]> git.mxchange.org Git - friendica.git/blob - src/Model/User.php
Merge pull request #11767 from Quix0r/fixes/double-quotes-to-single
[friendica.git] / src / Model / User.php
1 <?php
2 /**
3  * @copyright Copyright (C) 2010-2022, the Friendica project
4  *
5  * @license GNU AGPL version 3 or any later version
6  *
7  * This program is free software: you can redistribute it and/or modify
8  * it under the terms of the GNU Affero General Public License as
9  * published by the Free Software Foundation, either version 3 of the
10  * License, or (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU Affero General Public License for more details.
16  *
17  * You should have received a copy of the GNU Affero General Public License
18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
19  *
20  */
21
22 namespace Friendica\Model;
23
24 use DivineOmega\DOFileCachePSR6\CacheItemPool;
25 use DivineOmega\PasswordExposed;
26 use ErrorException;
27 use Exception;
28 use Friendica\Content\Pager;
29 use Friendica\Core\Hook;
30 use Friendica\Core\L10n;
31 use Friendica\Core\Logger;
32 use Friendica\Core\Protocol;
33 use Friendica\Core\Search;
34 use Friendica\Core\System;
35 use Friendica\Core\Worker;
36 use Friendica\Database\DBA;
37 use Friendica\DI;
38 use Friendica\Network\HTTPClient\Client\HttpClientAccept;
39 use Friendica\Security\TwoFactor\Model\AppSpecificPassword;
40 use Friendica\Network\HTTPException;
41 use Friendica\Object\Image;
42 use Friendica\Util\Crypto;
43 use Friendica\Util\DateTimeFormat;
44 use Friendica\Util\Images;
45 use Friendica\Util\Network;
46 use Friendica\Util\Proxy;
47 use Friendica\Util\Strings;
48 use Friendica\Worker\Delivery;
49 use ImagickException;
50 use LightOpenID;
51
52 /**
53  * This class handles User related functions
54  */
55 class User
56 {
57         /**
58          * Page/profile types
59          *
60          * PAGE_FLAGS_NORMAL is a typical personal profile account
61          * PAGE_FLAGS_SOAPBOX automatically approves all friend requests as Contact::SHARING, (readonly)
62          * PAGE_FLAGS_COMMUNITY automatically approves all friend requests as Contact::SHARING, but with
63          *      write access to wall and comments (no email and not included in page owner's ACL lists)
64          * PAGE_FLAGS_FREELOVE automatically approves all friend requests as full friends (Contact::FRIEND).
65          *
66          * @{
67          */
68         const PAGE_FLAGS_NORMAL    = 0;
69         const PAGE_FLAGS_SOAPBOX   = 1;
70         const PAGE_FLAGS_COMMUNITY = 2;
71         const PAGE_FLAGS_FREELOVE  = 3;
72         const PAGE_FLAGS_BLOG      = 4;
73         const PAGE_FLAGS_PRVGROUP  = 5;
74         /**
75          * @}
76          */
77
78         /**
79          * Account types
80          *
81          * ACCOUNT_TYPE_PERSON - the account belongs to a person
82          *      Associated page types: PAGE_FLAGS_NORMAL, PAGE_FLAGS_SOAPBOX, PAGE_FLAGS_FREELOVE
83          *
84          * ACCOUNT_TYPE_ORGANISATION - the account belongs to an organisation
85          *      Associated page type: PAGE_FLAGS_SOAPBOX
86          *
87          * ACCOUNT_TYPE_NEWS - the account is a news reflector
88          *      Associated page type: PAGE_FLAGS_SOAPBOX
89          *
90          * ACCOUNT_TYPE_COMMUNITY - the account is community forum
91          *      Associated page types: PAGE_COMMUNITY, PAGE_FLAGS_PRVGROUP
92          *
93          * ACCOUNT_TYPE_RELAY - the account is a relay
94          *      This will only be assigned to contacts, not to user accounts
95          * @{
96          */
97         const ACCOUNT_TYPE_PERSON =       0;
98         const ACCOUNT_TYPE_ORGANISATION = 1;
99         const ACCOUNT_TYPE_NEWS =         2;
100         const ACCOUNT_TYPE_COMMUNITY =    3;
101         const ACCOUNT_TYPE_RELAY =        4;
102         const ACCOUNT_TYPE_DELETED =    127;
103         /**
104          * @}
105          */
106
107         private static $owner;
108
109         /**
110          * Returns the numeric account type by their string
111          *
112          * @param string $accounttype as string constant
113          * @return int|null Numeric account type - or null when not set
114          */
115         public static function getAccountTypeByString(string $accounttype)
116         {
117                 switch ($accounttype) {
118                         case 'person':
119                                 return User::ACCOUNT_TYPE_PERSON;
120
121                         case 'organisation':
122                                 return User::ACCOUNT_TYPE_ORGANISATION;
123
124                         case 'news':
125                                 return User::ACCOUNT_TYPE_NEWS;
126
127                         case 'community':
128                                 return User::ACCOUNT_TYPE_COMMUNITY;
129
130                 }
131                 return null;
132         }
133
134         /**
135          * Fetch the system account
136          *
137          * @return array system account
138          */
139         public static function getSystemAccount(): array
140         {
141                 $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
142                 if (!DBA::isResult($system)) {
143                         self::createSystemAccount();
144                         $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
145                         if (!DBA::isResult($system)) {
146                                 return [];
147                         }
148                 }
149
150                 $system['sprvkey'] = $system['uprvkey'] = $system['prvkey'];
151                 $system['spubkey'] = $system['upubkey'] = $system['pubkey'];
152                 $system['nickname'] = $system['nick'];
153                 $system['page-flags'] = User::PAGE_FLAGS_SOAPBOX;
154                 $system['account-type'] = $system['contact-type'];
155                 $system['guid'] = '';
156                 $system['picdate'] = '';
157                 $system['theme'] = '';
158                 $system['publish'] = false;
159                 $system['net-publish'] = false;
160                 $system['hide-friends'] = true;
161                 $system['prv_keywords'] = '';
162                 $system['pub_keywords'] = '';
163                 $system['address'] = '';
164                 $system['locality'] = '';
165                 $system['region'] = '';
166                 $system['postal-code'] = '';
167                 $system['country-name'] = '';
168                 $system['homepage'] = DI::baseUrl()->get();
169                 $system['dob'] = '0000-00-00';
170
171                 // Ensure that the user contains data
172                 $user = DBA::selectFirst('user', ['prvkey', 'guid'], ['uid' => 0]);
173                 if (empty($user['prvkey']) || empty($user['guid'])) {
174                         $fields = [
175                                 'username' => $system['name'],
176                                 'nickname' => $system['nick'],
177                                 'register_date' => $system['created'],
178                                 'pubkey' => $system['pubkey'],
179                                 'prvkey' => $system['prvkey'],
180                                 'spubkey' => $system['spubkey'],
181                                 'sprvkey' => $system['sprvkey'],
182                                 'guid' => System::createUUID(),
183                                 'verified' => true,
184                                 'page-flags' => User::PAGE_FLAGS_SOAPBOX,
185                                 'account-type' => User::ACCOUNT_TYPE_RELAY,
186                         ];
187
188                         DBA::update('user', $fields, ['uid' => 0]);
189
190                         $system['guid'] = $fields['guid'];
191                 } else {
192                         $system['guid'] = $user['guid'];
193                 }
194
195                 return $system;
196         }
197
198         /**
199          * Create the system account
200          *
201          * @return void
202          */
203         private static function createSystemAccount()
204         {
205                 $system_actor_name = self::getActorName();
206                 if (empty($system_actor_name)) {
207                         return;
208                 }
209
210                 $keys = Crypto::newKeypair(4096);
211                 if ($keys === false) {
212                         throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
213                 }
214
215                 $system = [];
216                 $system['uid'] = 0;
217                 $system['created'] = DateTimeFormat::utcNow();
218                 $system['self'] = true;
219                 $system['network'] = Protocol::ACTIVITYPUB;
220                 $system['name'] = 'System Account';
221                 $system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname();
222                 $system['nick'] = $system_actor_name;
223                 $system['url'] = DI::baseUrl() . '/friendica';
224
225                 $system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);
226                 $system['thumb'] = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
227                 $system['micro'] = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
228
229                 $system['nurl'] = Strings::normaliseLink($system['url']);
230                 $system['pubkey'] = $keys['pubkey'];
231                 $system['prvkey'] = $keys['prvkey'];
232                 $system['blocked'] = 0;
233                 $system['pending'] = 0;
234                 $system['contact-type'] = Contact::TYPE_RELAY; // In AP this is translated to 'Application'
235                 $system['name-date'] = DateTimeFormat::utcNow();
236                 $system['uri-date'] = DateTimeFormat::utcNow();
237                 $system['avatar-date'] = DateTimeFormat::utcNow();
238                 $system['closeness'] = 0;
239                 $system['baseurl'] = DI::baseUrl();
240                 $system['gsid'] = GServer::getID($system['baseurl']);
241                 Contact::insert($system);
242         }
243
244         /**
245          * Detect a usable actor name
246          *
247          * @return string actor account name
248          */
249         public static function getActorName(): string
250         {
251                 $system_actor_name = DI::config()->get('system', 'actor_name');
252                 if (!empty($system_actor_name)) {
253                         $self = Contact::selectFirst(['nick'], ['uid' => 0, 'self' => true]);
254                         if (!empty($self['nick'])) {
255                                 if ($self['nick'] != $system_actor_name) {
256                                         // Reset the actor name to the already used name
257                                         DI::config()->set('system', 'actor_name', $self['nick']);
258                                         $system_actor_name = $self['nick'];
259                                 }
260                         }
261                         return $system_actor_name;
262                 }
263
264                 // List of possible actor names
265                 $possible_accounts = ['friendica', 'actor', 'system', 'internal'];
266                 foreach ($possible_accounts as $name) {
267                         if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire' => false]) &&
268                                 !DBA::exists('userd', ['username' => $name])) {
269                                 DI::config()->set('system', 'actor_name', $name);
270                                 return $name;
271                         }
272                 }
273                 return '';
274         }
275
276         /**
277          * Returns true if a user record exists with the provided id
278          *
279          * @param  int $uid
280          *
281          * @return boolean
282          * @throws Exception
283          */
284         public static function exists(int $uid): bool
285         {
286                 return DBA::exists('user', ['uid' => $uid]);
287         }
288
289         /**
290          * @param  integer       $uid
291          * @param array          $fields
292          * @return array|boolean User record if it exists, false otherwise
293          * @throws Exception
294          */
295         public static function getById(int $uid, array $fields = [])
296         {
297                 return !empty($uid) ? DBA::selectFirst('user', $fields, ['uid' => $uid]) : [];
298         }
299
300         /**
301          * Returns a user record based on it's GUID
302          *
303          * @param string $guid   The guid of the user
304          * @param array  $fields The fields to retrieve
305          * @param bool   $active True, if only active records are searched
306          *
307          * @return array|boolean User record if it exists, false otherwise
308          * @throws Exception
309          */
310         public static function getByGuid(string $guid, array $fields = [], bool $active = true)
311         {
312                 if ($active) {
313                         $cond = ['guid' => $guid, 'account_expired' => false, 'account_removed' => false];
314                 } else {
315                         $cond = ['guid' => $guid];
316                 }
317
318                 return DBA::selectFirst('user', $fields, $cond);
319         }
320
321         /**
322          * @param  string        $nickname
323          * @param array          $fields
324          * @return array|boolean User record if it exists, false otherwise
325          * @throws Exception
326          */
327         public static function getByNickname(string $nickname, array $fields = [])
328         {
329                 return DBA::selectFirst('user', $fields, ['nickname' => $nickname]);
330         }
331
332         /**
333          * Returns the user id of a given profile URL
334          *
335          * @param string $url
336          *
337          * @return integer user id
338          * @throws Exception
339          */
340         public static function getIdForURL(string $url): int
341         {
342                 // Avoid database queries when the local node hostname isn't even part of the url.
343                 if (!Contact::isLocal($url)) {
344                         return 0;
345                 }
346
347                 $self = Contact::selectFirst(['uid'], ['self' => true, 'nurl' => Strings::normaliseLink($url)]);
348                 if (!empty($self['uid'])) {
349                         return $self['uid'];
350                 }
351
352                 $self = Contact::selectFirst(['uid'], ['self' => true, 'addr' => $url]);
353                 if (!empty($self['uid'])) {
354                         return $self['uid'];
355                 }
356
357                 $self = Contact::selectFirst(['uid'], ['self' => true, 'alias' => [$url, Strings::normaliseLink($url)]]);
358                 if (!empty($self['uid'])) {
359                         return $self['uid'];
360                 }
361
362                 return 0;
363         }
364
365         /**
366          * Get a user based on its email
367          *
368          * @param string $email
369          * @param array  $fields
370          * @return array|boolean User record if it exists, false otherwise
371          * @throws Exception
372          */
373         public static function getByEmail(string $email, array $fields = [])
374         {
375                 return DBA::selectFirst('user', $fields, ['email' => $email]);
376         }
377
378         /**
379          * Fetch the user array of the administrator. The first one if there are several.
380          *
381          * @param array $fields
382          * @return array user
383          */
384         public static function getFirstAdmin(array $fields = []) : array
385         {
386                 if (!empty(DI::config()->get('config', 'admin_nickname'))) {
387                         return self::getByNickname(DI::config()->get('config', 'admin_nickname'), $fields);
388                 } elseif (!empty(DI::config()->get('config', 'admin_email'))) {
389                         $adminList = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
390                         return self::getByEmail($adminList[0], $fields);
391                 } else {
392                         return [];
393                 }
394         }
395
396         /**
397          * Get owner data by user id
398          *
399          * @param int     $uid
400          * @param boolean $repairMissing Repair the owner data if it's missing
401          * @return boolean|array
402          * @throws Exception
403          */
404         public static function getOwnerDataById(int $uid, bool $repairMissing = true)
405         {
406                 if ($uid == 0) {
407                         return self::getSystemAccount();
408                 }
409
410                 if (!empty(self::$owner[$uid])) {
411                         return self::$owner[$uid];
412                 }
413
414                 $owner = DBA::selectFirst('owner-view', [], ['uid' => $uid]);
415                 if (!DBA::isResult($owner)) {
416                         if (!self::exists($uid) || !$repairMissing) {
417                                 return false;
418                         }
419                         if (!DBA::exists('profile', ['uid' => $uid])) {
420                                 DBA::insert('profile', ['uid' => $uid]);
421                         }
422                         if (!DBA::exists('contact', ['uid' => $uid, 'self' => true])) {
423                                 Contact::createSelfFromUserId($uid);
424                         }
425                         $owner = self::getOwnerDataById($uid, false);
426                 }
427
428                 if (empty($owner['nickname'])) {
429                         return false;
430                 }
431
432                 if (!$repairMissing || $owner['account_expired']) {
433                         return $owner;
434                 }
435
436                 // Check if the returned data is valid, otherwise fix it. See issue #6122
437
438                 // Check for correct url and normalised nurl
439                 $url = DI::baseUrl() . '/profile/' . $owner['nickname'];
440                 $repair = empty($owner['network']) || ($owner['url'] != $url) || ($owner['nurl'] != Strings::normaliseLink($owner['url']));
441
442                 if (!$repair) {
443                         // Check if "addr" is present and correct
444                         $addr = $owner['nickname'] . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
445                         $repair = ($addr != $owner['addr']) || empty($owner['prvkey']) || empty($owner['pubkey']);
446                 }
447
448                 if (!$repair) {
449                         // Check if the avatar field is filled and the photo directs to the correct path
450                         $avatar = Photo::selectFirst(['resource-id'], ['uid' => $uid, 'profile' => true]);
451                         if (DBA::isResult($avatar)) {
452                                 $repair = empty($owner['avatar']) || !strpos($owner['photo'], $avatar['resource-id']);
453                         }
454                 }
455
456                 if ($repair) {
457                         Contact::updateSelfFromUserID($uid);
458                         // Return the corrected data and avoid a loop
459                         $owner = self::getOwnerDataById($uid, false);
460                 }
461
462                 self::$owner[$uid] = $owner;
463                 return $owner;
464         }
465
466         /**
467          * Get owner data by nick name
468          *
469          * @param int $nick
470          * @return boolean|array
471          * @throws Exception
472          */
473         public static function getOwnerDataByNick(string $nick)
474         {
475                 $user = DBA::selectFirst('user', ['uid'], ['nickname' => $nick]);
476
477                 if (!DBA::isResult($user)) {
478                         return false;
479                 }
480
481                 return self::getOwnerDataById($user['uid']);
482         }
483
484         /**
485          * Returns the default group for a given user and network
486          *
487          * @param int $uid User id
488          *
489          * @return int group id
490          * @throws Exception
491          */
492         public static function getDefaultGroup(int $uid): int
493         {
494                 $user = DBA::selectFirst('user', ['def_gid'], ['uid' => $uid]);
495                 if (DBA::isResult($user)) {
496                         $default_group = $user["def_gid"];
497                 } else {
498                         $default_group = 0;
499                 }
500
501                 return $default_group;
502         }
503
504         /**
505          * Authenticate a user with a clear text password
506          *
507          * Returns the user id associated with a successful password authentication
508          *
509          * @param mixed  $user_info
510          * @param string $password
511          * @param bool   $third_party
512          * @return int User Id if authentication is successful
513          * @throws HTTPException\ForbiddenException
514          * @throws HTTPException\NotFoundException
515          */
516         public static function getIdFromPasswordAuthentication($user_info, string $password, bool $third_party = false): int
517         {
518                 // Addons registered with the "authenticate" hook may create the user on the
519                 // fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
520                 // the user doesn't exist, we should give the addons a chance to create the
521                 // user in our database, if applicable, before re-throwing the exception if
522                 // they fail.
523                 try {
524                         $user = self::getAuthenticationInfo($user_info);
525                 } catch (Exception $e) {
526                         $username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
527
528                         // Addons can create users, and since this 'catch' branch should only
529                         // execute if getAuthenticationInfo can't find an existing user, that's
530                         // exactly what will happen here. Creating a numeric username would create
531                         // abiguity with user IDs, possibly opening up an attack vector.
532                         // So let's be very careful about that.
533                         if (empty($username) || is_numeric($username)) {
534                                 throw $e;
535                         }
536
537                         return self::getIdFromAuthenticateHooks($username, $password);
538                 }
539
540                 if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
541                         // Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
542                         if (AppSpecificPassword::authenticateUser($user['uid'], $password)) {
543                                 return $user['uid'];
544                         }
545                 } elseif (strpos($user['password'], '$') === false) {
546                         //Legacy hash that has not been replaced by a new hash yet
547                         if (self::hashPasswordLegacy($password) === $user['password']) {
548                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
549
550                                 return $user['uid'];
551                         }
552                 } elseif (!empty($user['legacy_password'])) {
553                         //Legacy hash that has been double-hashed and not replaced by a new hash yet
554                         //Warning: `legacy_password` is not necessary in sync with the content of `password`
555                         if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
556                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
557
558                                 return $user['uid'];
559                         }
560                 } elseif (password_verify($password, $user['password'])) {
561                         //New password hash
562                         if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
563                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
564                         }
565
566                         return $user['uid'];
567                 } else {
568                         return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
569                 }
570
571                 throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
572         }
573
574         /**
575          * Try to obtain a user ID via "authenticate" hook addons
576          *
577          * Returns the user id associated with a successful password authentication
578          *
579          * @param string $username
580          * @param string $password
581          * @return int User Id if authentication is successful
582          * @throws HTTPException\ForbiddenException
583          */
584         public static function getIdFromAuthenticateHooks(string $username, string $password): int
585         {
586                 $addon_auth = [
587                         'username'      => $username,
588                         'password'      => $password,
589                         'authenticated' => 0,
590                         'user_record'   => null
591                 ];
592
593                 /*
594                  * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
595                  * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
596                  * and later addons should not interfere with an earlier one that succeeded.
597                  */
598                 Hook::callAll('authenticate', $addon_auth);
599
600                 if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
601                         return $addon_auth['user_record']['uid'];
602                 }
603
604                 throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
605         }
606
607         /**
608          * Returns authentication info from various parameters types
609          *
610          * User info can be any of the following:
611          * - User DB object
612          * - User Id
613          * - User email or username or nickname
614          * - User array with at least the uid and the hashed password
615          *
616          * @param mixed $user_info
617          * @return array|null Null if not found/determined
618          * @throws HTTPException\NotFoundException
619          */
620         public static function getAuthenticationInfo($user_info)
621         {
622                 $user = null;
623
624                 if (is_object($user_info) || is_array($user_info)) {
625                         if (is_object($user_info)) {
626                                 $user = (array) $user_info;
627                         } else {
628                                 $user = $user_info;
629                         }
630
631                         if (
632                                 !isset($user['uid'])
633                                 || !isset($user['password'])
634                                 || !isset($user['legacy_password'])
635                         ) {
636                                 throw new Exception(DI::l10n()->t('Not enough information to authenticate'));
637                         }
638                 } elseif (is_int($user_info) || is_string($user_info)) {
639                         if (is_int($user_info)) {
640                                 $user = DBA::selectFirst(
641                                         'user',
642                                         ['uid', 'nickname', 'password', 'legacy_password'],
643                                         [
644                                                 'uid' => $user_info,
645                                                 'blocked' => 0,
646                                                 'account_expired' => 0,
647                                                 'account_removed' => 0,
648                                                 'verified' => 1
649                                         ]
650                                 );
651                         } else {
652                                 $fields = ['uid', 'nickname', 'password', 'legacy_password'];
653                                 $condition = [
654                                         "(`email` = ? OR `username` = ? OR `nickname` = ?)
655                                         AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
656                                         $user_info, $user_info, $user_info
657                                 ];
658                                 $user = DBA::selectFirst('user', $fields, $condition);
659                         }
660
661                         if (!DBA::isResult($user)) {
662                                 throw new HTTPException\NotFoundException(DI::l10n()->t('User not found'));
663                         }
664                 }
665
666                 return $user;
667         }
668
669         /**
670          * Generates a human-readable random password
671          *
672          * @return string
673          * @throws Exception
674          */
675         public static function generateNewPassword(): string
676         {
677                 return ucfirst(Strings::getRandomName(8)) . random_int(1000, 9999);
678         }
679
680         /**
681          * Checks if the provided plaintext password has been exposed or not
682          *
683          * @param string $password
684          * @return bool
685          * @throws Exception
686          */
687         public static function isPasswordExposed(string $password): bool
688         {
689                 $cache = new CacheItemPool();
690                 $cache->changeConfig([
691                         'cacheDirectory' => System::getTempPath() . '/password-exposed-cache/',
692                 ]);
693
694                 try {
695                         $passwordExposedChecker = new PasswordExposed\PasswordExposedChecker(null, $cache);
696
697                         return $passwordExposedChecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED;
698                 } catch (Exception $e) {
699                         Logger::error('Password Exposed Exception: ' . $e->getMessage(), [
700                                 'code' => $e->getCode(),
701                                 'file' => $e->getFile(),
702                                 'line' => $e->getLine(),
703                                 'trace' => $e->getTraceAsString()
704                         ]);
705
706                         return false;
707                 }
708         }
709
710         /**
711          * Legacy hashing function, kept for password migration purposes
712          *
713          * @param string $password
714          * @return string
715          */
716         private static function hashPasswordLegacy(string $password): string
717         {
718                 return hash('whirlpool', $password);
719         }
720
721         /**
722          * Global user password hashing function
723          *
724          * @param string $password
725          * @return string
726          * @throws Exception
727          */
728         public static function hashPassword(string $password): string
729         {
730                 if (!trim($password)) {
731                         throw new Exception(DI::l10n()->t('Password can\'t be empty'));
732                 }
733
734                 return password_hash($password, PASSWORD_DEFAULT);
735         }
736
737         /**
738          * Updates a user row with a new plaintext password
739          *
740          * @param int    $uid
741          * @param string $password
742          * @return bool
743          * @throws Exception
744          */
745         public static function updatePassword(int $uid, string $password): bool
746         {
747                 $password = trim($password);
748
749                 if (empty($password)) {
750                         throw new Exception(DI::l10n()->t('Empty passwords are not allowed.'));
751                 }
752
753                 if (!DI::config()->get('system', 'disable_password_exposed', false) && self::isPasswordExposed($password)) {
754                         throw new Exception(DI::l10n()->t('The new password has been exposed in a public data dump, please choose another.'));
755                 }
756
757                 $allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
758
759                 if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) {
760                         throw new Exception(DI::l10n()->t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
761                 }
762
763                 return self::updatePasswordHashed($uid, self::hashPassword($password));
764         }
765
766         /**
767          * Updates a user row with a new hashed password.
768          * Empties the password reset token field just in case.
769          *
770          * @param int    $uid
771          * @param string $pasword_hashed
772          * @return bool
773          * @throws Exception
774          */
775         private static function updatePasswordHashed(int $uid, string $pasword_hashed): bool
776         {
777                 $fields = [
778                         'password' => $pasword_hashed,
779                         'pwdreset' => null,
780                         'pwdreset_time' => null,
781                         'legacy_password' => false
782                 ];
783                 return DBA::update('user', $fields, ['uid' => $uid]);
784         }
785
786         /**
787          * Checks if a nickname is in the list of the forbidden nicknames
788          *
789          * Check if a nickname is forbidden from registration on the node by the
790          * admin. Forbidden nicknames (e.g. role namess) can be configured in the
791          * admin panel.
792          *
793          * @param string $nickname The nickname that should be checked
794          * @return boolean True is the nickname is blocked on the node
795          */
796         public static function isNicknameBlocked(string $nickname): bool
797         {
798                 $forbidden_nicknames = DI::config()->get('system', 'forbidden_nicknames', '');
799                 if (!empty($forbidden_nicknames)) {
800                         $forbidden = explode(',', $forbidden_nicknames);
801                         $forbidden = array_map('trim', $forbidden);
802                 } else {
803                         $forbidden = [];
804                 }
805
806                 // Add the name of the internal actor to the "forbidden" list
807                 $actor_name = self::getActorName();
808                 if (!empty($actor_name)) {
809                         $forbidden[] = $actor_name;
810                 }
811
812                 if (empty($forbidden)) {
813                         return false;
814                 }
815
816                 // check if the nickname is in the list of blocked nicknames
817                 if (in_array(strtolower($nickname), $forbidden)) {
818                         return true;
819                 }
820
821                 // else return false
822                 return false;
823         }
824
825         /**
826          * Get avatar link for given user
827          *
828          * @param array  $user
829          * @param string $size One of the Proxy::SIZE_* constants
830          * @return string avatar link
831          * @throws Exception
832          */
833         public static function getAvatarUrl(array $user, string $size = ''): string
834         {
835                 if (empty($user['nickname'])) {
836                         DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
837                 }
838
839                 $url = DI::baseUrl() . '/photo/';
840
841                 switch ($size) {
842                         case Proxy::SIZE_MICRO:
843                                 $url .= 'micro/';
844                                 $scale = 6;
845                                 break;
846                         case Proxy::SIZE_THUMB:
847                                 $url .= 'avatar/';
848                                 $scale = 5;
849                                 break;
850                         default:
851                                 $url .= 'profile/';
852                                 $scale = 4;
853                                 break;
854                 }
855
856                 $updated  =  '';
857                 $mimetype = '';
858
859                 $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => $scale, 'uid' => $user['uid'], 'profile' => true]);
860                 if (!empty($photo)) {
861                         $updated  = max($photo['created'], $photo['edited'], $photo['updated']);
862                         $mimetype = $photo['type'];
863                 }
864
865                 return $url . $user['nickname'] . Images::getExtensionByMimeType($mimetype) . ($updated ? '?ts=' . strtotime($updated) : '');
866         }
867
868         /**
869          * Get banner link for given user
870          *
871          * @param array  $user
872          * @return string banner link
873          * @throws Exception
874          */
875         public static function getBannerUrl(array $user): string
876         {
877                 if (empty($user['nickname'])) {
878                         DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
879                 }
880
881                 $url = DI::baseUrl() . '/photo/banner/';
882
883                 $updated  = '';
884                 $mimetype = '';
885
886                 $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => 3, 'uid' => $user['uid'], 'photo-type' => Photo::USER_BANNER]);
887                 if (!empty($photo)) {
888                         $updated  = max($photo['created'], $photo['edited'], $photo['updated']);
889                         $mimetype = $photo['type'];
890                 } else {
891                         // Only for the RC phase: Don't return an image link for the default picture
892                         return '';
893                 }
894
895                 return $url . $user['nickname'] . Images::getExtensionByMimeType($mimetype) . ($updated ? '?ts=' . strtotime($updated) : '');
896         }
897
898         /**
899          * Catch-all user creation function
900          *
901          * Creates a user from the provided data array, either form fields or OpenID.
902          * Required: { username, nickname, email } or { openid_url }
903          *
904          * Performs the following:
905          * - Sends to the OpenId auth URL (if relevant)
906          * - Creates new key pairs for crypto
907          * - Create self-contact
908          * - Create profile image
909          *
910          * @param  array $data
911          * @return array
912          * @throws ErrorException
913          * @throws HTTPException\InternalServerErrorException
914          * @throws ImagickException
915          * @throws Exception
916          */
917         public static function create(array $data): array
918         {
919                 $return = ['user' => null, 'password' => ''];
920
921                 $using_invites = DI::config()->get('system', 'invitation_only');
922
923                 $invite_id  = !empty($data['invite_id'])  ? trim($data['invite_id'])  : '';
924                 $username   = !empty($data['username'])   ? trim($data['username'])   : '';
925                 $nickname   = !empty($data['nickname'])   ? trim($data['nickname'])   : '';
926                 $email      = !empty($data['email'])      ? trim($data['email'])      : '';
927                 $openid_url = !empty($data['openid_url']) ? trim($data['openid_url']) : '';
928                 $photo      = !empty($data['photo'])      ? trim($data['photo'])      : '';
929                 $password   = !empty($data['password'])   ? trim($data['password'])   : '';
930                 $password1  = !empty($data['password1'])  ? trim($data['password1'])  : '';
931                 $confirm    = !empty($data['confirm'])    ? trim($data['confirm'])    : '';
932                 $blocked    = !empty($data['blocked']);
933                 $verified   = !empty($data['verified']);
934                 $language   = !empty($data['language'])   ? trim($data['language'])   : 'en';
935
936                 $netpublish = $publish = !empty($data['profile_publish_reg']);
937
938                 if ($password1 != $confirm) {
939                         throw new Exception(DI::l10n()->t('Passwords do not match. Password unchanged.'));
940                 } elseif ($password1 != '') {
941                         $password = $password1;
942                 }
943
944                 if ($using_invites) {
945                         if (!$invite_id) {
946                                 throw new Exception(DI::l10n()->t('An invitation is required.'));
947                         }
948
949                         if (!Register::existsByHash($invite_id)) {
950                                 throw new Exception(DI::l10n()->t('Invitation could not be verified.'));
951                         }
952                 }
953
954                 /// @todo Check if this part is really needed. We should have fetched all this data in advance
955                 if (empty($username) || empty($email) || empty($nickname)) {
956                         if ($openid_url) {
957                                 if (!Network::isUrlValid($openid_url)) {
958                                         throw new Exception(DI::l10n()->t('Invalid OpenID url'));
959                                 }
960                                 $_SESSION['register'] = 1;
961                                 $_SESSION['openid'] = $openid_url;
962
963                                 $openid = new LightOpenID(DI::baseUrl()->getHostname());
964                                 $openid->identity = $openid_url;
965                                 $openid->returnUrl = DI::baseUrl() . '/openid';
966                                 $openid->required = ['namePerson/friendly', 'contact/email', 'namePerson'];
967                                 $openid->optional = ['namePerson/first', 'media/image/aspect11', 'media/image/default'];
968                                 try {
969                                         $authurl = $openid->authUrl();
970                                 } catch (Exception $e) {
971                                         throw new Exception(DI::l10n()->t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . DI::l10n()->t('The error message was:') . $e->getMessage(), 0, $e);
972                                 }
973                                 System::externalRedirect($authurl);
974                                 // NOTREACHED
975                         }
976
977                         throw new Exception(DI::l10n()->t('Please enter the required information.'));
978                 }
979
980                 if (!Network::isUrlValid($openid_url)) {
981                         $openid_url = '';
982                 }
983
984                 // collapse multiple spaces in name
985                 $username = preg_replace('/ +/', ' ', $username);
986
987                 $username_min_length = max(1, min(64, intval(DI::config()->get('system', 'username_min_length', 3))));
988                 $username_max_length = max(1, min(64, intval(DI::config()->get('system', 'username_max_length', 48))));
989
990                 if ($username_min_length > $username_max_length) {
991                         Logger::error(DI::l10n()->t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length));
992                         $tmp = $username_min_length;
993                         $username_min_length = $username_max_length;
994                         $username_max_length = $tmp;
995                 }
996
997                 if (mb_strlen($username) < $username_min_length) {
998                         throw new Exception(DI::l10n()->tt('Username should be at least %s character.', 'Username should be at least %s characters.', $username_min_length));
999                 }
1000
1001                 if (mb_strlen($username) > $username_max_length) {
1002                         throw new Exception(DI::l10n()->tt('Username should be at most %s character.', 'Username should be at most %s characters.', $username_max_length));
1003                 }
1004
1005                 // So now we are just looking for a space in the full name.
1006                 $loose_reg = DI::config()->get('system', 'no_regfullname');
1007                 if (!$loose_reg) {
1008                         $username = mb_convert_case($username, MB_CASE_TITLE, 'UTF-8');
1009                         if (strpos($username, ' ') === false) {
1010                                 throw new Exception(DI::l10n()->t("That doesn't appear to be your full (First Last) name."));
1011                         }
1012                 }
1013
1014                 if (!Network::isEmailDomainAllowed($email)) {
1015                         throw new Exception(DI::l10n()->t('Your email domain is not among those allowed on this site.'));
1016                 }
1017
1018                 if (!filter_var($email, FILTER_VALIDATE_EMAIL) || !Network::isEmailDomainValid($email)) {
1019                         throw new Exception(DI::l10n()->t('Not a valid email address.'));
1020                 }
1021                 if (self::isNicknameBlocked($nickname)) {
1022                         throw new Exception(DI::l10n()->t('The nickname was blocked from registration by the nodes admin.'));
1023                 }
1024
1025                 if (DI::config()->get('system', 'block_extended_register', false) && DBA::exists('user', ['email' => $email])) {
1026                         throw new Exception(DI::l10n()->t('Cannot use that email.'));
1027                 }
1028
1029                 // Disallow somebody creating an account using openid that uses the admin email address,
1030                 // since openid bypasses email verification. We'll allow it if there is not yet an admin account.
1031                 if (DI::config()->get('config', 'admin_email') && strlen($openid_url)) {
1032                         $adminlist = explode(',', str_replace(' ', '', strtolower(DI::config()->get('config', 'admin_email'))));
1033                         if (in_array(strtolower($email), $adminlist)) {
1034                                 throw new Exception(DI::l10n()->t('Cannot use that email.'));
1035                         }
1036                 }
1037
1038                 $nickname = $data['nickname'] = strtolower($nickname);
1039
1040                 if (!preg_match('/^[a-z0-9][a-z0-9_]*$/', $nickname)) {
1041                         throw new Exception(DI::l10n()->t('Your nickname can only contain a-z, 0-9 and _.'));
1042                 }
1043
1044                 // Check existing and deleted accounts for this nickname.
1045                 if (
1046                         DBA::exists('user', ['nickname' => $nickname])
1047                         || DBA::exists('userd', ['username' => $nickname])
1048                 ) {
1049                         throw new Exception(DI::l10n()->t('Nickname is already registered. Please choose another.'));
1050                 }
1051
1052                 $new_password = strlen($password) ? $password : User::generateNewPassword();
1053                 $new_password_encoded = self::hashPassword($new_password);
1054
1055                 $return['password'] = $new_password;
1056
1057                 $keys = Crypto::newKeypair(4096);
1058                 if ($keys === false) {
1059                         throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
1060                 }
1061
1062                 $prvkey = $keys['prvkey'];
1063                 $pubkey = $keys['pubkey'];
1064
1065                 // Create another keypair for signing/verifying salmon protocol messages.
1066                 $sres = Crypto::newKeypair(512);
1067                 $sprvkey = $sres['prvkey'];
1068                 $spubkey = $sres['pubkey'];
1069
1070                 $insert_result = DBA::insert('user', [
1071                         'guid'     => System::createUUID(),
1072                         'username' => $username,
1073                         'password' => $new_password_encoded,
1074                         'email'    => $email,
1075                         'openid'   => $openid_url,
1076                         'nickname' => $nickname,
1077                         'pubkey'   => $pubkey,
1078                         'prvkey'   => $prvkey,
1079                         'spubkey'  => $spubkey,
1080                         'sprvkey'  => $sprvkey,
1081                         'verified' => $verified,
1082                         'blocked'  => $blocked,
1083                         'language' => $language,
1084                         'timezone' => 'UTC',
1085                         'register_date' => DateTimeFormat::utcNow(),
1086                         'default-location' => ''
1087                 ]);
1088
1089                 if ($insert_result) {
1090                         $uid = DBA::lastInsertId();
1091                         $user = DBA::selectFirst('user', [], ['uid' => $uid]);
1092                 } else {
1093                         throw new Exception(DI::l10n()->t('An error occurred during registration. Please try again.'));
1094                 }
1095
1096                 if (!$uid) {
1097                         throw new Exception(DI::l10n()->t('An error occurred during registration. Please try again.'));
1098                 }
1099
1100                 // if somebody clicked submit twice very quickly, they could end up with two accounts
1101                 // due to race condition. Remove this one.
1102                 $user_count = DBA::count('user', ['nickname' => $nickname]);
1103                 if ($user_count > 1) {
1104                         DBA::delete('user', ['uid' => $uid]);
1105
1106                         throw new Exception(DI::l10n()->t('Nickname is already registered. Please choose another.'));
1107                 }
1108
1109                 $insert_result = DBA::insert('profile', [
1110                         'uid' => $uid,
1111                         'name' => $username,
1112                         'photo' => self::getAvatarUrl($user),
1113                         'thumb' => self::getAvatarUrl($user, Proxy::SIZE_THUMB),
1114                         'publish' => $publish,
1115                         'net-publish' => $netpublish,
1116                 ]);
1117                 if (!$insert_result) {
1118                         DBA::delete('user', ['uid' => $uid]);
1119
1120                         throw new Exception(DI::l10n()->t('An error occurred creating your default profile. Please try again.'));
1121                 }
1122
1123                 // Create the self contact
1124                 if (!Contact::createSelfFromUserId($uid)) {
1125                         DBA::delete('user', ['uid' => $uid]);
1126
1127                         throw new Exception(DI::l10n()->t('An error occurred creating your self contact. Please try again.'));
1128                 }
1129
1130                 // Create a group with no members. This allows somebody to use it
1131                 // right away as a default group for new contacts.
1132                 $def_gid = Group::create($uid, DI::l10n()->t('Friends'));
1133                 if (!$def_gid) {
1134                         DBA::delete('user', ['uid' => $uid]);
1135
1136                         throw new Exception(DI::l10n()->t('An error occurred creating your default contact group. Please try again.'));
1137                 }
1138
1139                 $fields = ['def_gid' => $def_gid];
1140                 if (DI::config()->get('system', 'newuser_private') && $def_gid) {
1141                         $fields['allow_gid'] = '<' . $def_gid . '>';
1142                 }
1143
1144                 DBA::update('user', $fields, ['uid' => $uid]);
1145
1146                 // if we have no OpenID photo try to look up an avatar
1147                 if (!strlen($photo)) {
1148                         $photo = Network::lookupAvatarByEmail($email);
1149                 }
1150
1151                 // unless there is no avatar-addon loaded
1152                 if (strlen($photo)) {
1153                         $photo_failure = false;
1154
1155                         $filename = basename($photo);
1156                         $curlResult = DI::httpClient()->get($photo, HttpClientAccept::IMAGE);
1157                         if ($curlResult->isSuccess()) {
1158                                 Logger::debug('Got picture', ['Content-Type' => $curlResult->getHeader('Content-Type'), 'url' => $photo]);
1159                                 $img_str = $curlResult->getBody();
1160                                 $type = $curlResult->getContentType();
1161                         } else {
1162                                 $img_str = '';
1163                                 $type = '';
1164                         }
1165
1166                         $type = Images::getMimeTypeByData($img_str, $photo, $type);
1167
1168                         $image = new Image($img_str, $type);
1169                         if ($image->isValid()) {
1170                                 $image->scaleToSquare(300);
1171
1172                                 $resource_id = Photo::newResource();
1173
1174                                 // Not using Photo::PROFILE_PHOTOS here, so that it is discovered as translateble string
1175                                 $profile_album = DI::l10n()->t('Profile Photos');
1176
1177                                 $r = Photo::store($image, $uid, 0, $resource_id, $filename, $profile_album, 4);
1178
1179                                 if ($r === false) {
1180                                         $photo_failure = true;
1181                                 }
1182
1183                                 $image->scaleDown(80);
1184
1185                                 $r = Photo::store($image, $uid, 0, $resource_id, $filename, $profile_album, 5);
1186
1187                                 if ($r === false) {
1188                                         $photo_failure = true;
1189                                 }
1190
1191                                 $image->scaleDown(48);
1192
1193                                 $r = Photo::store($image, $uid, 0, $resource_id, $filename, $profile_album, 6);
1194
1195                                 if ($r === false) {
1196                                         $photo_failure = true;
1197                                 }
1198
1199                                 if (!$photo_failure) {
1200                                         Photo::update(['profile' => true, 'photo-type' => Photo::USER_AVATAR], ['resource-id' => $resource_id]);
1201                                 }
1202                         }
1203
1204                         Contact::updateSelfFromUserID($uid, true);
1205                 }
1206
1207                 Hook::callAll('register_account', $uid);
1208
1209                 $return['user'] = $user;
1210                 return $return;
1211         }
1212
1213         /**
1214          * Update a user entry and distribute the changes if needed
1215          *
1216          * @param array $fields
1217          * @param integer $uid
1218          * @return boolean
1219          */
1220         public static function update(array $fields, int $uid): bool
1221         {
1222                 $old_owner = self::getOwnerDataById($uid);
1223                 if (empty($old_owner)) {
1224                         return false;
1225                 }
1226
1227                 if (!DBA::update('user', $fields, ['uid' => $uid])) {
1228                         return false;
1229                 }
1230
1231                 $update = Contact::updateSelfFromUserID($uid);
1232
1233                 $owner = self::getOwnerDataById($uid);
1234                 if (empty($owner)) {
1235                         return false;
1236                 }
1237
1238                 if ($old_owner['name'] != $owner['name']) {
1239                         Profile::update(['name' => $owner['name']], $uid);
1240                 }
1241
1242                 if ($update) {
1243                         Profile::publishUpdate($uid);
1244                 }
1245
1246                 return true;
1247         }
1248
1249         /**
1250          * Sets block state for a given user
1251          *
1252          * @param int  $uid   The user id
1253          * @param bool $block Block state (default is true)
1254          *
1255          * @return bool True, if successfully blocked
1256
1257          * @throws Exception
1258          */
1259         public static function block(int $uid, bool $block = true): bool
1260         {
1261                 return DBA::update('user', ['blocked' => $block], ['uid' => $uid]);
1262         }
1263
1264         /**
1265          * Allows a registration based on a hash
1266          *
1267          * @param string $hash
1268          *
1269          * @return bool True, if the allow was successful
1270          *
1271          * @throws HTTPException\InternalServerErrorException
1272          * @throws Exception
1273          */
1274         public static function allow(string $hash): bool
1275         {
1276                 $register = Register::getByHash($hash);
1277                 if (!DBA::isResult($register)) {
1278                         return false;
1279                 }
1280
1281                 $user = User::getById($register['uid']);
1282                 if (!DBA::isResult($user)) {
1283                         return false;
1284                 }
1285
1286                 Register::deleteByHash($hash);
1287
1288                 DBA::update('user', ['blocked' => false, 'verified' => true], ['uid' => $register['uid']]);
1289
1290                 $profile = DBA::selectFirst('profile', ['net-publish'], ['uid' => $register['uid']]);
1291
1292                 if (DBA::isResult($profile) && $profile['net-publish'] && Search::getGlobalDirectory()) {
1293                         $url = DI::baseUrl() . '/profile/' . $user['nickname'];
1294                         Worker::add(PRIORITY_LOW, "Directory", $url);
1295                 }
1296
1297                 $l10n = DI::l10n()->withLang($register['language']);
1298
1299                 return User::sendRegisterOpenEmail(
1300                         $l10n,
1301                         $user,
1302                         DI::config()->get('config', 'sitename'),
1303                         DI::baseUrl()->get(),
1304                         ($register['password'] ?? '') ?: 'Sent in a previous email'
1305                 );
1306         }
1307
1308         /**
1309          * Denys a pending registration
1310          *
1311          * @param string $hash The hash of the pending user
1312          *
1313          * This does not have to go through user_remove() and save the nickname
1314          * permanently against re-registration, as the person was not yet
1315          * allowed to have friends on this system
1316          *
1317          * @return bool True, if the deny was successfull
1318          * @throws Exception
1319          */
1320         public static function deny(string $hash): bool
1321         {
1322                 $register = Register::getByHash($hash);
1323                 if (!DBA::isResult($register)) {
1324                         return false;
1325                 }
1326
1327                 $user = User::getById($register['uid']);
1328                 if (!DBA::isResult($user)) {
1329                         return false;
1330                 }
1331
1332                 // Delete the avatar
1333                 Photo::delete(['uid' => $register['uid']]);
1334
1335                 return DBA::delete('user', ['uid' => $register['uid']]) &&
1336                        Register::deleteByHash($register['hash']);
1337         }
1338
1339         /**
1340          * Creates a new user based on a minimal set and sends an email to this user
1341          *
1342          * @param string $name  The user's name
1343          * @param string $email The user's email address
1344          * @param string $nick  The user's nick name
1345          * @param string $lang  The user's language (default is english)
1346          * @return bool True, if the user was created successfully
1347          * @throws HTTPException\InternalServerErrorException
1348          * @throws ErrorException
1349          * @throws ImagickException
1350          */
1351         public static function createMinimal(string $name, string $email, string $nick, string $lang = L10n::DEFAULT): bool
1352         {
1353                 if (empty($name) ||
1354                     empty($email) ||
1355                     empty($nick)) {
1356                         throw new HTTPException\InternalServerErrorException('Invalid arguments.');
1357                 }
1358
1359                 $result = self::create([
1360                         'username' => $name,
1361                         'email' => $email,
1362                         'nickname' => $nick,
1363                         'verified' => 1,
1364                         'language' => $lang
1365                 ]);
1366
1367                 $user = $result['user'];
1368                 $preamble = Strings::deindent(DI::l10n()->t('
1369                 Dear %1$s,
1370                         the administrator of %2$s has set up an account for you.'));
1371                 $body = Strings::deindent(DI::l10n()->t('
1372                 The login details are as follows:
1373
1374                 Site Location:  %1$s
1375                 Login Name:             %2$s
1376                 Password:               %3$s
1377
1378                 You may change your password from your account "Settings" page after logging
1379                 in.
1380
1381                 Please take a few moments to review the other account settings on that page.
1382
1383                 You may also wish to add some basic information to your default profile
1384                 (on the "Profiles" page) so that other people can easily find you.
1385
1386                 We recommend setting your full name, adding a profile photo,
1387                 adding some profile "keywords" (very useful in making new friends) - and
1388                 perhaps what country you live in; if you do not wish to be more specific
1389                 than that.
1390
1391                 We fully respect your right to privacy, and none of these items are necessary.
1392                 If you are new and do not know anybody here, they may help
1393                 you to make some new and interesting friends.
1394
1395                 If you ever want to delete your account, you can do so at %1$s/removeme
1396
1397                 Thank you and welcome to %4$s.'));
1398
1399                 $preamble = sprintf($preamble, $user['username'], DI::config()->get('config', 'sitename'));
1400                 $body = sprintf($body, DI::baseUrl()->get(), $user['nickname'], $result['password'], DI::config()->get('config', 'sitename'));
1401
1402                 $email = DI::emailer()
1403                         ->newSystemMail()
1404                         ->withMessage(DI::l10n()->t('Registration details for %s', DI::config()->get('config', 'sitename')), $preamble, $body)
1405                         ->forUser($user)
1406                         ->withRecipient($user['email'])
1407                         ->build();
1408                 return DI::emailer()->send($email);
1409         }
1410
1411         /**
1412          * Sends pending registration confirmation email
1413          *
1414          * @param array  $user     User record array
1415          * @param string $sitename
1416          * @param string $siteurl
1417          * @param string $password Plaintext password
1418          * @return NULL|boolean from notification() and email() inherited
1419          * @throws HTTPException\InternalServerErrorException
1420          */
1421         public static function sendRegisterPendingEmail(array $user, string $sitename, string $siteurl, string $password)
1422         {
1423                 $body = Strings::deindent(DI::l10n()->t(
1424                         '
1425                         Dear %1$s,
1426                                 Thank you for registering at %2$s. Your account is pending for approval by the administrator.
1427
1428                         Your login details are as follows:
1429
1430                         Site Location:  %3$s
1431                         Login Name:             %4$s
1432                         Password:               %5$s
1433                 ',
1434                         $user['username'],
1435                         $sitename,
1436                         $siteurl,
1437                         $user['nickname'],
1438                         $password
1439                 ));
1440
1441                 $email = DI::emailer()
1442                         ->newSystemMail()
1443                         ->withMessage(DI::l10n()->t('Registration at %s', $sitename), $body)
1444                         ->forUser($user)
1445                         ->withRecipient($user['email'])
1446                         ->build();
1447                 return DI::emailer()->send($email);
1448         }
1449
1450         /**
1451          * Sends registration confirmation
1452          *
1453          * It's here as a function because the mail is sent from different parts
1454          *
1455          * @param L10n   $l10n     The used language
1456          * @param array  $user     User record array
1457          * @param string $sitename
1458          * @param string $siteurl
1459          * @param string $password Plaintext password
1460          *
1461          * @return NULL|boolean from notification() and email() inherited
1462          * @throws HTTPException\InternalServerErrorException
1463          */
1464         public static function sendRegisterOpenEmail(L10n $l10n, array $user, string $sitename, string $siteurl, string $password)
1465         {
1466                 $preamble = Strings::deindent($l10n->t(
1467                         '
1468                                 Dear %1$s,
1469                                 Thank you for registering at %2$s. Your account has been created.
1470                         ',
1471                         $user['username'],
1472                         $sitename
1473                 ));
1474                 $body = Strings::deindent($l10n->t(
1475                         '
1476                         The login details are as follows:
1477
1478                         Site Location:  %3$s
1479                         Login Name:             %1$s
1480                         Password:               %5$s
1481
1482                         You may change your password from your account "Settings" page after logging
1483                         in.
1484
1485                         Please take a few moments to review the other account settings on that page.
1486
1487                         You may also wish to add some basic information to your default profile
1488                         ' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you.
1489
1490                         We recommend setting your full name, adding a profile photo,
1491                         adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and
1492                         perhaps what country you live in; if you do not wish to be more specific
1493                         than that.
1494
1495                         We fully respect your right to privacy, and none of these items are necessary.
1496                         If you are new and do not know anybody here, they may help
1497                         you to make some new and interesting friends.
1498
1499                         If you ever want to delete your account, you can do so at %3$s/removeme
1500
1501                         Thank you and welcome to %2$s.',
1502                         $user['nickname'],
1503                         $sitename,
1504                         $siteurl,
1505                         $user['username'],
1506                         $password
1507                 ));
1508
1509                 $email = DI::emailer()
1510                         ->newSystemMail()
1511                         ->withMessage(DI::l10n()->t('Registration details for %s', $sitename), $preamble, $body)
1512                         ->forUser($user)
1513                         ->withRecipient($user['email'])
1514                         ->build();
1515                 return DI::emailer()->send($email);
1516         }
1517
1518         /**
1519          * @param int $uid user to remove
1520          * @return bool
1521          * @throws HTTPException\InternalServerErrorException
1522          */
1523         public static function remove(int $uid): bool
1524         {
1525                 if (empty($uid)) {
1526                         return false;
1527                 }
1528
1529                 Logger::notice('Removing user', ['user' => $uid]);
1530
1531                 $user = DBA::selectFirst('user', [], ['uid' => $uid]);
1532
1533                 Hook::callAll('remove_user', $user);
1534
1535                 // save username (actually the nickname as it is guaranteed
1536                 // unique), so it cannot be re-registered in the future.
1537                 DBA::insert('userd', ['username' => $user['nickname']]);
1538
1539                 // Remove all personal settings, especially connector settings
1540                 DBA::delete('pconfig', ['uid' => $uid]);
1541
1542                 // The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
1543                 DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
1544                 Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
1545
1546                 // Send an update to the directory
1547                 $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);
1548                 Worker::add(PRIORITY_LOW, 'Directory', $self['url']);
1549
1550                 // Remove the user relevant data
1551                 Worker::add(PRIORITY_NEGLIGIBLE, 'RemoveUser', $uid);
1552
1553                 return true;
1554         }
1555
1556         /**
1557          * Return all identities to a user
1558          *
1559          * @param int $uid The user id
1560          * @return array All identities for this user
1561          *
1562          * Example for a return:
1563          *    [
1564          *        [
1565          *            'uid' => 1,
1566          *            'username' => 'maxmuster',
1567          *            'nickname' => 'Max Mustermann'
1568          *        ],
1569          *        [
1570          *            'uid' => 2,
1571          *            'username' => 'johndoe',
1572          *            'nickname' => 'John Doe'
1573          *        ]
1574          *    ]
1575          * @throws Exception
1576          */
1577         public static function identities(int $uid): array
1578         {
1579                 if (empty($uid)) {
1580                         return [];
1581                 }
1582
1583                 $identities = [];
1584
1585                 $user = DBA::selectFirst('user', ['uid', 'nickname', 'username', 'parent-uid'], ['uid' => $uid]);
1586                 if (!DBA::isResult($user)) {
1587                         return $identities;
1588                 }
1589
1590                 if ($user['parent-uid'] == 0) {
1591                         // First add our own entry
1592                         $identities = [[
1593                                 'uid' => $user['uid'],
1594                                 'username' => $user['username'],
1595                                 'nickname' => $user['nickname']
1596                         ]];
1597
1598                         // Then add all the children
1599                         $r = DBA::select(
1600                                 'user',
1601                                 ['uid', 'username', 'nickname'],
1602                                 ['parent-uid' => $user['uid'], 'account_removed' => false]
1603                         );
1604                         if (DBA::isResult($r)) {
1605                                 $identities = array_merge($identities, DBA::toArray($r));
1606                         }
1607                 } else {
1608                         // First entry is our parent
1609                         $r = DBA::select(
1610                                 'user',
1611                                 ['uid', 'username', 'nickname'],
1612                                 ['uid' => $user['parent-uid'], 'account_removed' => false]
1613                         );
1614                         if (DBA::isResult($r)) {
1615                                 $identities = DBA::toArray($r);
1616                         }
1617
1618                         // Then add all siblings
1619                         $r = DBA::select(
1620                                 'user',
1621                                 ['uid', 'username', 'nickname'],
1622                                 ['parent-uid' => $user['parent-uid'], 'account_removed' => false]
1623                         );
1624                         if (DBA::isResult($r)) {
1625                                 $identities = array_merge($identities, DBA::toArray($r));
1626                         }
1627                 }
1628
1629                 $r = DBA::p(
1630                         "SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
1631                         FROM `manage`
1632                         INNER JOIN `user` ON `manage`.`mid` = `user`.`uid`
1633                         WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?",
1634                         $user['uid']
1635                 );
1636                 if (DBA::isResult($r)) {
1637                         $identities = array_merge($identities, DBA::toArray($r));
1638                 }
1639
1640                 return $identities;
1641         }
1642
1643         /**
1644          * Check if the given user id has delegations or is delegated
1645          *
1646          * @param int $uid
1647          * @return bool
1648          */
1649         public static function hasIdentities(int $uid): bool
1650         {
1651                 if (empty($uid)) {
1652                         return false;
1653                 }
1654
1655                 $user = DBA::selectFirst('user', ['parent-uid'], ['uid' => $uid, 'account_removed' => false]);
1656                 if (!DBA::isResult($user)) {
1657                         return false;
1658                 }
1659
1660                 if ($user['parent-uid'] != 0) {
1661                         return true;
1662                 }
1663
1664                 if (DBA::exists('user', ['parent-uid' => $uid, 'account_removed' => false])) {
1665                         return true;
1666                 }
1667
1668                 if (DBA::exists('manage', ['uid' => $uid])) {
1669                         return true;
1670                 }
1671
1672                 return false;
1673         }
1674
1675         /**
1676          * Returns statistical information about the current users of this node
1677          *
1678          * @return array
1679          *
1680          * @throws Exception
1681          */
1682         public static function getStatistics(): array
1683         {
1684                 $statistics = [
1685                         'total_users'           => 0,
1686                         'active_users_halfyear' => 0,
1687                         'active_users_monthly'  => 0,
1688                         'active_users_weekly'   => 0,
1689                 ];
1690
1691                 $userStmt = DBA::select('owner-view', ['uid', 'login_date', 'last-item'],
1692                         ["`verified` AND `login_date` > ? AND NOT `blocked`
1693                         AND NOT `account_removed` AND NOT `account_expired`",
1694                         DBA::NULL_DATETIME]);
1695                 if (!DBA::isResult($userStmt)) {
1696                         return $statistics;
1697                 }
1698
1699                 $halfyear = time() - (180 * 24 * 60 * 60);
1700                 $month = time() - (30 * 24 * 60 * 60);
1701                 $week = time() - (7 * 24 * 60 * 60);
1702
1703                 while ($user = DBA::fetch($userStmt)) {
1704                         $statistics['total_users']++;
1705
1706                         if ((strtotime($user['login_date']) > $halfyear) || (strtotime($user['last-item']) > $halfyear)
1707                         ) {
1708                                 $statistics['active_users_halfyear']++;
1709                         }
1710
1711                         if ((strtotime($user['login_date']) > $month) || (strtotime($user['last-item']) > $month)
1712                         ) {
1713                                 $statistics['active_users_monthly']++;
1714                         }
1715
1716                         if ((strtotime($user['login_date']) > $week) || (strtotime($user['last-item']) > $week)
1717                         ) {
1718                                 $statistics['active_users_weekly']++;
1719                         }
1720                 }
1721                 DBA::close($userStmt);
1722
1723                 return $statistics;
1724         }
1725
1726         /**
1727          * Get all users of the current node
1728          *
1729          * @param int    $start Start count (Default is 0)
1730          * @param int    $count Count of the items per page (Default is @see Pager::ITEMS_PER_PAGE)
1731          * @param string $type  The type of users, which should get (all, bocked, removed)
1732          * @param string $order Order of the user list (Default is 'contact.name')
1733          * @param bool   $descending Order direction (Default is ascending)
1734          * @return array|bool The list of the users
1735          * @throws Exception
1736          */
1737         public static function getList(int $start = 0, int $count = Pager::ITEMS_PER_PAGE, string $type = 'all', string $order = 'name', bool $descending = false)
1738         {
1739                 $param = ['limit' => [$start, $count], 'order' => [$order => $descending]];
1740                 $condition = [];
1741                 switch ($type) {
1742                         case 'active':
1743                                 $condition['account_removed'] = false;
1744                                 $condition['blocked'] = false;
1745                                 break;
1746
1747                         case 'blocked':
1748                                 $condition['account_removed'] = false;
1749                                 $condition['blocked'] = true;
1750                                 $condition['verified'] = true;
1751                                 break;
1752
1753                         case 'removed':
1754                                 $condition['account_removed'] = true;
1755                                 break;
1756                 }
1757
1758                 return DBA::selectToArray('owner-view', [], $condition, $param);
1759         }
1760 }