Index: CheckUser.i18n.php =================================================================== --- CheckUser.i18n.php (revision 86461) +++ CheckUser.i18n.php (working copy) @@ -25,6 +25,7 @@ 'group-checkuser-member' => 'Check user', 'right-checkuser' => "Check user's IP addresses and other information", 'right-checkuser-log' => 'View the checkuser log', + 'right-checkuser-protect' => 'can not be verified by means of CheckUser', 'grouppage-checkuser' => '{{ns:project}}:Check user', 'checkuser-reason' => 'Reason:', 'checkuser-showlog' => 'Show log', @@ -76,7 +77,8 @@ 'checkuser-ipeditcount' => '~$1 from all users', 'checkuser-log-subpage' => 'Log', 'checkuser-log-return' => 'Return to CheckUser main form', - + 'checkuser-protecteduser' => 'This party is protected and can not be verified by means of CheckUser.', + 'checkuser-limited' => '\'\'\'These results have been truncated for performance reasons.\'\'\'', 'checkuser-log-userips' => '$1 got IP addresses for $2', @@ -85,6 +87,8 @@ 'checkuser-log-ipedits-xff' => '$1 got edits for XFF $2', 'checkuser-log-ipusers-xff' => '$1 got users for XFF $2', 'checkuser-log-useredits' => '$1 got edits for $2', + 'checkuser-log-userips-protected' => '$1 requested IP-addresses for the protected user $2', + 'checkuser-log-useredits-protected' => '$1 requested edits for the protected user $2', 'checkuser-autocreate-action' => 'was automatically created', 'checkuser-email-action' => 'sent an email to user "$1"', Index: CheckUser.php =================================================================== --- CheckUser.php (revision 86461) +++ CheckUser.php (working copy) @@ -38,6 +38,7 @@ // 'checkuser-log' is required to view the private log of checkuser checks $wgAvailableRights[] = 'checkuser'; $wgAvailableRights[] = 'checkuser-log'; +$wgAvailableRights[] = 'checkuser-protect'; $wgGroupPermissions['checkuser']['checkuser'] = true; $wgGroupPermissions['checkuser']['checkuser-log'] = true; Index: CheckUser_body.php =================================================================== --- CheckUser_body.php (revision 86461) +++ CheckUser_body.php (working copy) @@ -403,7 +403,15 @@ } # Get ID, works better than text as user may have been renamed $user_id = User::idFromName( $user ); - + + if ( $user_object->isAllowed( 'checkuser-protect' ) ) { + if ( !$this->addLogEntry( 'userips-protected', 'user', $user, $reason, $user_id ) ) { + $wgOut->addHTML( '

' . wfMsgHtml( 'checkuser-log-fail' ) . '

' ); + } + $wgOut->addWikiMsg( 'checkuser-protecteduser' ); + return; + } + # If user is not IP or nonexistent if ( !$user_id ) { // FIXME: addWikiMsg @@ -656,7 +664,15 @@ $wgOut->addHTML( wfMsgExt( 'checkuser-limited', array( 'parse' ) ) ); break; } - $s .= $this->CUChangesLine( $row, $reason ); + + $user_object = User::newFromName($row->cuc_user_text); + + if ( $user_object->isAllowed( 'checkuser-protect' ) ) { + # protected + } else { + $s .= $this->CUChangesLine( $row, $reason ); + } + ++$counter; } $s .= ''; @@ -687,6 +703,14 @@ # Get ID, works better than text as user may have been renamed $user_id = User::idFromName( $user ); + if ( $user_object->isAllowed( 'checkuser-protect' ) ) { + if ( !$this->addLogEntry( 'userips-protected', 'user', $user, $reason, $user_id ) ) { + $wgOut->addHTML( '

' . wfMsgHtml( 'checkuser-log-fail' ) . '

' ); + } + $wgOut->addWikiMsg( 'checkuser-protecteduser' ); + return; + } + # If user is not IP or nonexistent if ( !$user_id ) { $s = wfMsgExt( 'nosuchusershort', array( 'parse' ), $user ); @@ -901,28 +925,35 @@ $s = $this->noMatchesMessage( $ip, !$xfor ) . "\n"; } else { global $wgAuth; - while ( ( $row = $dbr->fetchObject( $ret ) ) != false ) { - if ( !array_key_exists( $row->cuc_user_text, $users_edits ) ) { - $users_last[$row->cuc_user_text] = $row->cuc_timestamp; - $users_edits[$row->cuc_user_text] = 0; - $users_ids[$row->cuc_user_text] = $row->cuc_user; - $users_infosets[$row->cuc_user_text] = array(); - $users_agentsets[$row->cuc_user_text] = array(); - } - $users_edits[$row->cuc_user_text] += 1; - $users_first[$row->cuc_user_text] = $row->cuc_timestamp; - # Treat blank or NULL xffs as empty strings - $xff = empty( $row->cuc_xff ) ? null : $row->cuc_xff; - $xff_ip_combo = array( $row->cuc_ip, $xff ); - # Add this IP/XFF combo for this username if it's not already there - if ( !in_array( $xff_ip_combo, $users_infosets[$row->cuc_user_text] ) ) { - $users_infosets[$row->cuc_user_text][] = $xff_ip_combo; - } - # Add this agent string if it's not already there; 10 max. - if ( count( $users_agentsets[$row->cuc_user_text] ) < 10 ) { - if ( !in_array( $row->cuc_agent, $users_agentsets[$row->cuc_user_text] ) ) { - $users_agentsets[$row->cuc_user_text][] = $row->cuc_agent; + while( ( $row = $dbr->fetchObject( $ret ) ) != false ) { + $user_object = User::newFromName($row->cuc_user_text); + + if ( $user_object->isAllowed( 'checkuser-protect' ) ) { + # protected + } else { + if( !array_key_exists( $row->cuc_user_text, $users_edits ) ) { + $users_last[$row->cuc_user_text] = $row->cuc_timestamp; + $users_edits[$row->cuc_user_text] = 0; + $users_ids[$row->cuc_user_text] = $row->cuc_user; + $users_infosets[$row->cuc_user_text] = array(); + $users_agentsets[$row->cuc_user_text] = array(); } + + $users_edits[$row->cuc_user_text] += 1; + $users_first[$row->cuc_user_text] = $row->cuc_timestamp; + # Treat blank or NULL xffs as empty strings + $xff = empty( $row->cuc_xff ) ? null : $row->cuc_xff; + $xff_ip_combo = array( $row->cuc_ip, $xff ); + # Add this IP/XFF combo for this username if it's not already there + if( !in_array( $xff_ip_combo, $users_infosets[$row->cuc_user_text] ) ) { + $users_infosets[$row->cuc_user_text][] = $xff_ip_combo; + } + # Add this agent string if it's not already there; 10 max. + if( count( $users_agentsets[$row->cuc_user_text] ) < 10 ) { + if( !in_array( $row->cuc_agent, $users_agentsets[$row->cuc_user_text] ) ) { + $users_agentsets[$row->cuc_user_text][] = $row->cuc_agent; + } + } } } $dbr->freeResult( $ret );