {
	187	+ $endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
	188	+ $response = $this->httpHelper->get($endpoint, $parameters);
	189	+ $response = json_decode($response, true);
	190	+ } catch (CurlException $ex) {
	191	+ // failed getting identification status, so throw a nicer error.
	192	+ $m = 'Could not contact metawiki API to determine user\' identification status. '
	193	+ . 'This is probably a transient error, so please try again.';
	194	+
	195	+ throw new EnvironmentException($m, 0, $ex);
	196	+ }
	197	+
	198	+ $page = @array_pop($response['query']['pages']);
	199	+
	200	+ return @$page['links'][0]['title'] === "User:" . $onWikiName;
	201	+ }
202	202	}

enwikipedia-acc / waca

Pull Request — newinternal (#285)

Status

Category

Indentation +113 added lines, -113 removed lines patch added patch discarded remove patch

Indentation +73 added lines, -73 removed lines patch added patch discarded remove patch

Indentation +178 added lines, -178 removed lines patch added patch discarded remove patch

Indentation +337 added lines, -337 removed lines patch added patch discarded remove patch

Indentation +1128 added lines, -1128 removed lines patch added patch discarded remove patch

Indentation +61 added lines, -61 removed lines patch added patch discarded remove patch

Indentation +508 added lines, -508 removed lines patch added patch discarded remove patch

Indentation +157 added lines, -157 removed lines patch added patch discarded remove patch