Extension:用户查核
 发行状态: 稳定版 |
|
|---|---|
 |
|
| 实现 | 特殊页面, 用户身份, API, 函数钩, 数据库 |
| 描述 | CheckUser功能可以讓拥有权限的用户可以去查核所给定的用户名使用了哪些IP地址和给定的IP使用了哪些用户名,而无须直接手动在数据库中运行查询。 |
| 作者 | Tim Starling, Aaron Schulz, Dreamy Jazz |
| 最新版本 | 2.5 (continuous updates) |
| 兼容性政策 | 快照跟随MediaWiki发布。 master分支不向后兼容。 |
| PHP | 7.4.3+ |
| 数据库更改 | 是 |
| 虚拟域 | virtual-checkuser-global |
| 表 | cu_changes cu_log_event cu_private_event cu_log cu_useragent_clienthints cu_useragent_clienthints_map cu_useragent cuci_wiki_map cuci_temp_edit cuci_user |
| 许可协议 | GNU通用公眾授權條款2.0或更新版本 |
| 下載 | |
|
|
|
|
|
|
|
| 季度下載量 | 196 (Ranked 32nd) |
| 正在使用的公开wiki数 | 9,118 (Ranked 13th) |
| 前往translatewiki.net翻譯CheckUser扩展 | |
| 問題 | 开启的任务 · 报告错误 |
CheckUser是一个允许拥有checkuser权限的用户查核给定IP地址下的用户和给定用户使用的IP地址的,而无须手动在数据库运行查询的扩展。
這個擴展正運作在所有維基媒體的維基項目上。
更新将根据维基媒体基金会的wiki的需要进行,或在发现关键漏洞时进行。 Details on how to use the tools provided by the extension are at Help:Extension:CheckUser.
安裝
- 下载文件,并将解压后的
CheckUser文件夹移动到extensions/目录中。
开发者和代码贡献人员应从Git安装扩展,输入:cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/CheckUser - 只有從git安裝才运行Composer来安装PHP依赖,通过发行
composer install --no-dev至扩展目录。 (参见T173141了解潜在问题。) - 将下列代码放置在您的LocalSettings.php的底部:
wfLoadExtension( 'CheckUser' );
- 运行更新脚本,它将自动创建此扩展必须依赖的数据库表。
- Configure as required.
完成 – 在您的wiki上导航至Special:Version,以验证已成功安装扩展。
Using MediaWiki-Docker
Follow the steps in MediaWiki-Docker/Extension/CheckUser to install this extension inside a MediaWiki Docker instance.
配置
这个工具可将最近的更改数据复制到单独的表格中,并在添加新条目时进行添加。
如果将$wgPutIPinRC设置为false,复制的数据将不包含相关的IP地址。
However, entries added after installation of this extension will contain the IP address.
安装此扩展后,您可以减少$wgRCMaxAge以缩短最近更改的时间,而不会影响查核用户。
使用$wgCUDMaxAge设置checkuser的查询日期,以秒为单位。
特定于查核用户的设置$wgCheckUserCIDRLimit决定了单次检查中可检查的最大范围。
他的格式与$wgBlockCIDRLimit设置相同。
$2查核的默认限额为/19,$4查核的默认限额为/16。
To allow this tool to log successful and failed login attempts as well as logouts, set $wgCheckUserLogLogins to true.
If you have bot accounts on your wiki, setting $wgCheckUserLogSuccessfulBotLogins to false will skip logging successful login attempts to bot accounts.
| MediaWiki版本: | ≥ 1.43 |
If the extension is installed on a multi-wiki install, then you should set $wgVirtualDomainsMapping for the virtual-checkuser-global to point to a central database table.
Setting this will ensure that the central index tables are actually on a central DB, and therefore the GlobalBlocking global autoblocks and GUC work.
After doing this, you will need to run update.php to create the tables on the central wiki.
Troubleshooting Special:GlobalContributions functionality
If Special:GlobalContributions is not returning revisions as expected (e.g. you have revisions on another wiki that you can view on that wiki), a misconfiguration may be causing an internal failure that isn't user-facing (as it cannot be user resolved). Check that:
- Your user has a central account and that their accounts on the affected wiki are linked. This can be checked at Special:MergeAccount.
- The affected wiki is known to the wiki farm. This is defined in the
sitestable and wikis can be added to this table via theaddSitemaintenance script. You'll need to ensure that the optional parameterspagepathandfilepathare filled out (eg.php ./maintenance/run.php addSite $wikiName wiki --pagepath https://hostname/wiki/\$1 --filepath https://hostname/w/\$1), as Special:GlobalContributions uses these to generate API queries and links. - The central database is set with
virtual-checkuser-global(eg.$wgVirtualDomainsMapping['virtual-checkuser-global'] = [ 'db' => $wiki ];) and that thecuci_temp_edittable is recording revisions from the affected wiki. - If necessary, cross-domain cookies should be enabled as the
centralauthtoken must work across both wikis.
授权权限以使用用户查核
要授予Special:CheckUser、Special:Investigate 和Special:CheckUserLog的使用权,用户权限管理用户必须访问Special:UserRights,在框中输入用户名,然后选择 「checkuser」选项。 完成此操作后,上述特殊页面将显示在该用户的Special:SpecialPages页面中。
To allow users to access the IP addresses of temporary accounts, they should be granted the checkuser-temporary-account right.
要赋予系统管理员该扩展的所有权限,请在LocalSettings.php中输入以下内容:
$wgGroupPermissions['sysop']['checkuser'] = true;
$wgGroupPermissions['sysop']['checkuser-log'] = true;
$wgGroupPermissions['sysop']['investigate'] = true;
$wgGroupPermissions['sysop']['checkuser-temporary-account'] = true;
要仅允许添加和删除checkuser权限,请使用以下代码:
$wgAddGroups['sysop'][] = 'checkuser';
$wgRemoveGroups['sysop'][] = 'checkuser';
配置
A selected number of the configuration values are shown below.
These configuration values are useful for administrators of wikis to modify.
Configuration values which are usually left as their default value are not specified here to keep the list concise, but details for these configuration values are present in the extension.json file.
| Configuration name | 默认 | Detail |
|---|---|---|
$wgCUDMaxAge
|
7776000
|
保留多久用户查核日志(以秒为单位)? (默认= 3个月) |
$wgCheckUserMaxBlocks
|
200
|
Maximum number of users that can be mass blocked simultaneously on Special:Investigate
|
$wgCheckUserForceSummary
|
false
|
如果要强制用户查核员通过Special:CheckUser为每个检查提供原因,请将此设置为true。 (不是很有用,因为用户查核员可以简单地给出一个摘要,例如“他们需要被检查”或“我想要檢查”并且软件不会知道是否合理。) |
$wgCheckUserCIDRLimit
|
[ 'IPv4' => 16, 'IPv6' => 19 ]
|
可以在任何单独范围检查中检查的最短CIDR限制 |
$wgCUPublicKey
|
''
|
用于加密私人数据的公共密钥,以后可能需要读取。 使用以下命令產生公開密鑰:
Used with an associated private key to encrypt certain data that is not shown to CUs but stored in the cu_changes or cu_private_event table. Currently this is only the recipients of emails. Without a valid public key the data will not be stored. |
$wgCheckUserCAMultiLock
|
false
|
这可用于通过中央认证向Special:CheckUser的查核结果表单表单添加Special:MultiLock的链接。 这需要在wiki上安装中央认证扩展。 To enable this, set this to an array with a central wiki's database name and an array with the name(s) of the global group(s) to add the link for. 例如:
$wgCheckUserCAMultiLock = [
'centralDB' => 'metawiki',
'groups' => [ 'steward' ]
];
|
$wgCheckUserCAtoollink
|
false
|
从77360f1cf1d2起。 This adds a link to central wiki Special:CentralAuth to the Special:CheckUser's "Get users" results. This requires the 中央认证 extension to be installed on the wiki. To enable this, set this with a central wiki's database name. 例如:
$wgCheckUserCAtoollink = 'metawiki';
|
$wgCheckUserGBtoollink
|
false
|
从77360f1cf1d2起。 This adds a link to local or central wiki Special:GlobalBlock to the Special:CheckUser's "Get users" results. This requires the GlobalBlocking extension to be installed on the wiki. To enable this, if a $wgConf is configured, set this to an array with a central wiki's database name and an array with the name(s) of the local (or global if you have 中央认证 installed) group(s) to add the link for. 例如:
$wgCheckUserGBtoollink = [
'centralDB' => 'metawiki',
'groups' => [ 'steward', 'staff' ]
];
|
$wgCheckUserEnableSpecialInvestigate (1.35-1.43)
|
false (<=1.39)true (1.40+)
|
从57dcfe46d2e4起。 This enables Special:Investigate, an updated version of Special:CheckUser that allows checking for multiple user accounts and IP addresses within one investigation. |
$wgCheckUserLogLogins
|
false
|
Whether CheckUser should log login and logout attempts (both successful and not). |
$wgCheckUserLogSuccessfulBotLogins
|
true
|
Whether CheckUser should store successful login attempts to accounts with the bot user group if $wgCheckUserLogLogins is set to true. Only is used if $wgCheckUserLogLogins is true
|
$wgCheckUserMaximumRowCount
|
5000
|
The maximum number of results that can be returned by Special:CheckUser. Before MediaWiki 1.39, in the 'Get edits' and 'Get IPs' results having over 5,000 results would return the results in a different format. From MediaWiki 1.39 this is the maximum number of results to show by page and more can be generated using the paging links |
$wgCheckUserInvestigateMaximumRowCount
|
25000
|
Similar to $wgCheckUserMaximumRowCount, but for Investigate |
$wgCheckUserCollapseCheckUserHelperByDefault (1.41+)
|
2500
|
Controls when the "CheckUser helper" summary table on Special:CheckUser. Specify true to always collapse by default, false to never collapse by default, and a number to collapse when more than that number of results are displayed on the page.
|
$wgCheckUserMaximumIPsToAutoblock (1.43+)
|
1
|
The maximum number of IP addresses to retroactively autoblock when a block is created with autoblocking enabled. |
$wgCheckUserClientHintsEnabled (1.41+)
|
true
|
Used to control whether client hints should be collected and displayed in results by CheckUser. |
$wgCheckUserClientHintsSpecialPages (1.41+)
|
{ "CreateAccount": "header", "Emailuser": "js", "PasswordReset": "js", "Userlogin": [ "js", "header" ], "Userlogout": "header"}
|
The list of special pages where CheckUser will request client hints if $wgCheckUserClientHintsEnabled is true.
|
$wgCheckUserClientHintsHeaders (1.41+)
|
{ "Sec-CH-UA": "brands", "Sec-CH-UA-Arch": "architecture", "Sec-CH-UA-Bitness": "bitness", "Sec-CH-UA-Form-Factor": "", "Sec-CH-UA-Full-Version-List": "fullVersionList", "Sec-CH-UA-Mobile": "mobile", "Sec-CH-UA-Model": "model", "Sec-CH-UA-Platform": "platform", "Sec-CH-UA-Platform-Version": "platformVersion", "Sec-CH-UA-WoW64": ""}
|
The list of client hint types that will be requested. Keys represent the client hint values requested using the Accept-CH header. Values represent the equivalent name when requesting them from the JS client side client hints API.
|
$wgCheckUserClientHintsForDisplay (1.41+)
|
[ "model", "fullVersionList", "platformVersion", "platform", "brands", "formFactor", "architecture", "mobile", "bitness", "woW64" ]
|
The list of Client Hints data to display in CheckUser results. The order of the array is used to determine what order to display the data. |
$wgCheckUserClientHintsValuesToHide (1.41+)
|
{ "architecture": [ "x86" ], "bitness": [ "64" ], "woW64": [ false ]}
|
Specifies Client Hint data values which should be hidden in the CheckUser results. This is done to hide commonly seen Client Hint data values in the cases where it's not useful to see this information unless it's a rare value. |
$wgCheckUserTemporaryAccountMaxAge (1.40+)
|
86400
|
The number of seconds for which the temporary account API response is fresh. |
$wgCheckUserSpecialPagesWithoutIPRevealButtons (1.40+)
|
[ "Investigate", "InvestigateBlock", "CheckUser", "CheckUserLog", "Activeusers", "Listusers", "BlockList" ]
|
A list of special page names where "Show IP" buttons are disabled, because they are not useful. The special page names are case sensitive and do not always match their appearance in the URL. For example Special:ListUsers is called Listusers in this array.
|
$wgCheckUserClientHintsUnsetHeaderWhenPossible (1.41+)
|
true
|
If true, the server will send an empty Accept-CH header when the user is viewing a page which does not need client hints data.
|
$wgCheckUserGlobalContributionsCentralWikiId (1.44+)
|
null
|
A string representing the name of the wiki to designate as the "central" wiki for Special:GlobalContributions. Setting this will redirect all other wiki's Special:GlobalContributions page to the central wiki's instead. |
$wgCheckUserWriteToCentralIndex (1.43+)
|
true
|
Used to prevent adding entries to the CheckUser central index tables on the wiki. Use this when the wiki is not part of a larger wiki farm unified account system. |
$wgCheckUserCentralIndexGroupsToExclude (1.43+)
|
[ "bot" ]
|
Users in any of the groups specified in this configuration value will not have their actions stored in the central index tables. Used to reduce the rate of writes to the central index tables for high activity users where there is no need to run CheckUser checks on these users. |
Using the extension
Detail about how to use the extension can be viewed at the extension help page. This information is not included here to keep this page manageable in size, and to focus this page on installation and administration of the extension.
There are several special pages and a few APIs provided by the extension. The special pages are:
- Special:CheckUser - Used to look up CheckUser data about accounts and anonymous users. Described at Help:Extension:CheckUser#Special:CheckUser usage.
- Special:Investigate - Alternative tool used to look up CheckUser data about accounts and anonymous users, with information displayed using a single-page format. Described at Help:Special Investigate.
- Special:CheckUserLog - Used to list the checks performed using either Special:CheckUser, Special:Investigate, or the CheckUser API. Described at Help:Extension:CheckUser#Special:Investigate usage.
- Special:IPContributions - Used to lookup edits performed by temporary accounts on a given IP address or range. Described at Help:Extension:CheckUser#Special:IPContributions usage.
- Special:GlobalContributions - Used to lookup edits performed by accounts, or temporary accounts on a given IP address or range. Described at Help:Extension:CheckUser#Special:GlobalContributions usage.
The extension also provides the ability to reveal the IP address used by a temporary account. Described at Help:Extension:CheckUser#Showing IPs for temporary accounts.
| 此扩展用于一个或多个维基媒体项目。 这可能意味着扩展足够稳定、运作足够良好,可以用在这样的高流量的网站上。 请在维基媒体的CommonSettings.php和InitialiseSettings.php配置文件中查找此扩展的名称以查看哪些网站安装了该扩展。 特定wiki上的已安装的扩展的完整列表位于Special:Version页面。 |
| 此扩展在以下wiki农场/托管网站和/或软件包中提供: 這不是一份權威名單。 即使某些wiki农场/托管网站和/或软件包未在这里列出,它们也可能提供此扩展。 请检查你的wiki农场/托管网站或软件包以确认提供情况。 |