enwikipedia-acc / waca

includes/Helpers/SearchHelpers/RequestSearchHelper.php

Indentation +113 added lines, -113 removed lines

@@ -14,117 +14,117 @@
 
 class RequestSearchHelper extends SearchHelperBase
 {
-    /**
-     * RequestSearchHelper constructor.
-     *
-     * @param PdoDatabase $database
-     */
-    protected function __construct(PdoDatabase $database)
-    {
-        parent::__construct($database, 'request', Request::class);
-    }
-
-    /**
-     * Initiates a search for requests
-     *
-     * @param PdoDatabase $database
-     *
-     * @return RequestSearchHelper
-     */
-    public static function get(PdoDatabase $database)
-    {
-        $helper = new RequestSearchHelper($database);
-
-        return $helper;
-    }
-
-    /**
-     * Filters the results by IP address
-     *
-     * @param string $ipAddress
-     *
-     * @return $this
-     */
-    public function byIp($ipAddress)
-    {
-        $this->whereClause .= ' AND (ip LIKE ? OR forwardedip LIKE ?)';
-        $this->parameterList[] = $ipAddress;
-        $this->parameterList[] = '%' . trim($ipAddress, '%') . '%';
-
-        return $this;
-    }
-
-    /**
-     * Filters the results by email address
-     *
-     * @param string $emailAddress
-     *
-     * @return $this
-     */
-    public function byEmailAddress($emailAddress)
-    {
-        $this->whereClause .= ' AND email LIKE ?';
-        $this->parameterList[] = $emailAddress;
-
-        return $this;
-    }
-
-    /**
-     * Filters the results by name
-     *
-     * @param string $name
-     *
-     * @return $this
-     */
-    public function byName($name)
-    {
-        $this->whereClause .= ' AND name LIKE ?';
-        $this->parameterList[] = $name;
-
-        return $this;
-    }
-
-    /**
-     * Excludes a request from the results
-     *
-     * @param int $requestId
-     *
-     * @return $this
-     */
-    public function excludingRequest($requestId)
-    {
-        $this->whereClause .= ' AND id <> ?';
-        $this->parameterList[] = $requestId;
-
-        return $this;
-    }
-
-    /**
-     * Filters the results to only those with a confirmed email address
-     *
-     * @return $this
-     */
-    public function withConfirmedEmail()
-    {
-        $this->whereClause .= ' AND emailconfirm = ?';
-        $this->parameterList[] = 'Confirmed';
-
-        return $this;
-    }
-
-    /**
-     * Filters the results to exclude purged data
-     *
-     * @param SiteConfiguration $configuration
-     *
-     * @return $this
-     */
-    public function excludingPurgedData(SiteConfiguration $configuration)
-    {
-        $this->whereClause .= ' AND ip <> ? AND email <> ?';
-        $this->parameterList[] = $configuration->getDataClearIp();
-        $this->parameterList[] = $configuration->getDataClearEmail();
-
-        return $this;
-    }
+	/**
+	 * RequestSearchHelper constructor.
+	 *
+	 * @param PdoDatabase $database
+	 */
+	protected function __construct(PdoDatabase $database)
+	{
+		parent::__construct($database, 'request', Request::class);
+	}
+
+	/**
+	 * Initiates a search for requests
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return RequestSearchHelper
+	 */
+	public static function get(PdoDatabase $database)
+	{
+		$helper = new RequestSearchHelper($database);
+
+		return $helper;
+	}
+
+	/**
+	 * Filters the results by IP address
+	 *
+	 * @param string $ipAddress
+	 *
+	 * @return $this
+	 */
+	public function byIp($ipAddress)
+	{
+		$this->whereClause .= ' AND (ip LIKE ? OR forwardedip LIKE ?)';
+		$this->parameterList[] = $ipAddress;
+		$this->parameterList[] = '%' . trim($ipAddress, '%') . '%';
+
+		return $this;
+	}
+
+	/**
+	 * Filters the results by email address
+	 *
+	 * @param string $emailAddress
+	 *
+	 * @return $this
+	 */
+	public function byEmailAddress($emailAddress)
+	{
+		$this->whereClause .= ' AND email LIKE ?';
+		$this->parameterList[] = $emailAddress;
+
+		return $this;
+	}
+
+	/**
+	 * Filters the results by name
+	 *
+	 * @param string $name
+	 *
+	 * @return $this
+	 */
+	public function byName($name)
+	{
+		$this->whereClause .= ' AND name LIKE ?';
+		$this->parameterList[] = $name;
+
+		return $this;
+	}
+
+	/**
+	 * Excludes a request from the results
+	 *
+	 * @param int $requestId
+	 *
+	 * @return $this
+	 */
+	public function excludingRequest($requestId)
+	{
+		$this->whereClause .= ' AND id <> ?';
+		$this->parameterList[] = $requestId;
+
+		return $this;
+	}
+
+	/**
+	 * Filters the results to only those with a confirmed email address
+	 *
+	 * @return $this
+	 */
+	public function withConfirmedEmail()
+	{
+		$this->whereClause .= ' AND emailconfirm = ?';
+		$this->parameterList[] = 'Confirmed';
+
+		return $this;
+	}
+
+	/**
+	 * Filters the results to exclude purged data
+	 *
+	 * @param SiteConfiguration $configuration
+	 *
+	 * @return $this
+	 */
+	public function excludingPurgedData(SiteConfiguration $configuration)
+	{
+		$this->whereClause .= ' AND ip <> ? AND email <> ?';
+		$this->parameterList[] = $configuration->getDataClearIp();
+		$this->parameterList[] = $configuration->getDataClearEmail();
+
+		return $this;
+	}
 }
\ No newline at end of file

includes/Helpers/SearchHelpers/LogSearchHelper.php

Indentation +73 added lines, -73 removed lines

@@ -13,87 +13,87 @@
 
 class LogSearchHelper extends SearchHelperBase
 {
-    /**
-     * LogSearchHelper constructor.
-     *
-     * @param PdoDatabase $database
-     */
-    protected function __construct(PdoDatabase $database)
-    {
-        parent::__construct($database, 'log', Log::class, 'timestamp DESC');
-    }
+	/**
+	 * LogSearchHelper constructor.
+	 *
+	 * @param PdoDatabase $database
+	 */
+	protected function __construct(PdoDatabase $database)
+	{
+		parent::__construct($database, 'log', Log::class, 'timestamp DESC');
+	}
 
-    /**
-     * Initiates a search for requests
-     *
-     * @param PdoDatabase $database
-     *
-     * @return LogSearchHelper
-     */
-    public static function get(PdoDatabase $database)
-    {
-        $helper = new LogSearchHelper($database);
+	/**
+	 * Initiates a search for requests
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return LogSearchHelper
+	 */
+	public static function get(PdoDatabase $database)
+	{
+		$helper = new LogSearchHelper($database);
 
-        return $helper;
-    }
+		return $helper;
+	}
 
-    /**
-     * Filters the results by user
-     *
-     * @param int $userId
-     *
-     * @return $this
-     */
-    public function byUser($userId)
-    {
-        $this->whereClause .= ' AND user = ?';
-        $this->parameterList[] = $userId;
+	/**
+	 * Filters the results by user
+	 *
+	 * @param int $userId
+	 *
+	 * @return $this
+	 */
+	public function byUser($userId)
+	{
+		$this->whereClause .= ' AND user = ?';
+		$this->parameterList[] = $userId;
 
-        return $this;
-    }
+		return $this;
+	}
 
-    /**
-     * Filters the results by log action
-     *
-     * @param string $action
-     *
-     * @return $this
-     */
-    public function byAction($action)
-    {
-        $this->whereClause .= ' AND action = ?';
-        $this->parameterList[] = $action;
+	/**
+	 * Filters the results by log action
+	 *
+	 * @param string $action
+	 *
+	 * @return $this
+	 */
+	public function byAction($action)
+	{
+		$this->whereClause .= ' AND action = ?';
+		$this->parameterList[] = $action;
 
-        return $this;
-    }
+		return $this;
+	}
 
-    /**
-     * Filters the results by object type
-     *
-     * @param string $objectType
-     *
-     * @return $this
-     */
-    public function byObjectType($objectType)
-    {
-        $this->whereClause .= ' AND objecttype = ?';
-        $this->parameterList[] = $objectType;
+	/**
+	 * Filters the results by object type
+	 *
+	 * @param string $objectType
+	 *
+	 * @return $this
+	 */
+	public function byObjectType($objectType)
+	{
+		$this->whereClause .= ' AND objecttype = ?';
+		$this->parameterList[] = $objectType;
 
-        return $this;
-    }
+		return $this;
+	}
 
-    /**
-     * Filters the results by object type
-     *
-     * @param integer $objectId
-     *
-     * @return $this
-     */
-    public function byObjectId($objectId)
-    {
-        $this->whereClause .= ' AND objectid = ?';
-        $this->parameterList[] = $objectId;
+	/**
+	 * Filters the results by object type
+	 *
+	 * @param integer $objectId
+	 *
+	 * @return $this
+	 */
+	public function byObjectId($objectId)
+	{
+		$this->whereClause .= ' AND objectid = ?';
+		$this->parameterList[] = $objectId;
 
-        return $this;
-    }
+		return $this;
+	}
 }
\ No newline at end of file

includes/Helpers/SearchHelpers/SearchHelperBase.php

Indentation +178 added lines, -178 removed lines

@@ -15,182 +15,182 @@
 
 abstract class SearchHelperBase
 {
-    /** @var PdoDatabase */
-    protected $database;
-    /** @var array */
-    protected $parameterList = array();
-    /** @var null|int */
-    private $limit = null;
-    /** @var null|int */
-    private $offset = null;
-    private $orderBy = null;
-    /**
-     * @var string The where clause.
-     *
-     * (the 1=1 condition will be optimised out of the query by the query planner, and simplifies our code here). Note
-     * that we use positional parameters instead of named parameters because we don't know many times different options
-     * will be called (looking at excluding() here, but there's the option for others).
-     */
-    protected $whereClause = ' WHERE 1 = 1';
-    /** @var string */
-    protected $table;
-    protected $joinClause = '';
-    private $targetClass;
-
-    /**
-     * SearchHelperBase constructor.
-     *
-     * @param PdoDatabase $database
-     * @param string      $table
-     * @param             $targetClass
-     * @param null|string $order Order by clause, excluding ORDER BY.
-     */
-    protected function __construct(PdoDatabase $database, $table, $targetClass, $order = null)
-    {
-        $this->database = $database;
-        $this->table = $table;
-        $this->orderBy = $order;
-        $this->targetClass = $targetClass;
-    }
-
-    /**
-     * Finalises the database query, and executes it, returning a set of objects.
-     *
-     * @return DataObject[]
-     */
-    public function fetch()
-    {
-        $statement = $this->getData();
-
-        /** @var DataObject[] $returnedObjects */
-        $returnedObjects = $statement->fetchAll(PDO::FETCH_CLASS, $this->targetClass);
-        foreach ($returnedObjects as $req) {
-            $req->setDatabase($this->database);
-        }
-
-        return $returnedObjects;
-    }
-
-    /**
-     * Finalises the database query, and executes it, returning only the requested column.
-     *
-     * @param string $column The required column
-     * @return array
-     */
-    public function fetchColumn($column){
-        $statement = $this->getData($column);
-
-        return $statement->fetchAll(PDO::FETCH_COLUMN);
-    }
-
-    /**
-     * @param int $count Returns the record count of the result set
-     *
-     * @return $this
-     */
-    public function getRecordCount(&$count)
-    {
-        $query = 'SELECT /* SearchHelper */ COUNT(*) FROM ' . $this->table . ' origin ';
-        $query .= $this->joinClause . $this->whereClause;
-
-        $statement = $this->database->prepare($query);
-        $statement->execute($this->parameterList);
-
-        $count = $statement->fetchColumn(0);
-        $statement->closeCursor();
-
-        return $this;
-    }
-
-    /**
-     * Limits the results
-     *
-     * @param integer      $limit
-     * @param integer|null $offset
-     *
-     * @return $this
-     *
-     */
-    public function limit($limit, $offset = null)
-    {
-        $this->limit = $limit;
-        $this->offset = $offset;
-
-        return $this;
-    }
-
-    private function applyLimit()
-    {
-        $clause = '';
-        if ($this->limit !== null) {
-            $clause = ' LIMIT ?';
-            $this->parameterList[] = $this->limit;
-
-            if ($this->offset !== null) {
-                $clause .= ' OFFSET ?';
-                $this->parameterList[] = $this->offset;
-            }
-        }
-
-        return $clause;
-    }
-
-    private function applyOrder()
-    {
-        if ($this->orderBy !== null) {
-            return ' ORDER BY ' . $this->orderBy;
-        }
-
-        return '';
-    }
-
-    /**
-     * @param $column
-     *
-     * @return PDOStatement
-     */
-    private function getData($column = '*')
-    {
-        $query = $this->buildQuery($column);
-        $query .= $this->applyOrder();
-        $query .= $this->applyLimit();
-
-        $statement = $this->database->prepare($query);
-        $statement->execute($this->parameterList);
-
-        return $statement;
-    }
-
-    /**
-     * @param $column
-     *
-     * @return string
-     */
-    protected function buildQuery($column)
-    {
-        $query = 'SELECT /* SearchHelper */ origin.' . $column . ' FROM ' . $this->table . ' origin ';
-        $query .= $this->joinClause . $this->whereClause;
-
-        return $query;
-    }
-
-    public function inIds($idList) {
-        $this->inClause('id', $idList);
-        return $this;
-    }
-
-    protected function inClause($column, $values) {
-        if (count($values) === 0) {
-            return;
-        }
-
-        // Urgh. OK. You can't use IN() with parameters directly, so let's munge something together.
-        $valueCount = count($values);
-
-        // Firstly, let's create a string of question marks, which will do as positional parameters.
-        $inSection = str_repeat('?,', $valueCount - 1) . '?';
-
-        $this->whereClause .= " AND {$column} IN ({$inSection})";
-        $this->parameterList = array_merge($this->parameterList, $values);
-    }
+	/** @var PdoDatabase */
+	protected $database;
+	/** @var array */
+	protected $parameterList = array();
+	/** @var null|int */
+	private $limit = null;
+	/** @var null|int */
+	private $offset = null;
+	private $orderBy = null;
+	/**
+	 * @var string The where clause.
+	 *
+	 * (the 1=1 condition will be optimised out of the query by the query planner, and simplifies our code here). Note
+	 * that we use positional parameters instead of named parameters because we don't know many times different options
+	 * will be called (looking at excluding() here, but there's the option for others).
+	 */
+	protected $whereClause = ' WHERE 1 = 1';
+	/** @var string */
+	protected $table;
+	protected $joinClause = '';
+	private $targetClass;
+
+	/**
+	 * SearchHelperBase constructor.
+	 *
+	 * @param PdoDatabase $database
+	 * @param string      $table
+	 * @param             $targetClass
+	 * @param null|string $order Order by clause, excluding ORDER BY.
+	 */
+	protected function __construct(PdoDatabase $database, $table, $targetClass, $order = null)
+	{
+		$this->database = $database;
+		$this->table = $table;
+		$this->orderBy = $order;
+		$this->targetClass = $targetClass;
+	}
+
+	/**
+	 * Finalises the database query, and executes it, returning a set of objects.
+	 *
+	 * @return DataObject[]
+	 */
+	public function fetch()
+	{
+		$statement = $this->getData();
+
+		/** @var DataObject[] $returnedObjects */
+		$returnedObjects = $statement->fetchAll(PDO::FETCH_CLASS, $this->targetClass);
+		foreach ($returnedObjects as $req) {
+			$req->setDatabase($this->database);
+		}
+
+		return $returnedObjects;
+	}
+
+	/**
+	 * Finalises the database query, and executes it, returning only the requested column.
+	 *
+	 * @param string $column The required column
+	 * @return array
+	 */
+	public function fetchColumn($column){
+		$statement = $this->getData($column);
+
+		return $statement->fetchAll(PDO::FETCH_COLUMN);
+	}
+
+	/**
+	 * @param int $count Returns the record count of the result set
+	 *
+	 * @return $this
+	 */
+	public function getRecordCount(&$count)
+	{
+		$query = 'SELECT /* SearchHelper */ COUNT(*) FROM ' . $this->table . ' origin ';
+		$query .= $this->joinClause . $this->whereClause;
+
+		$statement = $this->database->prepare($query);
+		$statement->execute($this->parameterList);
+
+		$count = $statement->fetchColumn(0);
+		$statement->closeCursor();
+
+		return $this;
+	}
+
+	/**
+	 * Limits the results
+	 *
+	 * @param integer      $limit
+	 * @param integer|null $offset
+	 *
+	 * @return $this
+	 *
+	 */
+	public function limit($limit, $offset = null)
+	{
+		$this->limit = $limit;
+		$this->offset = $offset;
+
+		return $this;
+	}
+
+	private function applyLimit()
+	{
+		$clause = '';
+		if ($this->limit !== null) {
+			$clause = ' LIMIT ?';
+			$this->parameterList[] = $this->limit;
+
+			if ($this->offset !== null) {
+				$clause .= ' OFFSET ?';
+				$this->parameterList[] = $this->offset;
+			}
+		}
+
+		return $clause;
+	}
+
+	private function applyOrder()
+	{
+		if ($this->orderBy !== null) {
+			return ' ORDER BY ' . $this->orderBy;
+		}
+
+		return '';
+	}
+
+	/**
+	 * @param $column
+	 *
+	 * @return PDOStatement
+	 */
+	private function getData($column = '*')
+	{
+		$query = $this->buildQuery($column);
+		$query .= $this->applyOrder();
+		$query .= $this->applyLimit();
+
+		$statement = $this->database->prepare($query);
+		$statement->execute($this->parameterList);
+
+		return $statement;
+	}
+
+	/**
+	 * @param $column
+	 *
+	 * @return string
+	 */
+	protected function buildQuery($column)
+	{
+		$query = 'SELECT /* SearchHelper */ origin.' . $column . ' FROM ' . $this->table . ' origin ';
+		$query .= $this->joinClause . $this->whereClause;
+
+		return $query;
+	}
+
+	public function inIds($idList) {
+		$this->inClause('id', $idList);
+		return $this;
+	}
+
+	protected function inClause($column, $values) {
+		if (count($values) === 0) {
+			return;
+		}
+
+		// Urgh. OK. You can't use IN() with parameters directly, so let's munge something together.
+		$valueCount = count($values);
+
+		// Firstly, let's create a string of question marks, which will do as positional parameters.
+		$inSection = str_repeat('?,', $valueCount - 1) . '?';
+
+		$this->whereClause .= " AND {$column} IN ({$inSection})";
+		$this->parameterList = array_merge($this->parameterList, $values);
+	}
 }

Spacing +7 added lines, -7 removed lines

@@ -77,7 +77,7 @@ 
      * @param string $column The required column
      * @return array
      */
-    public function fetchColumn($column){
+    public function fetchColumn($column) {
         $statement = $this->getData($column);
 
         return $statement->fetchAll(PDO::FETCH_COLUMN);
@@ -90,8 +90,8 @@ 
      */
     public function getRecordCount(&$count)
     {
-        $query = 'SELECT /* SearchHelper */ COUNT(*) FROM ' . $this->table . ' origin ';
-        $query .= $this->joinClause . $this->whereClause;
+        $query = 'SELECT /* SearchHelper */ COUNT(*) FROM '.$this->table.' origin ';
+        $query .= $this->joinClause.$this->whereClause;
 
         $statement = $this->database->prepare($query);
         $statement->execute($this->parameterList);
@@ -138,7 +138,7 @@ 
     private function applyOrder()
     {
         if ($this->orderBy !== null) {
-            return ' ORDER BY ' . $this->orderBy;
+            return ' ORDER BY '.$this->orderBy;
         }
 
         return '';
@@ -168,8 +168,8 @@ 
      */
     protected function buildQuery($column)
     {
-        $query = 'SELECT /* SearchHelper */ origin.' . $column . ' FROM ' . $this->table . ' origin ';
-        $query .= $this->joinClause . $this->whereClause;
+        $query = 'SELECT /* SearchHelper */ origin.'.$column.' FROM '.$this->table.' origin ';
+        $query .= $this->joinClause.$this->whereClause;
 
         return $query;
     }
@@ -188,7 +188,7 @@ 
         $valueCount = count($values);
 
         // Firstly, let's create a string of question marks, which will do as positional parameters.
-        $inSection = str_repeat('?,', $valueCount - 1) . '?';
+        $inSection = str_repeat('?,', $valueCount - 1).'?';
 
         $this->whereClause .= " AND {$column} IN ({$inSection})";
         $this->parameterList = array_merge($this->parameterList, $values);

Braces +6 added lines, -3 removed lines

@@ -77,7 +77,8 @@ 
      * @param string $column The required column
      * @return array
      */
-    public function fetchColumn($column){
+    public function fetchColumn($column)
+    {
         $statement = $this->getData($column);
 
         return $statement->fetchAll(PDO::FETCH_COLUMN);
@@ -174,12 +175,14 @@ 
         return $query;
     }
 
-    public function inIds($idList) {
+    public function inIds($idList)
+    {
         $this->inClause('id', $idList);
         return $this;
     }
 
-    protected function inClause($column, $values) {
+    protected function inClause($column, $values)
+    {
         if (count($values) === 0) {
             return;
         }

includes/Tasks/PageBase.php

Indentation +337 added lines, -337 removed lines

@@ -20,341 +20,341 @@
 
 abstract class PageBase extends TaskBase implements IRoutedTask
 {
-    use TemplateOutput;
-    /** @var string Smarty template to display */
-    protected $template = "base.tpl";
-    /** @var string HTML title. Currently unused. */
-    protected $htmlTitle;
-    /** @var bool Determines if the page is a redirect or not */
-    protected $isRedirecting = false;
-    /** @var array Queue of headers to be sent on successful completion */
-    protected $headerQueue = array();
-    /** @var string The name of the route to use, as determined by the request router. */
-    private $routeName = null;
-    /** @var TokenManager */
-    protected $tokenManager;
-    /** @var string[] Extra CSS files to include */
-    private $extraCss = array();
-    /** @var string[] Extra JS files to include */
-    private $extraJs = array();
-
-    /**
-     * Sets the route the request will take. Only should be called from the request router or barrier test.
-     *
-     * @param string $routeName        The name of the route
-     * @param bool   $skipCallableTest Don't use this unless you know what you're doing, and what the implications are.
-     *
-     * @throws Exception
-     * @category Security-Critical
-     */
-    final public function setRoute($routeName, $skipCallableTest = false)
-    {
-        // Test the new route is callable before adopting it.
-        if (!$skipCallableTest && !is_callable(array($this, $routeName))) {
-            throw new Exception("Proposed route '$routeName' is not callable.");
-        }
-
-        // Adopt the new route
-        $this->routeName = $routeName;
-    }
-
-    /**
-     * Gets the name of the route that has been passed from the request router.
-     * @return string
-     */
-    final public function getRouteName()
-    {
-        return $this->routeName;
-    }
-
-    /**
-     * Performs generic page setup actions
-     */
-    final protected function setupPage()
-    {
-        $this->setUpSmarty();
-
-        $siteNoticeText = SiteNotice::get($this->getDatabase());
-
-        $this->assign('siteNoticeText', $siteNoticeText);
-
-        $currentUser = User::getCurrent($this->getDatabase());
-        $this->assign('currentUser', $currentUser);
-        $this->assign('loggedIn', (!$currentUser->isCommunityUser()));
-    }
-
-    /**
-     * Runs the page logic as routed by the RequestRouter
-     *
-     * Only should be called after a security barrier! That means only from execute().
-     */
-    final protected function runPage()
-    {
-        $database = $this->getDatabase();
-
-        // initialise a database transaction
-        if (!$database->beginTransaction()) {
-            throw new Exception('Failed to start transaction on primary database.');
-        }
-
-        try {
-            // run the page code
-            $this->{$this->getRouteName()}();
-
-            $database->commit();
-        }
-        catch (ApplicationLogicException $ex) {
-            // it's an application logic exception, so nothing went seriously wrong with the site. We can use the
-            // standard templating system for this.
-
-            // Firstly, let's undo anything that happened to the database.
-            $database->rollBack();
-
-            // Reset smarty
-            $this->setUpSmarty();
-
-            // Set the template
-            $this->setTemplate('exception/application-logic.tpl');
-            $this->assign('message', $ex->getMessage());
-
-            // Force this back to false
-            $this->isRedirecting = false;
-            $this->headerQueue = array();
-        }
-        catch (OptimisticLockFailedException $ex) {
-            // it's an optimistic lock failure exception, so nothing went seriously wrong with the site. We can use the
-            // standard templating system for this.
-
-            // Firstly, let's undo anything that happened to the database.
-            $database->rollBack();
-
-            // Reset smarty
-            $this->setUpSmarty();
-
-            // Set the template
-            $this->setTemplate('exception/optimistic-lock-failure.tpl');
-            $this->assign('message', $ex->getMessage());
-
-            // Force this back to false
-            $this->isRedirecting = false;
-            $this->headerQueue = array();
-        }
-        finally {
-            // Catch any hanging on transactions
-            if ($database->hasActiveTransaction()) {
-                $database->rollBack();
-            }
-        }
-
-        // run any finalisation code needed before we send the output to the browser.
-        $this->finalisePage();
-
-        // Send the headers
-        $this->sendResponseHeaders();
-
-        // Check we have a template to use!
-        if ($this->template !== null) {
-            $content = $this->fetchTemplate($this->template);
-            ob_clean();
-            print($content);
-            ob_flush();
-
-            return;
-        }
-    }
-
-    /**
-     * Performs final tasks needed before rendering the page.
-     */
-    protected function finalisePage()
-    {
-        if ($this->isRedirecting) {
-            $this->template = null;
-
-            return;
-        }
-
-        $this->assign('extraCss', $this->extraCss);
-        $this->assign('extraJs', $this->extraJs);
-
-        // If we're actually displaying content, we want to add the session alerts here!
-        $this->assign('alerts', SessionAlert::getAlerts());
-        SessionAlert::clearAlerts();
-
-        $this->assign('htmlTitle', $this->htmlTitle);
-    }
-
-    /**
-     * @return TokenManager
-     */
-    public function getTokenManager()
-    {
-        return $this->tokenManager;
-    }
-
-    /**
-     * @param TokenManager $tokenManager
-     */
-    public function setTokenManager($tokenManager)
-    {
-        $this->tokenManager = $tokenManager;
-    }
-
-    /**
-     * Sends the redirect headers to perform a GET at the destination page.
-     *
-     * Also nullifies the set template so Smarty does not render it.
-     *
-     * @param string      $page   The page to redirect requests to (as used in the UR)
-     * @param null|string $action The action to use on the page.
-     * @param null|array  $parameters
-     * @param null|string $script The script (relative to index.php) to redirect to
-     */
-    final protected function redirect($page = '', $action = null, $parameters = null, $script = null)
-    {
-        $currentScriptName = WebRequest::scriptName();
-
-        // Are we changing script?
-        if ($script === null || substr($currentScriptName, -1 * count($script)) === $script) {
-            $targetScriptName = $currentScriptName;
-        }
-        else {
-            $targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
-        }
-
-        $pathInfo = array($targetScriptName);
-
-        $pathInfo[1] = $page;
-
-        if ($action !== null) {
-            $pathInfo[2] = $action;
-        }
-
-        $url = implode('/', $pathInfo);
-
-        if (is_array($parameters) && count($parameters) > 0) {
-            $url .= '?' . http_build_query($parameters);
-        }
-
-        $this->redirectUrl($url);
-    }
-
-    /**
-     * Sends the redirect headers to perform a GET at the new address.
-     *
-     * Also nullifies the set template so Smarty does not render it.
-     *
-     * @param string $path URL to redirect to
-     */
-    final protected function redirectUrl($path)
-    {
-        // 303 See Other = re-request at new address with a GET.
-        $this->headerQueue[] = 'HTTP/1.1 303 See Other';
-        $this->headerQueue[] = "Location: $path";
-
-        $this->setTemplate(null);
-        $this->isRedirecting = true;
-    }
-
-    /**
-     * Sets the name of the template this page should display.
-     *
-     * @param string $name
-     *
-     * @throws Exception
-     */
-    final protected function setTemplate($name)
-    {
-        if ($this->isRedirecting) {
-            throw new Exception('This page has been set as a redirect, no template can be displayed!');
-        }
-
-        $this->template = $name;
-    }
-
-    /**
-     * Adds an extra CSS file to to the page
-     *
-     * @param string $path The path (relative to the application root) of the file
-     */
-    final protected function addCss($path) {
-        if(in_array($path, $this->extraCss)){
-            // nothing to do
-            return;
-        }
-
-        $this->extraCss[] = $path;
-    }
-
-    /**
-     * Adds an extra JS file to to the page
-     *
-     * @param string $path The path (relative to the application root) of the file
-     */
-    final protected function addJs($path){
-        if(in_array($path, $this->extraJs)){
-            // nothing to do
-            return;
-        }
-
-        $this->extraJs[] = $path;
-    }
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    abstract protected function main();
-
-    /**
-     * @param string $title
-     */
-    final protected function setHtmlTitle($title)
-    {
-        $this->htmlTitle = $title;
-    }
-
-    public function execute()
-    {
-        if ($this->getRouteName() === null) {
-            throw new Exception('Request is unrouted.');
-        }
-
-        if ($this->getSiteConfiguration() === null) {
-            throw new Exception('Page has no configuration!');
-        }
-
-        $this->setupPage();
-
-        $this->runPage();
-    }
-
-    public function assignCSRFToken()
-    {
-        $token = $this->tokenManager->getNewToken();
-        $this->assign('csrfTokenData', $token->getTokenData());
-    }
-
-    public function validateCSRFToken()
-    {
-        if (!$this->tokenManager->validateToken(WebRequest::postString('csrfTokenData'))) {
-            throw new ApplicationLogicException('Form token is not valid, please reload and try again');
-        }
-    }
-
-    protected function sendResponseHeaders()
-    {
-        if (headers_sent()) {
-            throw new ApplicationLogicException          ('Headers have already been sent! This is likely a bug in the application.');
-        }
-
-        foreach ($this->headerQueue as $item) {
-            if (mb_strpos($item, "\r") !== false || mb_strpos($item, "\n") !== false) {
-                // Oops. We're not allowed to do this.
-                throw new Exception('Unable to split header');
-            }
-
-            header($item);
-        }
-    }
+	use TemplateOutput;
+	/** @var string Smarty template to display */
+	protected $template = "base.tpl";
+	/** @var string HTML title. Currently unused. */
+	protected $htmlTitle;
+	/** @var bool Determines if the page is a redirect or not */
+	protected $isRedirecting = false;
+	/** @var array Queue of headers to be sent on successful completion */
+	protected $headerQueue = array();
+	/** @var string The name of the route to use, as determined by the request router. */
+	private $routeName = null;
+	/** @var TokenManager */
+	protected $tokenManager;
+	/** @var string[] Extra CSS files to include */
+	private $extraCss = array();
+	/** @var string[] Extra JS files to include */
+	private $extraJs = array();
+
+	/**
+	 * Sets the route the request will take. Only should be called from the request router or barrier test.
+	 *
+	 * @param string $routeName        The name of the route
+	 * @param bool   $skipCallableTest Don't use this unless you know what you're doing, and what the implications are.
+	 *
+	 * @throws Exception
+	 * @category Security-Critical
+	 */
+	final public function setRoute($routeName, $skipCallableTest = false)
+	{
+		// Test the new route is callable before adopting it.
+		if (!$skipCallableTest && !is_callable(array($this, $routeName))) {
+			throw new Exception("Proposed route '$routeName' is not callable.");
+		}
+
+		// Adopt the new route
+		$this->routeName = $routeName;
+	}
+
+	/**
+	 * Gets the name of the route that has been passed from the request router.
+	 * @return string
+	 */
+	final public function getRouteName()
+	{
+		return $this->routeName;
+	}
+
+	/**
+	 * Performs generic page setup actions
+	 */
+	final protected function setupPage()
+	{
+		$this->setUpSmarty();
+
+		$siteNoticeText = SiteNotice::get($this->getDatabase());
+
+		$this->assign('siteNoticeText', $siteNoticeText);
+
+		$currentUser = User::getCurrent($this->getDatabase());
+		$this->assign('currentUser', $currentUser);
+		$this->assign('loggedIn', (!$currentUser->isCommunityUser()));
+	}
+
+	/**
+	 * Runs the page logic as routed by the RequestRouter
+	 *
+	 * Only should be called after a security barrier! That means only from execute().
+	 */
+	final protected function runPage()
+	{
+		$database = $this->getDatabase();
+
+		// initialise a database transaction
+		if (!$database->beginTransaction()) {
+			throw new Exception('Failed to start transaction on primary database.');
+		}
+
+		try {
+			// run the page code
+			$this->{$this->getRouteName()}();
+
+			$database->commit();
+		}
+		catch (ApplicationLogicException $ex) {
+			// it's an application logic exception, so nothing went seriously wrong with the site. We can use the
+			// standard templating system for this.
+
+			// Firstly, let's undo anything that happened to the database.
+			$database->rollBack();
+
+			// Reset smarty
+			$this->setUpSmarty();
+
+			// Set the template
+			$this->setTemplate('exception/application-logic.tpl');
+			$this->assign('message', $ex->getMessage());
+
+			// Force this back to false
+			$this->isRedirecting = false;
+			$this->headerQueue = array();
+		}
+		catch (OptimisticLockFailedException $ex) {
+			// it's an optimistic lock failure exception, so nothing went seriously wrong with the site. We can use the
+			// standard templating system for this.
+
+			// Firstly, let's undo anything that happened to the database.
+			$database->rollBack();
+
+			// Reset smarty
+			$this->setUpSmarty();
+
+			// Set the template
+			$this->setTemplate('exception/optimistic-lock-failure.tpl');
+			$this->assign('message', $ex->getMessage());
+
+			// Force this back to false
+			$this->isRedirecting = false;
+			$this->headerQueue = array();
+		}
+		finally {
+			// Catch any hanging on transactions
+			if ($database->hasActiveTransaction()) {
+				$database->rollBack();
+			}
+		}
+
+		// run any finalisation code needed before we send the output to the browser.
+		$this->finalisePage();
+
+		// Send the headers
+		$this->sendResponseHeaders();
+
+		// Check we have a template to use!
+		if ($this->template !== null) {
+			$content = $this->fetchTemplate($this->template);
+			ob_clean();
+			print($content);
+			ob_flush();
+
+			return;
+		}
+	}
+
+	/**
+	 * Performs final tasks needed before rendering the page.
+	 */
+	protected function finalisePage()
+	{
+		if ($this->isRedirecting) {
+			$this->template = null;
+
+			return;
+		}
+
+		$this->assign('extraCss', $this->extraCss);
+		$this->assign('extraJs', $this->extraJs);
+
+		// If we're actually displaying content, we want to add the session alerts here!
+		$this->assign('alerts', SessionAlert::getAlerts());
+		SessionAlert::clearAlerts();
+
+		$this->assign('htmlTitle', $this->htmlTitle);
+	}
+
+	/**
+	 * @return TokenManager
+	 */
+	public function getTokenManager()
+	{
+		return $this->tokenManager;
+	}
+
+	/**
+	 * @param TokenManager $tokenManager
+	 */
+	public function setTokenManager($tokenManager)
+	{
+		$this->tokenManager = $tokenManager;
+	}
+
+	/**
+	 * Sends the redirect headers to perform a GET at the destination page.
+	 *
+	 * Also nullifies the set template so Smarty does not render it.
+	 *
+	 * @param string      $page   The page to redirect requests to (as used in the UR)
+	 * @param null|string $action The action to use on the page.
+	 * @param null|array  $parameters
+	 * @param null|string $script The script (relative to index.php) to redirect to
+	 */
+	final protected function redirect($page = '', $action = null, $parameters = null, $script = null)
+	{
+		$currentScriptName = WebRequest::scriptName();
+
+		// Are we changing script?
+		if ($script === null || substr($currentScriptName, -1 * count($script)) === $script) {
+			$targetScriptName = $currentScriptName;
+		}
+		else {
+			$targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
+		}
+
+		$pathInfo = array($targetScriptName);
+
+		$pathInfo[1] = $page;
+
+		if ($action !== null) {
+			$pathInfo[2] = $action;
+		}
+
+		$url = implode('/', $pathInfo);
+
+		if (is_array($parameters) && count($parameters) > 0) {
+			$url .= '?' . http_build_query($parameters);
+		}
+
+		$this->redirectUrl($url);
+	}
+
+	/**
+	 * Sends the redirect headers to perform a GET at the new address.
+	 *
+	 * Also nullifies the set template so Smarty does not render it.
+	 *
+	 * @param string $path URL to redirect to
+	 */
+	final protected function redirectUrl($path)
+	{
+		// 303 See Other = re-request at new address with a GET.
+		$this->headerQueue[] = 'HTTP/1.1 303 See Other';
+		$this->headerQueue[] = "Location: $path";
+
+		$this->setTemplate(null);
+		$this->isRedirecting = true;
+	}
+
+	/**
+	 * Sets the name of the template this page should display.
+	 *
+	 * @param string $name
+	 *
+	 * @throws Exception
+	 */
+	final protected function setTemplate($name)
+	{
+		if ($this->isRedirecting) {
+			throw new Exception('This page has been set as a redirect, no template can be displayed!');
+		}
+
+		$this->template = $name;
+	}
+
+	/**
+	 * Adds an extra CSS file to to the page
+	 *
+	 * @param string $path The path (relative to the application root) of the file
+	 */
+	final protected function addCss($path) {
+		if(in_array($path, $this->extraCss)){
+			// nothing to do
+			return;
+		}
+
+		$this->extraCss[] = $path;
+	}
+
+	/**
+	 * Adds an extra JS file to to the page
+	 *
+	 * @param string $path The path (relative to the application root) of the file
+	 */
+	final protected function addJs($path){
+		if(in_array($path, $this->extraJs)){
+			// nothing to do
+			return;
+		}
+
+		$this->extraJs[] = $path;
+	}
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	abstract protected function main();
+
+	/**
+	 * @param string $title
+	 */
+	final protected function setHtmlTitle($title)
+	{
+		$this->htmlTitle = $title;
+	}
+
+	public function execute()
+	{
+		if ($this->getRouteName() === null) {
+			throw new Exception('Request is unrouted.');
+		}
+
+		if ($this->getSiteConfiguration() === null) {
+			throw new Exception('Page has no configuration!');
+		}
+
+		$this->setupPage();
+
+		$this->runPage();
+	}
+
+	public function assignCSRFToken()
+	{
+		$token = $this->tokenManager->getNewToken();
+		$this->assign('csrfTokenData', $token->getTokenData());
+	}
+
+	public function validateCSRFToken()
+	{
+		if (!$this->tokenManager->validateToken(WebRequest::postString('csrfTokenData'))) {
+			throw new ApplicationLogicException('Form token is not valid, please reload and try again');
+		}
+	}
+
+	protected function sendResponseHeaders()
+	{
+		if (headers_sent()) {
+			throw new ApplicationLogicException          ('Headers have already been sent! This is likely a bug in the application.');
+		}
+
+		foreach ($this->headerQueue as $item) {
+			if (mb_strpos($item, "\r") !== false || mb_strpos($item, "\n") !== false) {
+				// Oops. We're not allowed to do this.
+				throw new Exception('Unable to split header');
+			}
+
+			header($item);
+		}
+	}
 }

Spacing +6 added lines, -6 removed lines

@@ -219,7 +219,7 @@ 
             $targetScriptName = $currentScriptName;
         }
         else {
-            $targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
+            $targetScriptName = $this->getSiteConfiguration()->getBaseUrl().'/'.$script;
         }
 
         $pathInfo = array($targetScriptName);
@@ -233,7 +233,7 @@ 
         $url = implode('/', $pathInfo);
 
         if (is_array($parameters) && count($parameters) > 0) {
-            $url .= '?' . http_build_query($parameters);
+            $url .= '?'.http_build_query($parameters);
         }
 
         $this->redirectUrl($url);
@@ -278,7 +278,7 @@ 
      * @param string $path The path (relative to the application root) of the file
      */
     final protected function addCss($path) {
-        if(in_array($path, $this->extraCss)){
+        if (in_array($path, $this->extraCss)) {
             // nothing to do
             return;
         }
@@ -291,8 +291,8 @@ 
      *
      * @param string $path The path (relative to the application root) of the file
      */
-    final protected function addJs($path){
-        if(in_array($path, $this->extraJs)){
+    final protected function addJs($path) {
+        if (in_array($path, $this->extraJs)) {
             // nothing to do
             return;
         }
@@ -345,7 +345,7 @@ 
     protected function sendResponseHeaders()
     {
         if (headers_sent()) {
-            throw new ApplicationLogicException          ('Headers have already been sent! This is likely a bug in the application.');
+            throw new ApplicationLogicException('Headers have already been sent! This is likely a bug in the application.');
         }
 
         foreach ($this->headerQueue as $item) {

Braces +6 added lines, -4 removed lines

@@ -277,8 +277,9 @@ 
      *
      * @param string $path The path (relative to the application root) of the file
      */
-    final protected function addCss($path) {
-        if(in_array($path, $this->extraCss)){
+    final protected function addCss($path)
+    {
+        if(in_array($path, $this->extraCss)) {
             // nothing to do
             return;
         }
@@ -291,8 +292,9 @@ 
      *
      * @param string $path The path (relative to the application root) of the file
      */
-    final protected function addJs($path){
-        if(in_array($path, $this->extraJs)){
+    final protected function addJs($path)
+    {
+        if(in_array($path, $this->extraJs)) {
             // nothing to do
             return;
         }

includes/DataObjects/User.php

Indentation +1128 added lines, -1128 removed lines

@@ -27,285 +27,285 @@ 
  */
 class User extends DataObject
 {
-    const STATUS_USER = 'User';
-    const STATUS_ADMIN = 'Admin';
-    const STATUS_SUSPENDED = 'Suspended';
-    const STATUS_DECLINED = 'Declined';
-    const STATUS_NEW = 'New';
-    private $username;
-    private $email;
-    private $password;
-    private $status = self::STATUS_NEW;
-    private $onwikiname = "##OAUTH##";
-    private $welcome_sig = "";
-    private $lastactive = "0000-00-00 00:00:00";
-    private $forcelogout = 0;
-    private $checkuser = 0;
-    private $forceidentified = null;
-    private $welcome_template = 0;
-    private $abortpref = 0;
-    private $confirmationdiff = 0;
-    private $emailsig = "";
-    /** @var null|string */
-    private $oauthrequesttoken = null;
-    /** @var null|string */
-    private $oauthrequestsecret = null;
-    /** @var null|string */
-    private $oauthaccesstoken = null;
-    /** @var null|string */
-    private $oauthaccesssecret = null;
-    private $oauthidentitycache = null;
-    /** @var User Cache variable of the current user - it's never going to change in the middle of a request. */
-    private static $currentUser;
-    /** @var null|JWT The identity cache */
-    private $identityCache = null;
-    #region Object load methods
-
-    /**
-     * Gets the currently logged in user
-     *
-     * @param PdoDatabase $database
-     *
-     * @return User|CommunityUser
-     */
-    public static function getCurrent(PdoDatabase $database)
-    {
-        if (self::$currentUser === null) {
-            $sessionId = WebRequest::getSessionUserId();
-
-            if ($sessionId !== null) {
-                /** @var User $user */
-                $user = self::getById($sessionId, $database);
-
-                if ($user === false) {
-                    self::$currentUser = new CommunityUser();
-                }
-                else {
-                    self::$currentUser = $user;
-                }
-            }
-            else {
-                $anonymousCoward = new CommunityUser();
-
-                self::$currentUser = $anonymousCoward;
-            }
-        }
-
-        return self::$currentUser;
-    }
-
-    /**
-     * Gets a user by their user ID
-     *
-     * Pass -1 to get the community user.
-     *
-     * @param int|null    $id
-     * @param PdoDatabase $database
-     *
-     * @return User|false
-     */
-    public static function getById($id, PdoDatabase $database)
-    {
-        if ($id === null || $id == -1) {
-            return new CommunityUser();
-        }
-
-        /** @var User|false $user */
-        $user = parent::getById($id, $database);
-
-        return $user;
-    }
-
-    /**
-     * @return CommunityUser
-     */
-    public static function getCommunity()
-    {
-        return new CommunityUser();
-    }
-
-    /**
-     * Gets a user by their username
-     *
-     * @param  string      $username
-     * @param  PdoDatabase $database
-     *
-     * @return CommunityUser|User|false
-     */
-    public static function getByUsername($username, PdoDatabase $database)
-    {
-        global $communityUsername;
-        if ($username == $communityUsername) {
-            return new CommunityUser();
-        }
-
-        $statement = $database->prepare("SELECT * FROM user WHERE username = :id LIMIT 1;");
-        $statement->bindValue(":id", $username);
-
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    /**
-     * Gets a user by their on-wiki username.
-     *
-     * Don't use without asking me first. It's really inefficient in it's current implementation.
-     * We need to restructure the user table again to make this more efficient.
-     * We don't actually store the on-wiki name in the table any more, instead we
-     * are storing JSON in a column (!!). Yep, my fault. Code review is an awesome thing.
-     *            -- stw 2015-10-20
-     *
-     * @param string      $username
-     * @param PdoDatabase $database
-     *
-     * @return User|false
-     */
-    public static function getByOnWikiUsername($username, PdoDatabase $database)
-    {
-        // Firstly, try to search by the efficient database lookup.
-        $statement = $database->prepare("SELECT * FROM user WHERE onwikiname = :id LIMIT 1;");
-        $statement->bindValue(":id", $username);
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-
-            return $resultObject;
-        }
-
-        // For active users, the above has failed. Let's do it the hard way.
-        $sqlStatement = "SELECT * FROM user WHERE onwikiname = '##OAUTH##' AND oauthaccesstoken IS NOT NULL;";
-        $statement = $database->prepare($sqlStatement);
-        $statement->execute();
-        $resultSet = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
-
-        /** @var User $user */
-        foreach ($resultSet as $user) {
-            // We have to set this before doing OAuth queries. :(
-            $user->setDatabase($database);
-
-            // Using cached data here!
-            if ($user->getOAuthOnWikiName(true) == $username) {
-                // Success.
-                return $user;
-            }
-        }
-
-        // Cached data failed. Let's do it the *REALLY* hard way.
-        foreach ($resultSet as $user) {
-            // We have to set this before doing OAuth queries. :(
-            $user->setDatabase($database);
-
-            // Don't use the cached data, but instead query the API.
-            if ($user->getOAuthOnWikiName(false) == $username) {
-                // Success.
-                return $user;
-            }
-        }
-
-        // Nope. Sorry.
-        return false;
-    }
-
-    /**
-     * Gets a user by their OAuth request token
-     *
-     * @param string      $requestToken
-     * @param PdoDatabase $database
-     *
-     * @return User|false
-     */
-    public static function getByRequestToken($requestToken, PdoDatabase $database)
-    {
-        $statement = $database->prepare("SELECT * FROM user WHERE oauthrequesttoken = :id LIMIT 1;");
-        $statement->bindValue(":id", $requestToken);
-
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    /**
-     * Gets all users with a supplied status
-     *
-     * @param string      $status
-     * @param PdoDatabase $database
-     *
-     * @return User[]
-     */
-    public static function getAllWithStatus($status, PdoDatabase $database)
-    {
-        $statement = $database->prepare("SELECT * FROM user WHERE status = :status");
-        $statement->execute(array(":status" => $status));
-
-        $resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
-
-        /** @var User $u */
-        foreach ($resultObject as $u) {
-            $u->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    /**
-     * Gets all checkusers
-     *
-     * @param PdoDatabase $database
-     *
-     * @return User[]
-     */
-    public static function getAllCheckusers(PdoDatabase $database)
-    {
-        $statement = $database->prepare("SELECT * FROM user WHERE checkuser = 1;");
-        $statement->execute();
-
-        $resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
-
-        $resultsCollection = array();
-
-        /** @var User $u */
-        foreach ($resultObject as $u) {
-            $u->setDatabase($database);
-
-            if (!$u->isCheckuser()) {
-                continue;
-            }
-
-            $resultsCollection[] = $u;
-        }
-
-        return $resultsCollection;
-    }
-
-    /**
-     * Gets all inactive users
-     *
-     * @param PdoDatabase $database
-     *
-     * @return User[]
-     */
-    public static function getAllInactive(PdoDatabase $database)
-    {
-        $date = new DateTime();
-        $date->modify("-45 days");
-
-        $statement = $database->prepare(<<<SQL
+	const STATUS_USER = 'User';
+	const STATUS_ADMIN = 'Admin';
+	const STATUS_SUSPENDED = 'Suspended';
+	const STATUS_DECLINED = 'Declined';
+	const STATUS_NEW = 'New';
+	private $username;
+	private $email;
+	private $password;
+	private $status = self::STATUS_NEW;
+	private $onwikiname = "##OAUTH##";
+	private $welcome_sig = "";
+	private $lastactive = "0000-00-00 00:00:00";
+	private $forcelogout = 0;
+	private $checkuser = 0;
+	private $forceidentified = null;
+	private $welcome_template = 0;
+	private $abortpref = 0;
+	private $confirmationdiff = 0;
+	private $emailsig = "";
+	/** @var null|string */
+	private $oauthrequesttoken = null;
+	/** @var null|string */
+	private $oauthrequestsecret = null;
+	/** @var null|string */
+	private $oauthaccesstoken = null;
+	/** @var null|string */
+	private $oauthaccesssecret = null;
+	private $oauthidentitycache = null;
+	/** @var User Cache variable of the current user - it's never going to change in the middle of a request. */
+	private static $currentUser;
+	/** @var null|JWT The identity cache */
+	private $identityCache = null;
+	#region Object load methods
+
+	/**
+	 * Gets the currently logged in user
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|CommunityUser
+	 */
+	public static function getCurrent(PdoDatabase $database)
+	{
+		if (self::$currentUser === null) {
+			$sessionId = WebRequest::getSessionUserId();
+
+			if ($sessionId !== null) {
+				/** @var User $user */
+				$user = self::getById($sessionId, $database);
+
+				if ($user === false) {
+					self::$currentUser = new CommunityUser();
+				}
+				else {
+					self::$currentUser = $user;
+				}
+			}
+			else {
+				$anonymousCoward = new CommunityUser();
+
+				self::$currentUser = $anonymousCoward;
+			}
+		}
+
+		return self::$currentUser;
+	}
+
+	/**
+	 * Gets a user by their user ID
+	 *
+	 * Pass -1 to get the community user.
+	 *
+	 * @param int|null    $id
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|false
+	 */
+	public static function getById($id, PdoDatabase $database)
+	{
+		if ($id === null || $id == -1) {
+			return new CommunityUser();
+		}
+
+		/** @var User|false $user */
+		$user = parent::getById($id, $database);
+
+		return $user;
+	}
+
+	/**
+	 * @return CommunityUser
+	 */
+	public static function getCommunity()
+	{
+		return new CommunityUser();
+	}
+
+	/**
+	 * Gets a user by their username
+	 *
+	 * @param  string      $username
+	 * @param  PdoDatabase $database
+	 *
+	 * @return CommunityUser|User|false
+	 */
+	public static function getByUsername($username, PdoDatabase $database)
+	{
+		global $communityUsername;
+		if ($username == $communityUsername) {
+			return new CommunityUser();
+		}
+
+		$statement = $database->prepare("SELECT * FROM user WHERE username = :id LIMIT 1;");
+		$statement->bindValue(":id", $username);
+
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	/**
+	 * Gets a user by their on-wiki username.
+	 *
+	 * Don't use without asking me first. It's really inefficient in it's current implementation.
+	 * We need to restructure the user table again to make this more efficient.
+	 * We don't actually store the on-wiki name in the table any more, instead we
+	 * are storing JSON in a column (!!). Yep, my fault. Code review is an awesome thing.
+	 *            -- stw 2015-10-20
+	 *
+	 * @param string      $username
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|false
+	 */
+	public static function getByOnWikiUsername($username, PdoDatabase $database)
+	{
+		// Firstly, try to search by the efficient database lookup.
+		$statement = $database->prepare("SELECT * FROM user WHERE onwikiname = :id LIMIT 1;");
+		$statement->bindValue(":id", $username);
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+
+			return $resultObject;
+		}
+
+		// For active users, the above has failed. Let's do it the hard way.
+		$sqlStatement = "SELECT * FROM user WHERE onwikiname = '##OAUTH##' AND oauthaccesstoken IS NOT NULL;";
+		$statement = $database->prepare($sqlStatement);
+		$statement->execute();
+		$resultSet = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
+
+		/** @var User $user */
+		foreach ($resultSet as $user) {
+			// We have to set this before doing OAuth queries. :(
+			$user->setDatabase($database);
+
+			// Using cached data here!
+			if ($user->getOAuthOnWikiName(true) == $username) {
+				// Success.
+				return $user;
+			}
+		}
+
+		// Cached data failed. Let's do it the *REALLY* hard way.
+		foreach ($resultSet as $user) {
+			// We have to set this before doing OAuth queries. :(
+			$user->setDatabase($database);
+
+			// Don't use the cached data, but instead query the API.
+			if ($user->getOAuthOnWikiName(false) == $username) {
+				// Success.
+				return $user;
+			}
+		}
+
+		// Nope. Sorry.
+		return false;
+	}
+
+	/**
+	 * Gets a user by their OAuth request token
+	 *
+	 * @param string      $requestToken
+	 * @param PdoDatabase $database
+	 *
+	 * @return User|false
+	 */
+	public static function getByRequestToken($requestToken, PdoDatabase $database)
+	{
+		$statement = $database->prepare("SELECT * FROM user WHERE oauthrequesttoken = :id LIMIT 1;");
+		$statement->bindValue(":id", $requestToken);
+
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	/**
+	 * Gets all users with a supplied status
+	 *
+	 * @param string      $status
+	 * @param PdoDatabase $database
+	 *
+	 * @return User[]
+	 */
+	public static function getAllWithStatus($status, PdoDatabase $database)
+	{
+		$statement = $database->prepare("SELECT * FROM user WHERE status = :status");
+		$statement->execute(array(":status" => $status));
+
+		$resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
+
+		/** @var User $u */
+		foreach ($resultObject as $u) {
+			$u->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	/**
+	 * Gets all checkusers
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return User[]
+	 */
+	public static function getAllCheckusers(PdoDatabase $database)
+	{
+		$statement = $database->prepare("SELECT * FROM user WHERE checkuser = 1;");
+		$statement->execute();
+
+		$resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
+
+		$resultsCollection = array();
+
+		/** @var User $u */
+		foreach ($resultObject as $u) {
+			$u->setDatabase($database);
+
+			if (!$u->isCheckuser()) {
+				continue;
+			}
+
+			$resultsCollection[] = $u;
+		}
+
+		return $resultsCollection;
+	}
+
+	/**
+	 * Gets all inactive users
+	 *
+	 * @param PdoDatabase $database
+	 *
+	 * @return User[]
+	 */
+	public static function getAllInactive(PdoDatabase $database)
+	{
+		$date = new DateTime();
+		$date->modify("-45 days");
+
+		$statement = $database->prepare(<<<SQL
 			SELECT * 
 			FROM user 
 			WHERE lastactive < :lastactivelimit 
@@ -314,104 +314,104 @@ 
 				AND status != 'New' 
 			ORDER BY lastactive ASC;
 SQL
-        );
-        $statement->execute(array(":lastactivelimit" => $date->format("Y-m-d H:i:s")));
-
-        $resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
-
-        /** @var User $u */
-        foreach ($resultObject as $u) {
-            $u->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    /**
-     * Gets all the usernames in the system
-     *
-     * @param PdoDatabase      $database
-     * @param null|bool|string $filter If null, no filter. If true, active users only, otherwise provided status.
-     *
-     * @return string[]
-     */
-    public static function getAllUsernames(PdoDatabase $database, $filter = null)
-    {
-        if ($filter === null) {
-            $userListQuery = "SELECT username FROM user;";
-            $userListResult = $database->query($userListQuery);
-        }
-        elseif ($filter === true) {
-            $userListQuery = "SELECT username FROM user WHERE status IN ('User', 'Admin');";
-            $userListResult = $database->query($userListQuery);
-        }
-        else {
-            $userListQuery = "SELECT username FROM user WHERE status = :status;";
-            $userListResult = $database->prepare($userListQuery);
-            $userListResult->execute(array(":status" => $filter));
-        }
-
-        return $userListResult->fetchAll(PDO::FETCH_COLUMN);
-    }
-
-    /**
-     * @param array       $userIds
-     * @param PdoDatabase $database
-     *
-     * @return array
-     * @throws Exception
-     */
-    public static function getUsernames($userIds, PdoDatabase $database)
-    {
-        if (!is_array($userIds)) {
-            throw new Exception('getUsernames() expects array');
-        }
-
-        if (count($userIds) === 0) {
-            // empty set of data
-            return array();
-        }
-
-        // Urgh. OK. You can't use IN() with parameters directly, so let's munge something together.
-        $userCount = count($userIds);
-
-        // Firstly, let's create a string of question marks, which will do as positional parameters.
-        $inSection = str_repeat('?,', $userCount - 1) . '?';
-
-        // Now, let's put that into the query. Direct string building here is OK, we're not dealing with user input,
-        // only the *count* of user input, which is safe.
-        $query = "SELECT id, username FROM user WHERE id IN ({$inSection})";
-
-        // Prepare the query
-        $statement = $database->prepare($query);
-
-        // Bind the parameters and execute - in one go - since we already have a handy array kicking around.
-        $statement->execute($userIds);
-
-        $resultSet = $statement->fetchAll(PDO::FETCH_ASSOC);
-
-        $users = array();
-        foreach ($resultSet as $row) {
-            $users[$row['id']] = $row['username'];
-        }
-
-        $statement->closeCursor();
-
-        return $users;
-    }
-
-    #endregion
-
-    /**
-     * Saves the current object
-     *
-     * @throws Exception
-     */
-    public function save()
-    {
-        if ($this->isNew()) {
-            // insert
-            $statement = $this->dbObject->prepare(<<<SQL
+		);
+		$statement->execute(array(":lastactivelimit" => $date->format("Y-m-d H:i:s")));
+
+		$resultObject = $statement->fetchAll(PDO::FETCH_CLASS, get_called_class());
+
+		/** @var User $u */
+		foreach ($resultObject as $u) {
+			$u->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	/**
+	 * Gets all the usernames in the system
+	 *
+	 * @param PdoDatabase      $database
+	 * @param null|bool|string $filter If null, no filter. If true, active users only, otherwise provided status.
+	 *
+	 * @return string[]
+	 */
+	public static function getAllUsernames(PdoDatabase $database, $filter = null)
+	{
+		if ($filter === null) {
+			$userListQuery = "SELECT username FROM user;";
+			$userListResult = $database->query($userListQuery);
+		}
+		elseif ($filter === true) {
+			$userListQuery = "SELECT username FROM user WHERE status IN ('User', 'Admin');";
+			$userListResult = $database->query($userListQuery);
+		}
+		else {
+			$userListQuery = "SELECT username FROM user WHERE status = :status;";
+			$userListResult = $database->prepare($userListQuery);
+			$userListResult->execute(array(":status" => $filter));
+		}
+
+		return $userListResult->fetchAll(PDO::FETCH_COLUMN);
+	}
+
+	/**
+	 * @param array       $userIds
+	 * @param PdoDatabase $database
+	 *
+	 * @return array
+	 * @throws Exception
+	 */
+	public static function getUsernames($userIds, PdoDatabase $database)
+	{
+		if (!is_array($userIds)) {
+			throw new Exception('getUsernames() expects array');
+		}
+
+		if (count($userIds) === 0) {
+			// empty set of data
+			return array();
+		}
+
+		// Urgh. OK. You can't use IN() with parameters directly, so let's munge something together.
+		$userCount = count($userIds);
+
+		// Firstly, let's create a string of question marks, which will do as positional parameters.
+		$inSection = str_repeat('?,', $userCount - 1) . '?';
+
+		// Now, let's put that into the query. Direct string building here is OK, we're not dealing with user input,
+		// only the *count* of user input, which is safe.
+		$query = "SELECT id, username FROM user WHERE id IN ({$inSection})";
+
+		// Prepare the query
+		$statement = $database->prepare($query);
+
+		// Bind the parameters and execute - in one go - since we already have a handy array kicking around.
+		$statement->execute($userIds);
+
+		$resultSet = $statement->fetchAll(PDO::FETCH_ASSOC);
+
+		$users = array();
+		foreach ($resultSet as $row) {
+			$users[$row['id']] = $row['username'];
+		}
+
+		$statement->closeCursor();
+
+		return $users;
+	}
+
+	#endregion
+
+	/**
+	 * Saves the current object
+	 *
+	 * @throws Exception
+	 */
+	public function save()
+	{
+		if ($this->isNew()) {
+			// insert
+			$statement = $this->dbObject->prepare(<<<SQL
 				INSERT INTO `user` ( 
 					username, email, password, status, onwikiname, welcome_sig, 
 					lastactive, forcelogout, checkuser, forceidentified,
@@ -425,36 +425,36 @@ 
 					:ort, :ors, :oat, :oas
 				);
 SQL
-            );
-            $statement->bindValue(":username", $this->username);
-            $statement->bindValue(":email", $this->email);
-            $statement->bindValue(":password", $this->password);
-            $statement->bindValue(":status", $this->status);
-            $statement->bindValue(":onwikiname", $this->onwikiname);
-            $statement->bindValue(":welcome_sig", $this->welcome_sig);
-            $statement->bindValue(":lastactive", $this->lastactive);
-            $statement->bindValue(":forcelogout", $this->forcelogout);
-            $statement->bindValue(":checkuser", $this->checkuser);
-            $statement->bindValue(":forceidentified", $this->forceidentified);
-            $statement->bindValue(":welcome_template", $this->welcome_template);
-            $statement->bindValue(":abortpref", $this->abortpref);
-            $statement->bindValue(":confirmationdiff", $this->confirmationdiff);
-            $statement->bindValue(":emailsig", $this->emailsig);
-            $statement->bindValue(":ort", $this->oauthrequesttoken);
-            $statement->bindValue(":ors", $this->oauthrequestsecret);
-            $statement->bindValue(":oat", $this->oauthaccesstoken);
-            $statement->bindValue(":oas", $this->oauthaccesssecret);
-
-            if ($statement->execute()) {
-                $this->id = (int)$this->dbObject->lastInsertId();
-            }
-            else {
-                throw new Exception($statement->errorInfo());
-            }
-        }
-        else {
-            // update
-            $statement = $this->dbObject->prepare(<<<SQL
+			);
+			$statement->bindValue(":username", $this->username);
+			$statement->bindValue(":email", $this->email);
+			$statement->bindValue(":password", $this->password);
+			$statement->bindValue(":status", $this->status);
+			$statement->bindValue(":onwikiname", $this->onwikiname);
+			$statement->bindValue(":welcome_sig", $this->welcome_sig);
+			$statement->bindValue(":lastactive", $this->lastactive);
+			$statement->bindValue(":forcelogout", $this->forcelogout);
+			$statement->bindValue(":checkuser", $this->checkuser);
+			$statement->bindValue(":forceidentified", $this->forceidentified);
+			$statement->bindValue(":welcome_template", $this->welcome_template);
+			$statement->bindValue(":abortpref", $this->abortpref);
+			$statement->bindValue(":confirmationdiff", $this->confirmationdiff);
+			$statement->bindValue(":emailsig", $this->emailsig);
+			$statement->bindValue(":ort", $this->oauthrequesttoken);
+			$statement->bindValue(":ors", $this->oauthrequestsecret);
+			$statement->bindValue(":oat", $this->oauthaccesstoken);
+			$statement->bindValue(":oas", $this->oauthaccesssecret);
+
+			if ($statement->execute()) {
+				$this->id = (int)$this->dbObject->lastInsertId();
+			}
+			else {
+				throw new Exception($statement->errorInfo());
+			}
+		}
+		else {
+			// update
+			$statement = $this->dbObject->prepare(<<<SQL
 				UPDATE `user` SET 
 					username = :username, email = :email, 
 					password = :password, status = :status,
@@ -469,721 +469,721 @@ 
 				WHERE id = :id AND updateversion = :updateversion
 				LIMIT 1;
 SQL
-            );
-            $statement->bindValue(":forceidentified", $this->forceidentified);
-
-            $statement->bindValue(':id', $this->id);
-            $statement->bindValue(':updateversion', $this->updateversion);
-
-            $statement->bindValue(':username', $this->username);
-            $statement->bindValue(':email', $this->email);
-            $statement->bindValue(':password', $this->password);
-            $statement->bindValue(':status', $this->status);
-            $statement->bindValue(':onwikiname', $this->onwikiname);
-            $statement->bindValue(':welcome_sig', $this->welcome_sig);
-            $statement->bindValue(':lastactive', $this->lastactive);
-            $statement->bindValue(':forcelogout', $this->forcelogout);
-            $statement->bindValue(':checkuser', $this->checkuser);
-            $statement->bindValue(':forceidentified', $this->forceidentified);
-            $statement->bindValue(':welcome_template', $this->welcome_template);
-            $statement->bindValue(':abortpref', $this->abortpref);
-            $statement->bindValue(':confirmationdiff', $this->confirmationdiff);
-            $statement->bindValue(':emailsig', $this->emailsig);
-            $statement->bindValue(':ort', $this->oauthrequesttoken);
-            $statement->bindValue(':ors', $this->oauthrequestsecret);
-            $statement->bindValue(':oat', $this->oauthaccesstoken);
-            $statement->bindValue(':oas', $this->oauthaccesssecret);
-
-            if (!$statement->execute()) {
-                throw new Exception($statement->errorInfo());
-            }
-
-            if ($statement->rowCount() !== 1) {
-                throw new OptimisticLockFailedException();
-            }
-
-            $this->updateversion++;
-        }
-    }
-
-    /**
-     * Authenticates the user with the supplied password
-     *
-     * @param string $password
-     *
-     * @return bool
-     * @throws Exception
-     * @category Security-Critical
-     */
-    public function authenticate($password)
-    {
-        $result = AuthUtility::testCredentials($password, $this->password);
-
-        if ($result === true) {
-            // password version is out of date, update it.
-            if (!AuthUtility::isCredentialVersionLatest($this->password)) {
-                $this->password = AuthUtility::encryptPassword($password);
-                $this->save();
-            }
-        }
-
-        return $result;
-    }
-
-    #region properties
-
-    /**
-     * Gets the tool username
-     * @return string
-     */
-    public function getUsername()
-    {
-        return $this->username;
-    }
-
-    /**
-     * Sets the tool username
-     *
-     * @param string $username
-     */
-    public function setUsername($username)
-    {
-        $this->username = $username;
-
-        // If this isn't a brand new user, then it's a rename, force the logout
-        if (!$this->isNew()) {
-            $this->forcelogout = 1;
-        }
-    }
-
-    /**
-     * Gets the user's email address
-     * @return string
-     */
-    public function getEmail()
-    {
-        return $this->email;
-    }
-
-    /**
-     * Sets the user's email address
-     *
-     * @param string $email
-     */
-    public function setEmail($email)
-    {
-        $this->email = $email;
-    }
-
-    /**
-     * Sets the user's password
-     *
-     * @param string $password the plaintext password
-     *
-     * @category Security-Critical
-     */
-    public function setPassword($password)
-    {
-        $this->password = AuthUtility::encryptPassword($password);
-    }
-
-    /**
-     * Gets the status (User, Admin, Suspended, etc - excludes checkuser) of the user.
-     * @return string
-     */
-    public function getStatus()
-    {
-        return $this->status;
-    }
-
-    /**
-     * @param string $status
-     */
-    public function setStatus($status)
-    {
-        $this->status = $status;
-    }
-
-    /**
-     * Gets the user's on-wiki name
-     * @return string
-     */
-    public function getOnWikiName()
-    {
-        if ($this->oauthaccesstoken !== null) {
-            try {
-                return $this->getOAuthOnWikiName();
-            }
-            catch (Exception $ex) {
-                // urm.. log this?
-                return $this->onwikiname;
-            }
-        }
-
-        return $this->onwikiname;
-    }
-
-    /**
-     * This is probably NOT the function you want!
-     *
-     * Take a look at getOnWikiName() instead.
-     * @return string
-     */
-    public function getStoredOnWikiName()
-    {
-        return $this->onwikiname;
-    }
-
-    /**
-     * Sets the user's on-wiki name
-     *
-     * This can have interesting side-effects with OAuth.
-     *
-     * @param string $onWikiName
-     */
-    public function setOnWikiName($onWikiName)
-    {
-        $this->onwikiname = $onWikiName;
-    }
-
-    /**
-     * Gets the welcome signature
-     * @return string
-     */
-    public function getWelcomeSig()
-    {
-        return $this->welcome_sig;
-    }
-
-    /**
-     * Sets the welcome signature
-     *
-     * @param string $welcomeSig
-     */
-    public function setWelcomeSig($welcomeSig)
-    {
-        $this->welcome_sig = $welcomeSig;
-    }
-
-    /**
-     * Gets the last activity date for the user
-     *
-     * @return string
-     * @todo This should probably return an instance of DateTime
-     */
-    public function getLastActive()
-    {
-        return $this->lastactive;
-    }
-
-    /**
-     * Gets the user's forced logout status
-     *
-     * @return bool
-     */
-    public function getForceLogout()
-    {
-        return $this->forcelogout == 1;
-    }
-
-    /**
-     * Sets the user's forced logout status
-     *
-     * @param bool $forceLogout
-     */
-    public function setForceLogout($forceLogout)
-    {
-        $this->forcelogout = $forceLogout ? 1 : 0;
-    }
-
-    /**
-     * Returns the ID of the welcome template used.
-     * @return int
-     */
-    public function getWelcomeTemplate()
-    {
-        return $this->welcome_template;
-    }
-
-    /**
-     * Sets the ID of the welcome template used.
-     *
-     * @param int $welcomeTemplate
-     */
-    public function setWelcomeTemplate($welcomeTemplate)
-    {
-        $this->welcome_template = $welcomeTemplate;
-    }
-
-    /**
-     * Gets the user's abort preference
-     * @todo this is badly named too! Also a bool that's actually an int.
-     * @return int
-     */
-    public function getAbortPref()
-    {
-        return $this->abortpref;
-    }
-
-    /**
-     * Sets the user's abort preference
-     * @todo rename, retype, and re-comment.
-     *
-     * @param int $abortPreference
-     */
-    public function setAbortPref($abortPreference)
-    {
-        $this->abortpref = $abortPreference;
-    }
-
-    /**
-     * Gets the user's confirmation diff. Unused if OAuth is in use.
-     * @return int the diff ID
-     */
-    public function getConfirmationDiff()
-    {
-        return $this->confirmationdiff;
-    }
-
-    /**
-     * Sets the user's confirmation diff.
-     *
-     * @param int $confirmationDiff
-     */
-    public function setConfirmationDiff($confirmationDiff)
-    {
-        $this->confirmationdiff = $confirmationDiff;
-    }
-
-    /**
-     * Gets the users' email signature used on outbound mail.
-     * @todo rename me!
-     * @return string
-     */
-    public function getEmailSig()
-    {
-        return $this->emailsig;
-    }
-
-    /**
-     * Sets the user's email signature for outbound mail.
-     *
-     * @param string $emailSignature
-     */
-    public function setEmailSig($emailSignature)
-    {
-        $this->emailsig = $emailSignature;
-    }
-
-    /**
-     * Gets the user's OAuth request token.
-     *
-     * @todo move me to a collaborator.
-     * @return null|string
-     */
-    public function getOAuthRequestToken()
-    {
-        return $this->oauthrequesttoken;
-    }
-
-    /**
-     * Sets the user's OAuth request token
-     * @todo move me to a collaborator
-     *
-     * @param string $oAuthRequestToken
-     */
-    public function setOAuthRequestToken($oAuthRequestToken)
-    {
-        $this->oauthrequesttoken = $oAuthRequestToken;
-    }
-
-    /**
-     * Gets the users OAuth request secret
-     * @category Security-Critical
-     * @todo     move me to a collaborator
-     * @return null|string
-     */
-    public function getOAuthRequestSecret()
-    {
-        return $this->oauthrequestsecret;
-    }
-
-    /**
-     * Sets the user's OAuth request secret
-     * @todo move me to a collaborator
-     *
-     * @param string $oAuthRequestSecret
-     */
-    public function setOAuthRequestSecret($oAuthRequestSecret)
-    {
-        $this->oauthrequestsecret = $oAuthRequestSecret;
-    }
-
-    /**
-     * Gets the user's access token
-     * @category Security-Critical
-     * @todo     move me to a collaborator
-     * @return null|string
-     */
-    public function getOAuthAccessToken()
-    {
-        return $this->oauthaccesstoken;
-    }
-
-    /**
-     * Sets the user's access token
-     * @todo move me to a collaborator
-     *
-     * @param string $oAuthAccessToken
-     */
-    public function setOAuthAccessToken($oAuthAccessToken)
-    {
-        $this->oauthaccesstoken = $oAuthAccessToken;
-    }
-
-    /**
-     * Gets the user's OAuth access secret
-     * @category Security-Critical
-     * @todo     move me to a collaborator
-     * @return null|string
-     */
-    public function getOAuthAccessSecret()
-    {
-        return $this->oauthaccesssecret;
-    }
-
-    /**
-     * Sets the user's OAuth access secret
-     * @todo move me to a collaborator
-     *
-     * @param string $oAuthAccessSecret
-     */
-    public function setOAuthAccessSecret($oAuthAccessSecret)
-    {
-        $this->oauthaccesssecret = $oAuthAccessSecret;
-    }
-
-    #endregion
-
-    #region user access checks
-
-    /**
-     * Tests if the user is an admin
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isAdmin()
-    {
-        return $this->status == self::STATUS_ADMIN;
-    }
-
-    /**
-     * Tests if the user is a checkuser
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isCheckuser()
-    {
-        return $this->checkuser == 1 || $this->oauthCanCheckUser();
-    }
-
-    /**
-     * Tests if the user is identified
-     *
-     * @param IdentificationVerifier $iv
-     *
-     * @return bool
-     * @todo     Figure out what on earth is going on with PDO's typecasting here.  Apparently, it returns string("0") for
-     *       the force-unidentified case, and int(1) for the identified case?!  This is quite ugly, but probably needed
-     *       to play it safe for now.
-     * @category Security-Critical
-     */
-    public function isIdentified(IdentificationVerifier $iv)
-    {
-        if ($this->forceidentified === 0 || $this->forceidentified === "0") {
-            // User forced to unidentified in the database.
-            return false;
-        }
-        elseif ($this->forceidentified === 1 || $this->forceidentified === "1") {
-            // User forced to identified in the database.
-            return true;
-        }
-        else {
-            // User not forced to any particular identified status; consult IdentificationVerifier
-            return $iv->isUserIdentified($this->getOnWikiName());
-        }
-    }
-
-    /**
-     * Tests if the user is suspended
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isSuspended()
-    {
-        return $this->status == self::STATUS_SUSPENDED;
-    }
-
-    /**
-     * Tests if the user is new
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isNewUser()
-    {
-        return $this->status == self::STATUS_NEW;
-    }
-
-    /**
-     * Tests if the user is a standard-level user
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isUser()
-    {
-        return $this->status == self::STATUS_USER;
-    }
-
-    /**
-     * Tests if the user has been declined access to the tool
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isDeclined()
-    {
-        return $this->status == self::STATUS_DECLINED;
-    }
-
-    /**
-     * Tests if the user is the community user
-     *
-     * @todo     decide if this means logged out. I think it usually does.
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isCommunityUser()
-    {
-        return false;
-    }
-
-    #endregion 
-
-    #region OAuth
-
-    /**
-     * @todo     move me to a collaborator
-     *
-     * @param bool $useCached
-     *
-     * @return mixed|null
-     * @category Security-Critical
-     */
-    public function getOAuthIdentity($useCached = false)
-    {
-        if ($this->oauthaccesstoken === null) {
-            $this->clearOAuthData();
-        }
-
-        global $oauthConsumerToken, $oauthMediaWikiCanonicalServer;
-
-        if ($this->oauthidentitycache == null) {
-            $this->identityCache = null;
-        }
-        else {
-            $this->identityCache = unserialize($this->oauthidentitycache);
-        }
-
-        // check the cache
-        if (
-            $this->identityCache != null &&
-            $this->identityCache->aud == $oauthConsumerToken &&
-            $this->identityCache->iss == $oauthMediaWikiCanonicalServer
-        ) {
-            if (
-                $useCached || (
-                    DateTime::createFromFormat("U", $this->identityCache->iat) < new DateTime() &&
-                    DateTime::createFromFormat("U", $this->identityCache->exp) > new DateTime()
-                )
-            ) {
-                // Use cached value - it's either valid or we don't care.
-                return $this->identityCache;
-            }
-            else {
-                // Cache expired and not forcing use of cached value
-                $this->getIdentityCache();
-
-                return $this->identityCache;
-            }
-        }
-        else {
-            // Cache isn't ours or doesn't exist
-            $this->getIdentityCache();
-
-            return $this->identityCache;
-        }
-    }
-
-    /**
-     * @todo     move me to a collaborator
-     *
-     * @param mixed $useCached Set to false for everything where up-to-date data is important.
-     *
-     * @return mixed
-     * @category Security-Critical
-     */
-    private function getOAuthOnWikiName($useCached = false)
-    {
-        $identity = $this->getOAuthIdentity($useCached);
-        if ($identity !== null) {
-            return $identity->username;
-        }
-
-        return false;
-    }
-
-    /**
-     * @return bool
-     * @todo move me to a collaborator
-     */
-    public function isOAuthLinked()
-    {
-        if ($this->onwikiname === "##OAUTH##") {
-            return true; // special value. If an account must be oauth linked, this is true.
-        }
-
-        return $this->oauthaccesstoken !== null;
-    }
-
-    /**
-     * @return null
-     * @todo move me to a collaborator
-     */
-    public function clearOAuthData()
-    {
-        $this->identityCache = null;
-        $this->oauthidentitycache = null;
-        $clearCacheQuery = "UPDATE user SET oauthidentitycache = NULL WHERE id = :id;";
-        $this->dbObject->prepare($clearCacheQuery)->execute(array(":id" => $this->id));
-
-        return null;
-    }
-
-    /**
-     * @throws Exception
-     * @todo     move me to a collaborator
-     * @category Security-Critical
-     */
-    private function getIdentityCache()
-    {
-        /** @var IOAuthHelper $oauthHelper */
-        global $oauthHelper;
-
-        try {
-            $this->identityCache = $oauthHelper->getIdentityTicket($this->oauthaccesstoken, $this->oauthaccesssecret);
-
-            $this->oauthidentitycache = serialize($this->identityCache);
-            $this->dbObject->prepare("UPDATE user SET oauthidentitycache = :identity WHERE id = :id;")
-                ->execute(array(":id" => $this->id, ":identity" => $this->oauthidentitycache));
-        }
-        catch (UnexpectedValueException $ex) {
-            $this->identityCache = null;
-            $this->oauthidentitycache = null;
-            $this->dbObject->prepare("UPDATE user SET oauthidentitycache = NULL WHERE id = :id;")
-                ->execute(array(":id" => $this->id));
-
-            SessionAlert::warning("OAuth error getting identity from MediaWiki: " . $ex->getMessage());
-        }
-    }
-
-    /**
-     * @return bool
-     * @todo move me to a collaborator
-     */
-    public function oauthCanUse()
-    {
-        try {
-            return in_array('useoauth', $this->getOAuthIdentity()->grants);
-        }
-        catch (Exception $ex) {
-            return false;
-        }
-    }
-
-    /**
-     * @return bool
-     * @todo move me to a collaborator
-     */
-    public function oauthCanEdit()
-    {
-        try {
-            return in_array('useoauth', $this->getOAuthIdentity()->grants)
-            && in_array('createeditmovepage', $this->getOAuthIdentity()->grants)
-            && in_array('createtalk', $this->getOAuthIdentity()->rights)
-            && in_array('edit', $this->getOAuthIdentity()->rights)
-            && in_array('writeapi', $this->getOAuthIdentity()->rights);
-        }
-        catch (Exception $ex) {
-            return false;
-        }
-    }
-
-    /**
-     * @return bool
-     * @todo move me to a collaborator
-     */
-    public function oauthCanCreateAccount()
-    {
-        try {
-            return in_array('useoauth', $this->getOAuthIdentity()->grants)
-            && in_array('createaccount', $this->getOAuthIdentity()->grants)
-            && in_array('createaccount', $this->getOAuthIdentity()->rights)
-            && in_array('writeapi', $this->getOAuthIdentity()->rights);
-        }
-        catch (Exception $ex) {
-            return false;
-        }
-    }
-
-    /**
-     * @return bool
-     * @todo     move me to a collaborator
-     * @category Security-Critical
-     */
-    protected function oauthCanCheckUser()
-    {
-        if (!$this->isOAuthLinked()) {
-            return false;
-        }
-
-        try {
-            $identity = $this->getOAuthIdentity();
-
-            return in_array('checkuser', $identity->rights);
-        }
-        catch (Exception $ex) {
-            return false;
-        }
-    }
-
-    #endregion
-
-    /**
-     * Gets a hash of data for the user to reset their password with.
-     * @category Security-Critical
-     * @return string
-     */
-    public function getForgottenPasswordHash()
-    {
-        return md5($this->username . $this->email . $this->welcome_template . $this->id . $this->password);
-    }
-
-    /**
-     * Gets the approval date of the user
-     * @return DateTime|false
-     */
-    public function getApprovalDate()
-    {
-        $query = $this->dbObject->prepare(<<<SQL
+			);
+			$statement->bindValue(":forceidentified", $this->forceidentified);
+
+			$statement->bindValue(':id', $this->id);
+			$statement->bindValue(':updateversion', $this->updateversion);
+
+			$statement->bindValue(':username', $this->username);
+			$statement->bindValue(':email', $this->email);
+			$statement->bindValue(':password', $this->password);
+			$statement->bindValue(':status', $this->status);
+			$statement->bindValue(':onwikiname', $this->onwikiname);
+			$statement->bindValue(':welcome_sig', $this->welcome_sig);
+			$statement->bindValue(':lastactive', $this->lastactive);
+			$statement->bindValue(':forcelogout', $this->forcelogout);
+			$statement->bindValue(':checkuser', $this->checkuser);
+			$statement->bindValue(':forceidentified', $this->forceidentified);
+			$statement->bindValue(':welcome_template', $this->welcome_template);
+			$statement->bindValue(':abortpref', $this->abortpref);
+			$statement->bindValue(':confirmationdiff', $this->confirmationdiff);
+			$statement->bindValue(':emailsig', $this->emailsig);
+			$statement->bindValue(':ort', $this->oauthrequesttoken);
+			$statement->bindValue(':ors', $this->oauthrequestsecret);
+			$statement->bindValue(':oat', $this->oauthaccesstoken);
+			$statement->bindValue(':oas', $this->oauthaccesssecret);
+
+			if (!$statement->execute()) {
+				throw new Exception($statement->errorInfo());
+			}
+
+			if ($statement->rowCount() !== 1) {
+				throw new OptimisticLockFailedException();
+			}
+
+			$this->updateversion++;
+		}
+	}
+
+	/**
+	 * Authenticates the user with the supplied password
+	 *
+	 * @param string $password
+	 *
+	 * @return bool
+	 * @throws Exception
+	 * @category Security-Critical
+	 */
+	public function authenticate($password)
+	{
+		$result = AuthUtility::testCredentials($password, $this->password);
+
+		if ($result === true) {
+			// password version is out of date, update it.
+			if (!AuthUtility::isCredentialVersionLatest($this->password)) {
+				$this->password = AuthUtility::encryptPassword($password);
+				$this->save();
+			}
+		}
+
+		return $result;
+	}
+
+	#region properties
+
+	/**
+	 * Gets the tool username
+	 * @return string
+	 */
+	public function getUsername()
+	{
+		return $this->username;
+	}
+
+	/**
+	 * Sets the tool username
+	 *
+	 * @param string $username
+	 */
+	public function setUsername($username)
+	{
+		$this->username = $username;
+
+		// If this isn't a brand new user, then it's a rename, force the logout
+		if (!$this->isNew()) {
+			$this->forcelogout = 1;
+		}
+	}
+
+	/**
+	 * Gets the user's email address
+	 * @return string
+	 */
+	public function getEmail()
+	{
+		return $this->email;
+	}
+
+	/**
+	 * Sets the user's email address
+	 *
+	 * @param string $email
+	 */
+	public function setEmail($email)
+	{
+		$this->email = $email;
+	}
+
+	/**
+	 * Sets the user's password
+	 *
+	 * @param string $password the plaintext password
+	 *
+	 * @category Security-Critical
+	 */
+	public function setPassword($password)
+	{
+		$this->password = AuthUtility::encryptPassword($password);
+	}
+
+	/**
+	 * Gets the status (User, Admin, Suspended, etc - excludes checkuser) of the user.
+	 * @return string
+	 */
+	public function getStatus()
+	{
+		return $this->status;
+	}
+
+	/**
+	 * @param string $status
+	 */
+	public function setStatus($status)
+	{
+		$this->status = $status;
+	}
+
+	/**
+	 * Gets the user's on-wiki name
+	 * @return string
+	 */
+	public function getOnWikiName()
+	{
+		if ($this->oauthaccesstoken !== null) {
+			try {
+				return $this->getOAuthOnWikiName();
+			}
+			catch (Exception $ex) {
+				// urm.. log this?
+				return $this->onwikiname;
+			}
+		}
+
+		return $this->onwikiname;
+	}
+
+	/**
+	 * This is probably NOT the function you want!
+	 *
+	 * Take a look at getOnWikiName() instead.
+	 * @return string
+	 */
+	public function getStoredOnWikiName()
+	{
+		return $this->onwikiname;
+	}
+
+	/**
+	 * Sets the user's on-wiki name
+	 *
+	 * This can have interesting side-effects with OAuth.
+	 *
+	 * @param string $onWikiName
+	 */
+	public function setOnWikiName($onWikiName)
+	{
+		$this->onwikiname = $onWikiName;
+	}
+
+	/**
+	 * Gets the welcome signature
+	 * @return string
+	 */
+	public function getWelcomeSig()
+	{
+		return $this->welcome_sig;
+	}
+
+	/**
+	 * Sets the welcome signature
+	 *
+	 * @param string $welcomeSig
+	 */
+	public function setWelcomeSig($welcomeSig)
+	{
+		$this->welcome_sig = $welcomeSig;
+	}
+
+	/**
+	 * Gets the last activity date for the user
+	 *
+	 * @return string
+	 * @todo This should probably return an instance of DateTime
+	 */
+	public function getLastActive()
+	{
+		return $this->lastactive;
+	}
+
+	/**
+	 * Gets the user's forced logout status
+	 *
+	 * @return bool
+	 */
+	public function getForceLogout()
+	{
+		return $this->forcelogout == 1;
+	}
+
+	/**
+	 * Sets the user's forced logout status
+	 *
+	 * @param bool $forceLogout
+	 */
+	public function setForceLogout($forceLogout)
+	{
+		$this->forcelogout = $forceLogout ? 1 : 0;
+	}
+
+	/**
+	 * Returns the ID of the welcome template used.
+	 * @return int
+	 */
+	public function getWelcomeTemplate()
+	{
+		return $this->welcome_template;
+	}
+
+	/**
+	 * Sets the ID of the welcome template used.
+	 *
+	 * @param int $welcomeTemplate
+	 */
+	public function setWelcomeTemplate($welcomeTemplate)
+	{
+		$this->welcome_template = $welcomeTemplate;
+	}
+
+	/**
+	 * Gets the user's abort preference
+	 * @todo this is badly named too! Also a bool that's actually an int.
+	 * @return int
+	 */
+	public function getAbortPref()
+	{
+		return $this->abortpref;
+	}
+
+	/**
+	 * Sets the user's abort preference
+	 * @todo rename, retype, and re-comment.
+	 *
+	 * @param int $abortPreference
+	 */
+	public function setAbortPref($abortPreference)
+	{
+		$this->abortpref = $abortPreference;
+	}
+
+	/**
+	 * Gets the user's confirmation diff. Unused if OAuth is in use.
+	 * @return int the diff ID
+	 */
+	public function getConfirmationDiff()
+	{
+		return $this->confirmationdiff;
+	}
+
+	/**
+	 * Sets the user's confirmation diff.
+	 *
+	 * @param int $confirmationDiff
+	 */
+	public function setConfirmationDiff($confirmationDiff)
+	{
+		$this->confirmationdiff = $confirmationDiff;
+	}
+
+	/**
+	 * Gets the users' email signature used on outbound mail.
+	 * @todo rename me!
+	 * @return string
+	 */
+	public function getEmailSig()
+	{
+		return $this->emailsig;
+	}
+
+	/**
+	 * Sets the user's email signature for outbound mail.
+	 *
+	 * @param string $emailSignature
+	 */
+	public function setEmailSig($emailSignature)
+	{
+		$this->emailsig = $emailSignature;
+	}
+
+	/**
+	 * Gets the user's OAuth request token.
+	 *
+	 * @todo move me to a collaborator.
+	 * @return null|string
+	 */
+	public function getOAuthRequestToken()
+	{
+		return $this->oauthrequesttoken;
+	}
+
+	/**
+	 * Sets the user's OAuth request token
+	 * @todo move me to a collaborator
+	 *
+	 * @param string $oAuthRequestToken
+	 */
+	public function setOAuthRequestToken($oAuthRequestToken)
+	{
+		$this->oauthrequesttoken = $oAuthRequestToken;
+	}
+
+	/**
+	 * Gets the users OAuth request secret
+	 * @category Security-Critical
+	 * @todo     move me to a collaborator
+	 * @return null|string
+	 */
+	public function getOAuthRequestSecret()
+	{
+		return $this->oauthrequestsecret;
+	}
+
+	/**
+	 * Sets the user's OAuth request secret
+	 * @todo move me to a collaborator
+	 *
+	 * @param string $oAuthRequestSecret
+	 */
+	public function setOAuthRequestSecret($oAuthRequestSecret)
+	{
+		$this->oauthrequestsecret = $oAuthRequestSecret;
+	}
+
+	/**
+	 * Gets the user's access token
+	 * @category Security-Critical
+	 * @todo     move me to a collaborator
+	 * @return null|string
+	 */
+	public function getOAuthAccessToken()
+	{
+		return $this->oauthaccesstoken;
+	}
+
+	/**
+	 * Sets the user's access token
+	 * @todo move me to a collaborator
+	 *
+	 * @param string $oAuthAccessToken
+	 */
+	public function setOAuthAccessToken($oAuthAccessToken)
+	{
+		$this->oauthaccesstoken = $oAuthAccessToken;
+	}
+
+	/**
+	 * Gets the user's OAuth access secret
+	 * @category Security-Critical
+	 * @todo     move me to a collaborator
+	 * @return null|string
+	 */
+	public function getOAuthAccessSecret()
+	{
+		return $this->oauthaccesssecret;
+	}
+
+	/**
+	 * Sets the user's OAuth access secret
+	 * @todo move me to a collaborator
+	 *
+	 * @param string $oAuthAccessSecret
+	 */
+	public function setOAuthAccessSecret($oAuthAccessSecret)
+	{
+		$this->oauthaccesssecret = $oAuthAccessSecret;
+	}
+
+	#endregion
+
+	#region user access checks
+
+	/**
+	 * Tests if the user is an admin
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isAdmin()
+	{
+		return $this->status == self::STATUS_ADMIN;
+	}
+
+	/**
+	 * Tests if the user is a checkuser
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isCheckuser()
+	{
+		return $this->checkuser == 1 || $this->oauthCanCheckUser();
+	}
+
+	/**
+	 * Tests if the user is identified
+	 *
+	 * @param IdentificationVerifier $iv
+	 *
+	 * @return bool
+	 * @todo     Figure out what on earth is going on with PDO's typecasting here.  Apparently, it returns string("0") for
+	 *       the force-unidentified case, and int(1) for the identified case?!  This is quite ugly, but probably needed
+	 *       to play it safe for now.
+	 * @category Security-Critical
+	 */
+	public function isIdentified(IdentificationVerifier $iv)
+	{
+		if ($this->forceidentified === 0 || $this->forceidentified === "0") {
+			// User forced to unidentified in the database.
+			return false;
+		}
+		elseif ($this->forceidentified === 1 || $this->forceidentified === "1") {
+			// User forced to identified in the database.
+			return true;
+		}
+		else {
+			// User not forced to any particular identified status; consult IdentificationVerifier
+			return $iv->isUserIdentified($this->getOnWikiName());
+		}
+	}
+
+	/**
+	 * Tests if the user is suspended
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isSuspended()
+	{
+		return $this->status == self::STATUS_SUSPENDED;
+	}
+
+	/**
+	 * Tests if the user is new
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isNewUser()
+	{
+		return $this->status == self::STATUS_NEW;
+	}
+
+	/**
+	 * Tests if the user is a standard-level user
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isUser()
+	{
+		return $this->status == self::STATUS_USER;
+	}
+
+	/**
+	 * Tests if the user has been declined access to the tool
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isDeclined()
+	{
+		return $this->status == self::STATUS_DECLINED;
+	}
+
+	/**
+	 * Tests if the user is the community user
+	 *
+	 * @todo     decide if this means logged out. I think it usually does.
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isCommunityUser()
+	{
+		return false;
+	}
+
+	#endregion 
+
+	#region OAuth
+
+	/**
+	 * @todo     move me to a collaborator
+	 *
+	 * @param bool $useCached
+	 *
+	 * @return mixed|null
+	 * @category Security-Critical
+	 */
+	public function getOAuthIdentity($useCached = false)
+	{
+		if ($this->oauthaccesstoken === null) {
+			$this->clearOAuthData();
+		}
+
+		global $oauthConsumerToken, $oauthMediaWikiCanonicalServer;
+
+		if ($this->oauthidentitycache == null) {
+			$this->identityCache = null;
+		}
+		else {
+			$this->identityCache = unserialize($this->oauthidentitycache);
+		}
+
+		// check the cache
+		if (
+			$this->identityCache != null &&
+			$this->identityCache->aud == $oauthConsumerToken &&
+			$this->identityCache->iss == $oauthMediaWikiCanonicalServer
+		) {
+			if (
+				$useCached || (
+					DateTime::createFromFormat("U", $this->identityCache->iat) < new DateTime() &&
+					DateTime::createFromFormat("U", $this->identityCache->exp) > new DateTime()
+				)
+			) {
+				// Use cached value - it's either valid or we don't care.
+				return $this->identityCache;
+			}
+			else {
+				// Cache expired and not forcing use of cached value
+				$this->getIdentityCache();
+
+				return $this->identityCache;
+			}
+		}
+		else {
+			// Cache isn't ours or doesn't exist
+			$this->getIdentityCache();
+
+			return $this->identityCache;
+		}
+	}
+
+	/**
+	 * @todo     move me to a collaborator
+	 *
+	 * @param mixed $useCached Set to false for everything where up-to-date data is important.
+	 *
+	 * @return mixed
+	 * @category Security-Critical
+	 */
+	private function getOAuthOnWikiName($useCached = false)
+	{
+		$identity = $this->getOAuthIdentity($useCached);
+		if ($identity !== null) {
+			return $identity->username;
+		}
+
+		return false;
+	}
+
+	/**
+	 * @return bool
+	 * @todo move me to a collaborator
+	 */
+	public function isOAuthLinked()
+	{
+		if ($this->onwikiname === "##OAUTH##") {
+			return true; // special value. If an account must be oauth linked, this is true.
+		}
+
+		return $this->oauthaccesstoken !== null;
+	}
+
+	/**
+	 * @return null
+	 * @todo move me to a collaborator
+	 */
+	public function clearOAuthData()
+	{
+		$this->identityCache = null;
+		$this->oauthidentitycache = null;
+		$clearCacheQuery = "UPDATE user SET oauthidentitycache = NULL WHERE id = :id;";
+		$this->dbObject->prepare($clearCacheQuery)->execute(array(":id" => $this->id));
+
+		return null;
+	}
+
+	/**
+	 * @throws Exception
+	 * @todo     move me to a collaborator
+	 * @category Security-Critical
+	 */
+	private function getIdentityCache()
+	{
+		/** @var IOAuthHelper $oauthHelper */
+		global $oauthHelper;
+
+		try {
+			$this->identityCache = $oauthHelper->getIdentityTicket($this->oauthaccesstoken, $this->oauthaccesssecret);
+
+			$this->oauthidentitycache = serialize($this->identityCache);
+			$this->dbObject->prepare("UPDATE user SET oauthidentitycache = :identity WHERE id = :id;")
+				->execute(array(":id" => $this->id, ":identity" => $this->oauthidentitycache));
+		}
+		catch (UnexpectedValueException $ex) {
+			$this->identityCache = null;
+			$this->oauthidentitycache = null;
+			$this->dbObject->prepare("UPDATE user SET oauthidentitycache = NULL WHERE id = :id;")
+				->execute(array(":id" => $this->id));
+
+			SessionAlert::warning("OAuth error getting identity from MediaWiki: " . $ex->getMessage());
+		}
+	}
+
+	/**
+	 * @return bool
+	 * @todo move me to a collaborator
+	 */
+	public function oauthCanUse()
+	{
+		try {
+			return in_array('useoauth', $this->getOAuthIdentity()->grants);
+		}
+		catch (Exception $ex) {
+			return false;
+		}
+	}
+
+	/**
+	 * @return bool
+	 * @todo move me to a collaborator
+	 */
+	public function oauthCanEdit()
+	{
+		try {
+			return in_array('useoauth', $this->getOAuthIdentity()->grants)
+			&& in_array('createeditmovepage', $this->getOAuthIdentity()->grants)
+			&& in_array('createtalk', $this->getOAuthIdentity()->rights)
+			&& in_array('edit', $this->getOAuthIdentity()->rights)
+			&& in_array('writeapi', $this->getOAuthIdentity()->rights);
+		}
+		catch (Exception $ex) {
+			return false;
+		}
+	}
+
+	/**
+	 * @return bool
+	 * @todo move me to a collaborator
+	 */
+	public function oauthCanCreateAccount()
+	{
+		try {
+			return in_array('useoauth', $this->getOAuthIdentity()->grants)
+			&& in_array('createaccount', $this->getOAuthIdentity()->grants)
+			&& in_array('createaccount', $this->getOAuthIdentity()->rights)
+			&& in_array('writeapi', $this->getOAuthIdentity()->rights);
+		}
+		catch (Exception $ex) {
+			return false;
+		}
+	}
+
+	/**
+	 * @return bool
+	 * @todo     move me to a collaborator
+	 * @category Security-Critical
+	 */
+	protected function oauthCanCheckUser()
+	{
+		if (!$this->isOAuthLinked()) {
+			return false;
+		}
+
+		try {
+			$identity = $this->getOAuthIdentity();
+
+			return in_array('checkuser', $identity->rights);
+		}
+		catch (Exception $ex) {
+			return false;
+		}
+	}
+
+	#endregion
+
+	/**
+	 * Gets a hash of data for the user to reset their password with.
+	 * @category Security-Critical
+	 * @return string
+	 */
+	public function getForgottenPasswordHash()
+	{
+		return md5($this->username . $this->email . $this->welcome_template . $this->id . $this->password);
+	}
+
+	/**
+	 * Gets the approval date of the user
+	 * @return DateTime|false
+	 */
+	public function getApprovalDate()
+	{
+		$query = $this->dbObject->prepare(<<<SQL
 			SELECT timestamp 
 			FROM log 
 			WHERE objectid = :userid
@@ -1192,12 +1192,12 @@ 
 			ORDER BY id DESC 
 			LIMIT 1;
 SQL
-        );
-        $query->execute(array(":userid" => $this->id));
+		);
+		$query->execute(array(":userid" => $this->id));
 
-        $data = DateTime::createFromFormat("Y-m-d H:i:s", $query->fetchColumn());
-        $query->closeCursor();
+		$data = DateTime::createFromFormat("Y-m-d H:i:s", $query->fetchColumn());
+		$query->closeCursor();
 
-        return $data;
-    }
+		return $data;
+	}
 }

includes/Fragments/TemplateOutput.php

Indentation +61 added lines, -61 removed lines

@@ -15,75 +15,75 @@
 
 trait TemplateOutput
 {
-    /** @var Smarty */
-    private $smarty;
-    /** @var string Extra JavaScript to include at the end of the page's execution */
-    private $tailScript;
+	/** @var Smarty */
+	private $smarty;
+	/** @var string Extra JavaScript to include at the end of the page's execution */
+	private $tailScript;
 
-    /**
-     * @return SiteConfiguration
-     */
-    protected abstract function getSiteConfiguration();
+	/**
+	 * @return SiteConfiguration
+	 */
+	protected abstract function getSiteConfiguration();
 
-    /**
-     * Include extra JavaScript at the end of the page's execution
-     *
-     * @param $script string JavaScript to include at the end of the page
-     */
-    final protected function setTailScript($script)
-    {
-        $this->tailScript = $script;
-    }
+	/**
+	 * Include extra JavaScript at the end of the page's execution
+	 *
+	 * @param $script string JavaScript to include at the end of the page
+	 */
+	final protected function setTailScript($script)
+	{
+		$this->tailScript = $script;
+	}
 
-    /**
-     * Assigns a Smarty variable
-     *
-     * @param  array|string $name  the template variable name(s)
-     * @param  mixed        $value the value to assign
-     */
-    final protected function assign($name, $value)
-    {
-        $this->smarty->assign($name, $value);
-    }
+	/**
+	 * Assigns a Smarty variable
+	 *
+	 * @param  array|string $name  the template variable name(s)
+	 * @param  mixed        $value the value to assign
+	 */
+	final protected function assign($name, $value)
+	{
+		$this->smarty->assign($name, $value);
+	}
 
-    /**
-     * Sets up the variables used by the main Smarty base template.
-     *
-     * This list is getting kinda long.
-     */
-    final protected function setUpSmarty()
-    {
-        $this->smarty = new Smarty();
-        $this->smarty->addPluginsDir($this->getSiteConfiguration()->getFilePath() . '/smarty-plugins');
+	/**
+	 * Sets up the variables used by the main Smarty base template.
+	 *
+	 * This list is getting kinda long.
+	 */
+	final protected function setUpSmarty()
+	{
+		$this->smarty = new Smarty();
+		$this->smarty->addPluginsDir($this->getSiteConfiguration()->getFilePath() . '/smarty-plugins');
 
-        $this->assign('currentUser', User::getCommunity());
-        $this->assign('loggedIn', false);
-        $this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
-        $this->assign('mediawikiScriptPath', $this->getSiteConfiguration()->getMediawikiScriptPath());
+		$this->assign('currentUser', User::getCommunity());
+		$this->assign('loggedIn', false);
+		$this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
+		$this->assign('mediawikiScriptPath', $this->getSiteConfiguration()->getMediawikiScriptPath());
 
-        $this->assign('siteNoticeText', '');
-        $this->assign('toolversion', Environment::getToolVersion());
+		$this->assign('siteNoticeText', '');
+		$this->assign('toolversion', Environment::getToolVersion());
 
-        // default these
-        $this->assign('onlineusers', array());
-        $this->assign('typeAheadBlock', '');
-        $this->assign('extraJs', array());
-        $this->assign('extraCss', array());
+		// default these
+		$this->assign('onlineusers', array());
+		$this->assign('typeAheadBlock', '');
+		$this->assign('extraJs', array());
+		$this->assign('extraCss', array());
 
-        $this->assign('page', $this);
-    }
+		$this->assign('page', $this);
+	}
 
-    /**
-     * Fetches a rendered Smarty template
-     *
-     * @param $template string Template file path, relative to /templates/
-     *
-     * @return string Templated HTML
-     */
-    final protected function fetchTemplate($template)
-    {
-        $this->assign("tailScript", $this->tailScript);
+	/**
+	 * Fetches a rendered Smarty template
+	 *
+	 * @param $template string Template file path, relative to /templates/
+	 *
+	 * @return string Templated HTML
+	 */
+	final protected function fetchTemplate($template)
+	{
+		$this->assign("tailScript", $this->tailScript);
 
-        return $this->smarty->fetch($template);
-    }
+		return $this->smarty->fetch($template);
+	}
 }

includes/Pages/PageUserManagement.php

Indentation +508 added lines, -508 removed lines

@@ -22,512 +22,512 @@
  */
 class PageUserManagement extends InternalPageBase
 {
-    /** @var string */
-    private $adminMailingList = 'enwiki-acc-admins@googlegroups.com';
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        if (WebRequest::getBoolean("showAll")) {
-            $this->assign("showAll", true);
-
-            $this->assign("suspendedUsers", User::getAllWithStatus(User::STATUS_SUSPENDED, $database));
-            $this->assign("declinedUsers", User::getAllWithStatus(User::STATUS_DECLINED, $database));
-        }
-        else {
-            $this->assign("showAll", false);
-            $this->assign("suspendedUsers", array());
-            $this->assign("declinedUsers", array());
-        }
-
-        $this->assign("newUsers", User::getAllWithStatus(User::STATUS_NEW, $database));
-        $this->assign("normalUsers", User::getAllWithStatus(User::STATUS_USER, $database));
-        $this->assign("adminUsers", User::getAllWithStatus(User::STATUS_ADMIN, $database));
-        $this->assign("checkUsers", User::getAllCheckusers($database));
-
-        $this->getTypeAheadHelper()->defineTypeAheadSource('username-typeahead', function() use ($database) {
-            return User::getAllUsernames($database);
-        });
-
-        $this->setTemplate("usermanagement/main.tpl");
-    }
-
-    #region Access control
-
-    /**
-     * Action target for suspending users
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function suspend()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-
-        /** @var User $user */
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to suspend could not be found.');
-        }
-
-        if ($user->isSuspended()) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to suspend is already suspended.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $reason = WebRequest::postString('reason');
-
-            if ($reason === null || trim($reason) === "") {
-                throw new ApplicationLogicException('No reason provided');
-            }
-
-            $user->setStatus(User::STATUS_SUSPENDED);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $user->save();
-            Logger::suspendedUser($database, $user, $reason);
-
-            $this->getNotificationHelper()->userSuspended($user, $reason);
-            SessionAlert::quick('Suspended user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
-
-            // send email
-            $this->sendStatusChangeEmail(
-                'Your WP:ACC account has been suspended',
-                'usermanagement/emails/suspended.tpl',
-                $reason,
-                $user,
-                User::getCurrent($database)->getUsername()
-            );
-
-            $this->redirect('userManagement');
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('usermanagement/changelevel-reason.tpl');
-            $this->assign('user', $user);
-            $this->assign('status', 'Suspended');
-            $this->assign("showReason", true);
-        }
-    }
-
-    /**
-     * Entry point for the decline action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function decline()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to decline could not be found.');
-        }
-
-        if (!$user->isNewUser()) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to decline is not new.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $reason = WebRequest::postString('reason');
-
-            if ($reason === null || trim($reason) === "") {
-                throw new ApplicationLogicException('No reason provided');
-            }
-
-            $user->setStatus(User::STATUS_DECLINED);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $user->save();
-            Logger::declinedUser($database, $user, $reason);
-
-            $this->getNotificationHelper()->userDeclined($user, $reason);
-            SessionAlert::quick('Declined user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
-
-            // send email
-            $this->sendStatusChangeEmail(
-                'Your WP:ACC account has been declined',
-                'usermanagement/emails/declined.tpl',
-                $reason,
-                $user,
-                User::getCurrent($database)->getUsername()
-            );
-
-            $this->redirect('userManagement');
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('usermanagement/changelevel-reason.tpl');
-            $this->assign('user', $user);
-            $this->assign('status', 'Declined');
-            $this->assign("showReason", true);
-        }
-    }
-
-    /**
-     * Entry point for the demote action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function demote()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to demote could not be found.');
-        }
-
-        if (!$user->isAdmin()) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to demote is not an admin.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $reason = WebRequest::postString('reason');
-
-            if ($reason === null || trim($reason) === "") {
-                throw new ApplicationLogicException('No reason provided');
-            }
-
-            $user->setStatus(User::STATUS_USER);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $user->save();
-            Logger::demotedUser($database, $user, $reason);
-
-            $this->getNotificationHelper()->userDemoted($user, $reason);
-            SessionAlert::quick('Demoted user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
-
-            // send email
-            $this->sendStatusChangeEmail(
-                'Your WP:ACC account has been demoted',
-                'usermanagement/emails/demoted.tpl',
-                $reason,
-                $user,
-                User::getCurrent($database)->getUsername()
-            );
-
-            $this->redirect('userManagement');
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('usermanagement/changelevel-reason.tpl');
-            $this->assign('user', $user);
-            $this->assign('status', 'User');
-            $this->assign("showReason", true);
-        }
-    }
-
-    /**
-     * Entry point for the approve action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function approve()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to approve could not be found.');
-        }
-
-        if ($user->isUser() || $user->isAdmin()) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to approve is already an active user.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $user->setStatus(User::STATUS_USER);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $user->save();
-            Logger::approvedUser($database, $user);
-
-            $this->getNotificationHelper()->userApproved($user);
-            SessionAlert::quick('Approved user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
-
-            // send email
-            $this->sendStatusChangeEmail(
-                'Your WP:ACC account has been approved',
-                'usermanagement/emails/approved.tpl',
-                null,
-                $user,
-                User::getCurrent($database)->getUsername()
-            );
-
-            $this->redirect("userManagement");
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate("usermanagement/changelevel-reason.tpl");
-            $this->assign("user", $user);
-            $this->assign("status", "User");
-            $this->assign("showReason", false);
-        }
-    }
-
-    /**
-     * Entry point for the promote action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function promote()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to promote could not be found.');
-        }
-
-        if ($user->isAdmin()) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to promote is already an admin.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $user->setStatus(User::STATUS_ADMIN);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-            $user->save();
-            Logger::promotedUser($database, $user);
-
-            $this->getNotificationHelper()->userPromoted($user);
-            SessionAlert::quick('Promoted user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
-
-            // send email
-            $this->sendStatusChangeEmail(
-                'Your WP:ACC account has been promoted',
-                'usermanagement/emails/promoted.tpl',
-                null,
-                $user,
-                User::getCurrent($database)->getUsername()
-            );
-
-            $this->redirect("userManagement");
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate("usermanagement/changelevel-reason.tpl");
-            $this->assign("user", $user);
-            $this->assign("status", "Admin");
-            $this->assign("showReason", false);
-        }
-    }
-
-    #endregion
-
-    #region Renaming / Editing
-
-    /**
-     * Entry point for the rename action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function rename()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to rename could not be found.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $newUsername = WebRequest::postString('newname');
-
-            if ($newUsername === null || trim($newUsername) === "") {
-                throw new ApplicationLogicException('The new username cannot be empty');
-            }
-
-            if (User::getByUsername($newUsername, $database) != false) {
-                throw new ApplicationLogicException('The new username already exists');
-            }
-
-            $oldUsername = $user->getUsername();
-            $user->setUsername($newUsername);
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-
-            $user->save();
-
-            $logEntryData = serialize(array(
-                'old' => $oldUsername,
-                'new' => $newUsername,
-            ));
-
-            Logger::renamedUser($database, $user, $logEntryData);
-
-            SessionAlert::quick("Changed User "
-                . htmlentities($oldUsername, ENT_COMPAT, 'UTF-8')
-                . " name to "
-                . htmlentities($newUsername, ENT_COMPAT, 'UTF-8'));
-
-            $this->getNotificationHelper()->userRenamed($user, $oldUsername);
-
-            // send an email to the user.
-            $this->assign('targetUsername', $user->getUsername());
-            $this->assign('toolAdmin', User::getCurrent($database)->getUsername());
-            $this->assign('oldUsername', $oldUsername);
-            $this->assign('mailingList', $this->adminMailingList);
-
-            $this->getEmailHelper()->sendMail(
-                $user->getEmail(),
-                'Your username on WP:ACC has been changed',
-                $this->fetchTemplate('usermanagement/emails/renamed.tpl'),
-                array('Reply-To' => $this->adminMailingList)
-            );
-
-            $this->redirect("userManagement");
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('usermanagement/renameuser.tpl');
-            $this->assign('user', $user);
-        }
-    }
-
-    /**
-     * Entry point for the edit action
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function editUser()
-    {
-        $this->setHtmlTitle('User Management');
-
-        $database = $this->getDatabase();
-
-        $userId = WebRequest::getInt('user');
-        $user = User::getById($userId, $database);
-
-        if ($user === false) {
-            throw new ApplicationLogicException('Sorry, the user you are trying to edit could not be found.');
-        }
-
-        // Dual-mode action
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $newEmail = WebRequest::postEmail('user_email');
-            $newOnWikiName = WebRequest::postString('user_onwikiname');
-
-            if ($newEmail === null) {
-                throw new ApplicationLogicException('Invalid email address');
-            }
-
-            if (!$user->isOAuthLinked()) {
-                if (trim($newOnWikiName) == "") {
-                    throw new ApplicationLogicException('New on-wiki username cannot be blank');
-                }
-
-                $user->setOnWikiName($newOnWikiName);
-            }
-
-            $user->setEmail($newEmail);
-
-            $user->setUpdateVersion(WebRequest::postInt('updateversion'));
-
-            $user->save();
-
-            Logger::userPreferencesChange($database, $user);
-            $this->getNotificationHelper()->userPrefChange($user);
-            SessionAlert::quick('Changes to user\'s preferences have been saved');
-
-            $this->redirect("userManagement");
-
-            return;
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('usermanagement/edituser.tpl');
-            $this->assign('user', $user);
-        }
-    }
-
-    #endregion
-
-    /**
-     * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
-     * the return value from this function.
-     *
-     * If this page even supports actions, you will need to check the route
-     *
-     * @return SecurityConfiguration
-     * @category Security-Critical
-     */
-    protected function getSecurityConfiguration()
-    {
-        return $this->getSecurityManager()->configure()->asAdminPage();
-    }
-
-    /**
-     * Sends a status change email to the user.
-     *
-     * @param string      $subject           The subject of the email
-     * @param string      $template          The smarty template to use
-     * @param string|null $reason            The reason for performing the status change
-     * @param User        $user              The user affected
-     * @param string      $toolAdminUsername The tool admin's username who is making the edit
-     */
-    private function sendStatusChangeEmail($subject, $template, $reason, $user, $toolAdminUsername)
-    {
-        $this->assign('targetUsername', $user->getUsername());
-        $this->assign('toolAdmin', $toolAdminUsername);
-        $this->assign('actionReason', $reason);
-        $this->assign('mailingList', $this->adminMailingList);
-
-        $this->getEmailHelper()->sendMail(
-            $user->getEmail(),
-            $subject,
-            $this->fetchTemplate($template),
-            array('Reply-To' => $this->adminMailingList)
-        );
-    }
+	/** @var string */
+	private $adminMailingList = 'enwiki-acc-admins@googlegroups.com';
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		if (WebRequest::getBoolean("showAll")) {
+			$this->assign("showAll", true);
+
+			$this->assign("suspendedUsers", User::getAllWithStatus(User::STATUS_SUSPENDED, $database));
+			$this->assign("declinedUsers", User::getAllWithStatus(User::STATUS_DECLINED, $database));
+		}
+		else {
+			$this->assign("showAll", false);
+			$this->assign("suspendedUsers", array());
+			$this->assign("declinedUsers", array());
+		}
+
+		$this->assign("newUsers", User::getAllWithStatus(User::STATUS_NEW, $database));
+		$this->assign("normalUsers", User::getAllWithStatus(User::STATUS_USER, $database));
+		$this->assign("adminUsers", User::getAllWithStatus(User::STATUS_ADMIN, $database));
+		$this->assign("checkUsers", User::getAllCheckusers($database));
+
+		$this->getTypeAheadHelper()->defineTypeAheadSource('username-typeahead', function() use ($database) {
+			return User::getAllUsernames($database);
+		});
+
+		$this->setTemplate("usermanagement/main.tpl");
+	}
+
+	#region Access control
+
+	/**
+	 * Action target for suspending users
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function suspend()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+
+		/** @var User $user */
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to suspend could not be found.');
+		}
+
+		if ($user->isSuspended()) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to suspend is already suspended.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$reason = WebRequest::postString('reason');
+
+			if ($reason === null || trim($reason) === "") {
+				throw new ApplicationLogicException('No reason provided');
+			}
+
+			$user->setStatus(User::STATUS_SUSPENDED);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$user->save();
+			Logger::suspendedUser($database, $user, $reason);
+
+			$this->getNotificationHelper()->userSuspended($user, $reason);
+			SessionAlert::quick('Suspended user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
+
+			// send email
+			$this->sendStatusChangeEmail(
+				'Your WP:ACC account has been suspended',
+				'usermanagement/emails/suspended.tpl',
+				$reason,
+				$user,
+				User::getCurrent($database)->getUsername()
+			);
+
+			$this->redirect('userManagement');
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('usermanagement/changelevel-reason.tpl');
+			$this->assign('user', $user);
+			$this->assign('status', 'Suspended');
+			$this->assign("showReason", true);
+		}
+	}
+
+	/**
+	 * Entry point for the decline action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function decline()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to decline could not be found.');
+		}
+
+		if (!$user->isNewUser()) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to decline is not new.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$reason = WebRequest::postString('reason');
+
+			if ($reason === null || trim($reason) === "") {
+				throw new ApplicationLogicException('No reason provided');
+			}
+
+			$user->setStatus(User::STATUS_DECLINED);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$user->save();
+			Logger::declinedUser($database, $user, $reason);
+
+			$this->getNotificationHelper()->userDeclined($user, $reason);
+			SessionAlert::quick('Declined user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
+
+			// send email
+			$this->sendStatusChangeEmail(
+				'Your WP:ACC account has been declined',
+				'usermanagement/emails/declined.tpl',
+				$reason,
+				$user,
+				User::getCurrent($database)->getUsername()
+			);
+
+			$this->redirect('userManagement');
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('usermanagement/changelevel-reason.tpl');
+			$this->assign('user', $user);
+			$this->assign('status', 'Declined');
+			$this->assign("showReason", true);
+		}
+	}
+
+	/**
+	 * Entry point for the demote action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function demote()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to demote could not be found.');
+		}
+
+		if (!$user->isAdmin()) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to demote is not an admin.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$reason = WebRequest::postString('reason');
+
+			if ($reason === null || trim($reason) === "") {
+				throw new ApplicationLogicException('No reason provided');
+			}
+
+			$user->setStatus(User::STATUS_USER);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$user->save();
+			Logger::demotedUser($database, $user, $reason);
+
+			$this->getNotificationHelper()->userDemoted($user, $reason);
+			SessionAlert::quick('Demoted user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
+
+			// send email
+			$this->sendStatusChangeEmail(
+				'Your WP:ACC account has been demoted',
+				'usermanagement/emails/demoted.tpl',
+				$reason,
+				$user,
+				User::getCurrent($database)->getUsername()
+			);
+
+			$this->redirect('userManagement');
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('usermanagement/changelevel-reason.tpl');
+			$this->assign('user', $user);
+			$this->assign('status', 'User');
+			$this->assign("showReason", true);
+		}
+	}
+
+	/**
+	 * Entry point for the approve action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function approve()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to approve could not be found.');
+		}
+
+		if ($user->isUser() || $user->isAdmin()) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to approve is already an active user.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$user->setStatus(User::STATUS_USER);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$user->save();
+			Logger::approvedUser($database, $user);
+
+			$this->getNotificationHelper()->userApproved($user);
+			SessionAlert::quick('Approved user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
+
+			// send email
+			$this->sendStatusChangeEmail(
+				'Your WP:ACC account has been approved',
+				'usermanagement/emails/approved.tpl',
+				null,
+				$user,
+				User::getCurrent($database)->getUsername()
+			);
+
+			$this->redirect("userManagement");
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate("usermanagement/changelevel-reason.tpl");
+			$this->assign("user", $user);
+			$this->assign("status", "User");
+			$this->assign("showReason", false);
+		}
+	}
+
+	/**
+	 * Entry point for the promote action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function promote()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to promote could not be found.');
+		}
+
+		if ($user->isAdmin()) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to promote is already an admin.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$user->setStatus(User::STATUS_ADMIN);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+			$user->save();
+			Logger::promotedUser($database, $user);
+
+			$this->getNotificationHelper()->userPromoted($user);
+			SessionAlert::quick('Promoted user ' . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'));
+
+			// send email
+			$this->sendStatusChangeEmail(
+				'Your WP:ACC account has been promoted',
+				'usermanagement/emails/promoted.tpl',
+				null,
+				$user,
+				User::getCurrent($database)->getUsername()
+			);
+
+			$this->redirect("userManagement");
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate("usermanagement/changelevel-reason.tpl");
+			$this->assign("user", $user);
+			$this->assign("status", "Admin");
+			$this->assign("showReason", false);
+		}
+	}
+
+	#endregion
+
+	#region Renaming / Editing
+
+	/**
+	 * Entry point for the rename action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function rename()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to rename could not be found.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$newUsername = WebRequest::postString('newname');
+
+			if ($newUsername === null || trim($newUsername) === "") {
+				throw new ApplicationLogicException('The new username cannot be empty');
+			}
+
+			if (User::getByUsername($newUsername, $database) != false) {
+				throw new ApplicationLogicException('The new username already exists');
+			}
+
+			$oldUsername = $user->getUsername();
+			$user->setUsername($newUsername);
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+
+			$user->save();
+
+			$logEntryData = serialize(array(
+				'old' => $oldUsername,
+				'new' => $newUsername,
+			));
+
+			Logger::renamedUser($database, $user, $logEntryData);
+
+			SessionAlert::quick("Changed User "
+				. htmlentities($oldUsername, ENT_COMPAT, 'UTF-8')
+				. " name to "
+				. htmlentities($newUsername, ENT_COMPAT, 'UTF-8'));
+
+			$this->getNotificationHelper()->userRenamed($user, $oldUsername);
+
+			// send an email to the user.
+			$this->assign('targetUsername', $user->getUsername());
+			$this->assign('toolAdmin', User::getCurrent($database)->getUsername());
+			$this->assign('oldUsername', $oldUsername);
+			$this->assign('mailingList', $this->adminMailingList);
+
+			$this->getEmailHelper()->sendMail(
+				$user->getEmail(),
+				'Your username on WP:ACC has been changed',
+				$this->fetchTemplate('usermanagement/emails/renamed.tpl'),
+				array('Reply-To' => $this->adminMailingList)
+			);
+
+			$this->redirect("userManagement");
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('usermanagement/renameuser.tpl');
+			$this->assign('user', $user);
+		}
+	}
+
+	/**
+	 * Entry point for the edit action
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function editUser()
+	{
+		$this->setHtmlTitle('User Management');
+
+		$database = $this->getDatabase();
+
+		$userId = WebRequest::getInt('user');
+		$user = User::getById($userId, $database);
+
+		if ($user === false) {
+			throw new ApplicationLogicException('Sorry, the user you are trying to edit could not be found.');
+		}
+
+		// Dual-mode action
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$newEmail = WebRequest::postEmail('user_email');
+			$newOnWikiName = WebRequest::postString('user_onwikiname');
+
+			if ($newEmail === null) {
+				throw new ApplicationLogicException('Invalid email address');
+			}
+
+			if (!$user->isOAuthLinked()) {
+				if (trim($newOnWikiName) == "") {
+					throw new ApplicationLogicException('New on-wiki username cannot be blank');
+				}
+
+				$user->setOnWikiName($newOnWikiName);
+			}
+
+			$user->setEmail($newEmail);
+
+			$user->setUpdateVersion(WebRequest::postInt('updateversion'));
+
+			$user->save();
+
+			Logger::userPreferencesChange($database, $user);
+			$this->getNotificationHelper()->userPrefChange($user);
+			SessionAlert::quick('Changes to user\'s preferences have been saved');
+
+			$this->redirect("userManagement");
+
+			return;
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('usermanagement/edituser.tpl');
+			$this->assign('user', $user);
+		}
+	}
+
+	#endregion
+
+	/**
+	 * Sets up the security for this page. If certain actions have different permissions, this should be reflected in
+	 * the return value from this function.
+	 *
+	 * If this page even supports actions, you will need to check the route
+	 *
+	 * @return SecurityConfiguration
+	 * @category Security-Critical
+	 */
+	protected function getSecurityConfiguration()
+	{
+		return $this->getSecurityManager()->configure()->asAdminPage();
+	}
+
+	/**
+	 * Sends a status change email to the user.
+	 *
+	 * @param string      $subject           The subject of the email
+	 * @param string      $template          The smarty template to use
+	 * @param string|null $reason            The reason for performing the status change
+	 * @param User        $user              The user affected
+	 * @param string      $toolAdminUsername The tool admin's username who is making the edit
+	 */
+	private function sendStatusChangeEmail($subject, $template, $reason, $user, $toolAdminUsername)
+	{
+		$this->assign('targetUsername', $user->getUsername());
+		$this->assign('toolAdmin', $toolAdminUsername);
+		$this->assign('actionReason', $reason);
+		$this->assign('mailingList', $this->adminMailingList);
+
+		$this->getEmailHelper()->sendMail(
+			$user->getEmail(),
+			$subject,
+			$this->fetchTemplate($template),
+			array('Reply-To' => $this->adminMailingList)
+		);
+	}
 }
\ No newline at end of file

includes/IdentificationVerifier.php

Indentation +157 added lines, -157 removed lines

@@ -26,131 +26,131 @@ 
  */
 class IdentificationVerifier
 {
-    /**
-     * This field is an array of parameters, in key => value format, that should be appended to the Meta Wikimedia
-     * Web Service Endpoint URL to query if a user is listed on the Identification Noticeboard.  Note that URL encoding
-     * of these values is *not* necessary; this is done automatically.
-     *
-     * @var string[]
-     * @category Security-Critical
-     */
-    private static $apiQueryParameters = array(
-        'action'   => 'query',
-        'format'   => 'json',
-        'prop'     => 'links',
-        'titles'   => 'Access to nonpublic information policy/Noticeboard',
-        // Username of the user to be checked, with User: prefix, goes here!  Set in isIdentifiedOnWiki()
-        'pltitles' => '',
-    );
-    /** @var HttpHelper */
-    private $httpHelper;
-    /** @var SiteConfiguration */
-    private $siteConfiguration;
-    /** @var PdoDatabase */
-    private $dbObject;
-
-    /**
-     * IdentificationVerifier constructor.
-     *
-     * @param HttpHelper        $httpHelper
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $dbObject
-     */
-    public function __construct(HttpHelper $httpHelper, SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
-    {
-        $this->httpHelper = $httpHelper;
-        $this->siteConfiguration = $siteConfiguration;
-        $this->dbObject = $dbObject;
-    }
-
-    /**
-     * Checks if the given user is identified to the Wikimedia Foundation.
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    public function isUserIdentified($onWikiName)
-    {
-        if ($this->checkIdentificationCache($onWikiName)) {
-            return true;
-        }
-        else {
-            if ($this->isIdentifiedOnWiki($onWikiName)) {
-                $this->cacheIdentificationStatus($onWikiName);
-
-                return true;
-            }
-            else {
-                return false;
-            }
-        }
-    }
-
-    /**
-     * Checks if the given user has a valid entry in the idcache table.
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    private function checkIdentificationCache($onWikiName)
-    {
-        $interval = $this->siteConfiguration->getIdentificationCacheExpiry();
-
-        $query = <<<SQL
+	/**
+	 * This field is an array of parameters, in key => value format, that should be appended to the Meta Wikimedia
+	 * Web Service Endpoint URL to query if a user is listed on the Identification Noticeboard.  Note that URL encoding
+	 * of these values is *not* necessary; this is done automatically.
+	 *
+	 * @var string[]
+	 * @category Security-Critical
+	 */
+	private static $apiQueryParameters = array(
+		'action'   => 'query',
+		'format'   => 'json',
+		'prop'     => 'links',
+		'titles'   => 'Access to nonpublic information policy/Noticeboard',
+		// Username of the user to be checked, with User: prefix, goes here!  Set in isIdentifiedOnWiki()
+		'pltitles' => '',
+	);
+	/** @var HttpHelper */
+	private $httpHelper;
+	/** @var SiteConfiguration */
+	private $siteConfiguration;
+	/** @var PdoDatabase */
+	private $dbObject;
+
+	/**
+	 * IdentificationVerifier constructor.
+	 *
+	 * @param HttpHelper        $httpHelper
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $dbObject
+	 */
+	public function __construct(HttpHelper $httpHelper, SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
+	{
+		$this->httpHelper = $httpHelper;
+		$this->siteConfiguration = $siteConfiguration;
+		$this->dbObject = $dbObject;
+	}
+
+	/**
+	 * Checks if the given user is identified to the Wikimedia Foundation.
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	public function isUserIdentified($onWikiName)
+	{
+		if ($this->checkIdentificationCache($onWikiName)) {
+			return true;
+		}
+		else {
+			if ($this->isIdentifiedOnWiki($onWikiName)) {
+				$this->cacheIdentificationStatus($onWikiName);
+
+				return true;
+			}
+			else {
+				return false;
+			}
+		}
+	}
+
+	/**
+	 * Checks if the given user has a valid entry in the idcache table.
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	private function checkIdentificationCache($onWikiName)
+	{
+		$interval = $this->siteConfiguration->getIdentificationCacheExpiry();
+
+		$query = <<<SQL
 			SELECT COUNT(`id`)
 			FROM `idcache`
 			WHERE `onwikiusername` = :onwikiname
 				AND DATE_ADD(`checktime`, INTERVAL {$interval}) >= NOW();
 SQL;
-        $stmt = $this->dbObject->prepare($query);
-        $stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
-        $stmt->execute();
-
-        // Guaranteed by the query to only return a single row with a single column
-        $results = $stmt->fetch(PDO::FETCH_NUM);
-
-        // I don't expect this to ever be a value other than 0 or 1 since the `onwikiusername` column is declared as a
-        // unique key - but meh.
-        return $results[0] != 0;
-    }
-
-    /**
-     * Does pretty much exactly what it says on the label - this method will clear all expired idcache entries from the
-     * idcache table.  Meant to be called periodically by a maintenance script.
-     *
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $dbObject
-     *
-     * @return void
-     */
-    public static function clearExpiredCacheEntries(SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
-    {
-        $interval = $siteConfiguration->getIdentificationCacheExpiry();
-
-        $query = <<<SQL
+		$stmt = $this->dbObject->prepare($query);
+		$stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
+		$stmt->execute();
+
+		// Guaranteed by the query to only return a single row with a single column
+		$results = $stmt->fetch(PDO::FETCH_NUM);
+
+		// I don't expect this to ever be a value other than 0 or 1 since the `onwikiusername` column is declared as a
+		// unique key - but meh.
+		return $results[0] != 0;
+	}
+
+	/**
+	 * Does pretty much exactly what it says on the label - this method will clear all expired idcache entries from the
+	 * idcache table.  Meant to be called periodically by a maintenance script.
+	 *
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $dbObject
+	 *
+	 * @return void
+	 */
+	public static function clearExpiredCacheEntries(SiteConfiguration $siteConfiguration, PdoDatabase $dbObject)
+	{
+		$interval = $siteConfiguration->getIdentificationCacheExpiry();
+
+		$query = <<<SQL
 			DELETE FROM `idcache`
 			WHERE DATE_ADD(`checktime`, INTERVAL {$interval}) < NOW();
 SQL;
-        $dbObject->prepare($query)->execute();
-    }
-
-    /**
-     * This method will add an entry to the idcache that the given Wikipedia user has been verified as identified.  This
-     * is so we don't have to hit the API every single time we check.  The cache entry is valid for as long as specified
-     * in the ACC configuration (validity enforced by checkIdentificationCache() and clearExpiredCacheEntries()).
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return void
-     * @category Security-Critical
-     */
-    private function cacheIdentificationStatus($onWikiName)
-    {
-        $query = <<<SQL
+		$dbObject->prepare($query)->execute();
+	}
+
+	/**
+	 * This method will add an entry to the idcache that the given Wikipedia user has been verified as identified.  This
+	 * is so we don't have to hit the API every single time we check.  The cache entry is valid for as long as specified
+	 * in the ACC configuration (validity enforced by checkIdentificationCache() and clearExpiredCacheEntries()).
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return void
+	 * @category Security-Critical
+	 */
+	private function cacheIdentificationStatus($onWikiName)
+	{
+		$query = <<<SQL
 			INSERT INTO `idcache`
 				(`onwikiusername`)
 			VALUES
@@ -159,44 +159,44 @@ 
 				`onwikiusername` = VALUES(`onwikiusername`),
 				`checktime` = CURRENT_TIMESTAMP;
 SQL;
-        $stmt = $this->dbObject->prepare($query);
-        $stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
-        $stmt->execute();
-    }
-
-    /**
-     * Queries the Wikimedia API to determine if the specified user is listed on the identification noticeboard.
-     *
-     * @param string $onWikiName The Wikipedia username of the user
-     *
-     * @return bool
-     * @throws EnvironmentException
-     * @category Security-Critical
-     */
-    private function isIdentifiedOnWiki($onWikiName)
-    {
-        $strings = new StringFunctions();
-
-        // First character of Wikipedia usernames is always capitalized.
-        $onWikiName = $strings->ucfirst($onWikiName);
-
-        $parameters = self::$apiQueryParameters;
-        $parameters['pltitles'] = "User:" . $onWikiName;
-
-        try {
-            $endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
-            $response = $this->httpHelper->get($endpoint, $parameters);
-            $response = json_decode($response, true);
-        } catch (CurlException $ex) {
-            // failed getting identification status, so throw a nicer error.
-            $m = 'Could not contact metawiki API to determine user\' identification status. '
-                . 'This is probably a transient error, so please try again.';
-
-            throw new EnvironmentException($m, 0, $ex);
-        }
-
-        $page = @array_pop($response['query']['pages']);
-
-        return @$page['links'][0]['title'] === "User:" . $onWikiName;
-    }
+		$stmt = $this->dbObject->prepare($query);
+		$stmt->bindValue(':onwikiname', $onWikiName, PDO::PARAM_STR);
+		$stmt->execute();
+	}
+
+	/**
+	 * Queries the Wikimedia API to determine if the specified user is listed on the identification noticeboard.
+	 *
+	 * @param string $onWikiName The Wikipedia username of the user
+	 *
+	 * @return bool
+	 * @throws EnvironmentException
+	 * @category Security-Critical
+	 */
+	private function isIdentifiedOnWiki($onWikiName)
+	{
+		$strings = new StringFunctions();
+
+		// First character of Wikipedia usernames is always capitalized.
+		$onWikiName = $strings->ucfirst($onWikiName);
+
+		$parameters = self::$apiQueryParameters;
+		$parameters['pltitles'] = "User:" . $onWikiName;
+
+		try {
+			$endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
+			$response = $this->httpHelper->get($endpoint, $parameters);
+			$response = json_decode($response, true);
+		} catch (CurlException $ex) {
+			// failed getting identification status, so throw a nicer error.
+			$m = 'Could not contact metawiki API to determine user\' identification status. '
+				. 'This is probably a transient error, so please try again.';
+
+			throw new EnvironmentException($m, 0, $ex);
+		}
+
+		$page = @array_pop($response['query']['pages']);
+
+		return @$page['links'][0]['title'] === "User:" . $onWikiName;
+	}
 }

Braces +2 added lines, -1 removed lines

@@ -187,7 +187,8 @@
             $endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
             $response = $this->httpHelper->get($endpoint, $parameters);
             $response = json_decode($response, true);
-        } catch (CurlException $ex) {
+        }
+        catch (CurlException $ex) {
             // failed getting identification status, so throw a nicer error.
             $m = 'Could not contact metawiki API to determine user\' identification status. '
                 . 'This is probably a transient error, so please try again.';

Spacing +2 added lines, -2 removed lines

@@ -181,7 +181,7 @@ 
         $onWikiName = $strings->ucfirst($onWikiName);
 
         $parameters = self::$apiQueryParameters;
-        $parameters['pltitles'] = "User:" . $onWikiName;
+        $parameters['pltitles'] = "User:".$onWikiName;
 
         try {
             $endpoint = $this->siteConfiguration->getMetaWikimediaWebServiceEndpoint();
@@ -197,6 +197,6 @@ 
 
         $page = @array_pop($response['query']['pages']);
 
-        return @$page['links'][0]['title'] === "User:" . $onWikiName;
+        return @$page['links'][0]['title'] === "User:".$onWikiName;
     }
 }