]> git.mxchange.org Git - friendica.git/blob - src/Model/User.php
Use central function to fetch the global directory
[friendica.git] / src / Model / User.php
1 <?php
2 /**
3  * @copyright Copyright (C) 2010-2022, the Friendica project
4  *
5  * @license GNU AGPL version 3 or any later version
6  *
7  * This program is free software: you can redistribute it and/or modify
8  * it under the terms of the GNU Affero General Public License as
9  * published by the Free Software Foundation, either version 3 of the
10  * License, or (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU Affero General Public License for more details.
16  *
17  * You should have received a copy of the GNU Affero General Public License
18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
19  *
20  */
21
22 namespace Friendica\Model;
23
24 use DivineOmega\DOFileCachePSR6\CacheItemPool;
25 use DivineOmega\PasswordExposed;
26 use ErrorException;
27 use Exception;
28 use Friendica\Content\Pager;
29 use Friendica\Core\Hook;
30 use Friendica\Core\L10n;
31 use Friendica\Core\Logger;
32 use Friendica\Core\Protocol;
33 use Friendica\Core\Search;
34 use Friendica\Core\System;
35 use Friendica\Core\Worker;
36 use Friendica\Database\DBA;
37 use Friendica\DI;
38 use Friendica\Network\HTTPClient\Client\HttpClientAccept;
39 use Friendica\Security\TwoFactor\Model\AppSpecificPassword;
40 use Friendica\Network\HTTPException;
41 use Friendica\Object\Image;
42 use Friendica\Util\Crypto;
43 use Friendica\Util\DateTimeFormat;
44 use Friendica\Util\Images;
45 use Friendica\Util\Network;
46 use Friendica\Util\Proxy;
47 use Friendica\Util\Strings;
48 use Friendica\Worker\Delivery;
49 use ImagickException;
50 use LightOpenID;
51
52 /**
53  * This class handles User related functions
54  */
55 class User
56 {
57         /**
58          * Page/profile types
59          *
60          * PAGE_FLAGS_NORMAL is a typical personal profile account
61          * PAGE_FLAGS_SOAPBOX automatically approves all friend requests as Contact::SHARING, (readonly)
62          * PAGE_FLAGS_COMMUNITY automatically approves all friend requests as Contact::SHARING, but with
63          *      write access to wall and comments (no email and not included in page owner's ACL lists)
64          * PAGE_FLAGS_FREELOVE automatically approves all friend requests as full friends (Contact::FRIEND).
65          *
66          * @{
67          */
68         const PAGE_FLAGS_NORMAL    = 0;
69         const PAGE_FLAGS_SOAPBOX   = 1;
70         const PAGE_FLAGS_COMMUNITY = 2;
71         const PAGE_FLAGS_FREELOVE  = 3;
72         const PAGE_FLAGS_BLOG      = 4;
73         const PAGE_FLAGS_PRVGROUP  = 5;
74         /**
75          * @}
76          */
77
78         /**
79          * Account types
80          *
81          * ACCOUNT_TYPE_PERSON - the account belongs to a person
82          *      Associated page types: PAGE_FLAGS_NORMAL, PAGE_FLAGS_SOAPBOX, PAGE_FLAGS_FREELOVE
83          *
84          * ACCOUNT_TYPE_ORGANISATION - the account belongs to an organisation
85          *      Associated page type: PAGE_FLAGS_SOAPBOX
86          *
87          * ACCOUNT_TYPE_NEWS - the account is a news reflector
88          *      Associated page type: PAGE_FLAGS_SOAPBOX
89          *
90          * ACCOUNT_TYPE_COMMUNITY - the account is community forum
91          *      Associated page types: PAGE_COMMUNITY, PAGE_FLAGS_PRVGROUP
92          *
93          * ACCOUNT_TYPE_RELAY - the account is a relay
94          *      This will only be assigned to contacts, not to user accounts
95          * @{
96          */
97         const ACCOUNT_TYPE_PERSON =       0;
98         const ACCOUNT_TYPE_ORGANISATION = 1;
99         const ACCOUNT_TYPE_NEWS =         2;
100         const ACCOUNT_TYPE_COMMUNITY =    3;
101         const ACCOUNT_TYPE_RELAY =        4;
102         const ACCOUNT_TYPE_DELETED =    127;
103         /**
104          * @}
105          */
106
107         private static $owner;
108
109         /**
110          * Returns the numeric account type by their string
111          *
112          * @param string $accounttype as string constant
113          * @return int|null Numeric account type - or null when not set
114          */
115         public static function getAccountTypeByString(string $accounttype)
116         {
117                 switch ($accounttype) {
118                         case 'person':
119                                 return User::ACCOUNT_TYPE_PERSON;
120                         case 'organisation':
121                                 return User::ACCOUNT_TYPE_ORGANISATION;
122                         case 'news':
123                                 return User::ACCOUNT_TYPE_NEWS;
124                         case 'community':
125                                 return User::ACCOUNT_TYPE_COMMUNITY;
126                         default:
127                                 return null;
128                         break;
129                 }
130         }
131
132         /**
133          * Fetch the system account
134          *
135          * @return array system account
136          */
137         public static function getSystemAccount()
138         {
139                 $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
140                 if (!DBA::isResult($system)) {
141                         self::createSystemAccount();
142                         $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
143                         if (!DBA::isResult($system)) {
144                                 return [];
145                         }
146                 }
147
148                 $system['sprvkey'] = $system['uprvkey'] = $system['prvkey'];
149                 $system['spubkey'] = $system['upubkey'] = $system['pubkey'];
150                 $system['nickname'] = $system['nick'];
151                 $system['page-flags'] = User::PAGE_FLAGS_SOAPBOX;
152                 $system['account-type'] = $system['contact-type'];
153                 $system['guid'] = '';
154                 $system['picdate'] = '';
155                 $system['theme'] = '';
156                 $system['publish'] = false;
157                 $system['net-publish'] = false;
158                 $system['hide-friends'] = true;
159                 $system['prv_keywords'] = '';
160                 $system['pub_keywords'] = '';
161                 $system['address'] = '';
162                 $system['locality'] = '';
163                 $system['region'] = '';
164                 $system['postal-code'] = '';
165                 $system['country-name'] = '';
166                 $system['homepage'] = DI::baseUrl()->get();
167                 $system['dob'] = '0000-00-00';
168
169                 // Ensure that the user contains data
170                 $user = DBA::selectFirst('user', ['prvkey', 'guid'], ['uid' => 0]);
171                 if (empty($user['prvkey']) || empty($user['guid'])) {
172                         $fields = [
173                                 'username' => $system['name'],
174                                 'nickname' => $system['nick'],
175                                 'register_date' => $system['created'],
176                                 'pubkey' => $system['pubkey'],
177                                 'prvkey' => $system['prvkey'],
178                                 'spubkey' => $system['spubkey'],
179                                 'sprvkey' => $system['sprvkey'],
180                                 'guid' => System::createUUID(),
181                                 'verified' => true,
182                                 'page-flags' => User::PAGE_FLAGS_SOAPBOX,
183                                 'account-type' => User::ACCOUNT_TYPE_RELAY,
184                         ];
185
186                         DBA::update('user', $fields, ['uid' => 0]);
187
188                         $system['guid'] = $fields['guid'];
189                 } else {
190                         $system['guid'] = $user['guid'];
191                 }
192
193                 return $system;
194         }
195
196         /**
197          * Create the system account
198          *
199          * @return void
200          */
201         private static function createSystemAccount()
202         {
203                 $system_actor_name = self::getActorName();
204                 if (empty($system_actor_name)) {
205                         return;
206                 }
207
208                 $keys = Crypto::newKeypair(4096);
209                 if ($keys === false) {
210                         throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
211                 }
212
213                 $system = [];
214                 $system['uid'] = 0;
215                 $system['created'] = DateTimeFormat::utcNow();
216                 $system['self'] = true;
217                 $system['network'] = Protocol::ACTIVITYPUB;
218                 $system['name'] = 'System Account';
219                 $system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname();
220                 $system['nick'] = $system_actor_name;
221                 $system['url'] = DI::baseUrl() . '/friendica';
222
223                 $system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);
224                 $system['thumb'] = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
225                 $system['micro'] = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
226
227                 $system['nurl'] = Strings::normaliseLink($system['url']);
228                 $system['pubkey'] = $keys['pubkey'];
229                 $system['prvkey'] = $keys['prvkey'];
230                 $system['blocked'] = 0;
231                 $system['pending'] = 0;
232                 $system['contact-type'] = Contact::TYPE_RELAY; // In AP this is translated to 'Application'
233                 $system['name-date'] = DateTimeFormat::utcNow();
234                 $system['uri-date'] = DateTimeFormat::utcNow();
235                 $system['avatar-date'] = DateTimeFormat::utcNow();
236                 $system['closeness'] = 0;
237                 $system['baseurl'] = DI::baseUrl();
238                 $system['gsid'] = GServer::getID($system['baseurl']);
239                 Contact::insert($system);
240         }
241
242         /**
243          * Detect a usable actor name
244          *
245          * @return string actor account name
246          */
247         public static function getActorName()
248         {
249                 $system_actor_name = DI::config()->get('system', 'actor_name');
250                 if (!empty($system_actor_name)) {
251                         $self = Contact::selectFirst(['nick'], ['uid' => 0, 'self' => true]);
252                         if (!empty($self['nick'])) {
253                                 if ($self['nick'] != $system_actor_name) {
254                                         // Reset the actor name to the already used name
255                                         DI::config()->set('system', 'actor_name', $self['nick']);
256                                         $system_actor_name = $self['nick'];
257                                 }
258                         }
259                         return $system_actor_name;
260                 }
261
262                 // List of possible actor names
263                 $possible_accounts = ['friendica', 'actor', 'system', 'internal'];
264                 foreach ($possible_accounts as $name) {
265                         if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire' => false]) &&
266                                 !DBA::exists('userd', ['username' => $name])) {
267                                 DI::config()->set('system', 'actor_name', $name);
268                                 return $name;
269                         }
270                 }
271                 return '';
272         }
273
274         /**
275          * Returns true if a user record exists with the provided id
276          *
277          * @param  integer $uid
278          * @return boolean
279          * @throws Exception
280          */
281         public static function exists($uid)
282         {
283                 return DBA::exists('user', ['uid' => $uid]);
284         }
285
286         /**
287          * @param  integer       $uid
288          * @param array          $fields
289          * @return array|boolean User record if it exists, false otherwise
290          * @throws Exception
291          */
292         public static function getById($uid, array $fields = [])
293         {
294                 return !empty($uid) ? DBA::selectFirst('user', $fields, ['uid' => $uid]) : [];
295         }
296
297         /**
298          * Returns a user record based on it's GUID
299          *
300          * @param string $guid   The guid of the user
301          * @param array  $fields The fields to retrieve
302          * @param bool   $active True, if only active records are searched
303          *
304          * @return array|boolean User record if it exists, false otherwise
305          * @throws Exception
306          */
307         public static function getByGuid(string $guid, array $fields = [], bool $active = true)
308         {
309                 if ($active) {
310                         $cond = ['guid' => $guid, 'account_expired' => false, 'account_removed' => false];
311                 } else {
312                         $cond = ['guid' => $guid];
313                 }
314
315                 return DBA::selectFirst('user', $fields, $cond);
316         }
317
318         /**
319          * @param  string        $nickname
320          * @param array          $fields
321          * @return array|boolean User record if it exists, false otherwise
322          * @throws Exception
323          */
324         public static function getByNickname($nickname, array $fields = [])
325         {
326                 return DBA::selectFirst('user', $fields, ['nickname' => $nickname]);
327         }
328
329         /**
330          * Returns the user id of a given profile URL
331          *
332          * @param string $url
333          *
334          * @return integer user id
335          * @throws Exception
336          */
337         public static function getIdForURL(string $url)
338         {
339                 // Avoid database queries when the local node hostname isn't even part of the url.
340                 if (!Contact::isLocal($url)) {
341                         return 0;
342                 }
343
344                 $self = Contact::selectFirst(['uid'], ['self' => true, 'nurl' => Strings::normaliseLink($url)]);
345                 if (!empty($self['uid'])) {
346                         return $self['uid'];
347                 }
348
349                 $self = Contact::selectFirst(['uid'], ['self' => true, 'addr' => $url]);
350                 if (!empty($self['uid'])) {
351                         return $self['uid'];
352                 }
353
354                 $self = Contact::selectFirst(['uid'], ['self' => true, 'alias' => [$url, Strings::normaliseLink($url)]]);
355                 if (!empty($self['uid'])) {
356                         return $self['uid'];
357                 }
358
359                 return 0;
360         }
361
362         /**
363          * Get a user based on its email
364          *
365          * @param string        $email
366          * @param array          $fields
367          *
368          * @return array|boolean User record if it exists, false otherwise
369          *
370          * @throws Exception
371          */
372         public static function getByEmail($email, array $fields = [])
373         {
374                 return DBA::selectFirst('user', $fields, ['email' => $email]);
375         }
376
377         /**
378          * Fetch the user array of the administrator. The first one if there are several.
379          *
380          * @param array $fields
381          * @return array user
382          */
383         public static function getFirstAdmin(array $fields = [])
384         {
385                 if (!empty(DI::config()->get('config', 'admin_nickname'))) {
386                         return self::getByNickname(DI::config()->get('config', 'admin_nickname'), $fields);
387                 } elseif (!empty(DI::config()->get('config', 'admin_email'))) {
388                         $adminList = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
389                         return self::getByEmail($adminList[0], $fields);
390                 } else {
391                         return [];
392                 }
393         }
394
395         /**
396          * Get owner data by user id
397          *
398          * @param int     $uid
399          * @param boolean $repairMissing Repair the owner data if it's missing
400          * @return boolean|array
401          * @throws Exception
402          */
403         public static function getOwnerDataById(int $uid, bool $repairMissing = true)
404         {
405                 if ($uid == 0) {
406                         return self::getSystemAccount();
407                 }
408
409                 if (!empty(self::$owner[$uid])) {
410                         return self::$owner[$uid];
411                 }
412
413                 $owner = DBA::selectFirst('owner-view', [], ['uid' => $uid]);
414                 if (!DBA::isResult($owner)) {
415                         if (!DBA::exists('user', ['uid' => $uid]) || !$repairMissing) {
416                                 return false;
417                         }
418                         if (!DBA::exists('profile', ['uid' => $uid])) {
419                                 DBA::insert('profile', ['uid' => $uid]);
420                         }
421                         if (!DBA::exists('contact', ['uid' => $uid, 'self' => true])) {
422                                 Contact::createSelfFromUserId($uid);
423                         }
424                         $owner = self::getOwnerDataById($uid, false);
425                 }
426
427                 if (empty($owner['nickname'])) {
428                         return false;
429                 }
430
431                 if (!$repairMissing || $owner['account_expired']) {
432                         return $owner;
433                 }
434
435                 // Check if the returned data is valid, otherwise fix it. See issue #6122
436
437                 // Check for correct url and normalised nurl
438                 $url = DI::baseUrl() . '/profile/' . $owner['nickname'];
439                 $repair = empty($owner['network']) || ($owner['url'] != $url) || ($owner['nurl'] != Strings::normaliseLink($owner['url']));
440
441                 if (!$repair) {
442                         // Check if "addr" is present and correct
443                         $addr = $owner['nickname'] . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
444                         $repair = ($addr != $owner['addr']) || empty($owner['prvkey']) || empty($owner['pubkey']);
445                 }
446
447                 if (!$repair) {
448                         // Check if the avatar field is filled and the photo directs to the correct path
449                         $avatar = Photo::selectFirst(['resource-id'], ['uid' => $uid, 'profile' => true]);
450                         if (DBA::isResult($avatar)) {
451                                 $repair = empty($owner['avatar']) || !strpos($owner['photo'], $avatar['resource-id']);
452                         }
453                 }
454
455                 if ($repair) {
456                         Contact::updateSelfFromUserID($uid);
457                         // Return the corrected data and avoid a loop
458                         $owner = self::getOwnerDataById($uid, false);
459                 }
460
461                 self::$owner[$uid] = $owner;
462                 return $owner;
463         }
464
465         /**
466          * Get owner data by nick name
467          *
468          * @param int $nick
469          * @return boolean|array
470          * @throws Exception
471          */
472         public static function getOwnerDataByNick($nick)
473         {
474                 $user = DBA::selectFirst('user', ['uid'], ['nickname' => $nick]);
475
476                 if (!DBA::isResult($user)) {
477                         return false;
478                 }
479
480                 return self::getOwnerDataById($user['uid']);
481         }
482
483         /**
484          * Returns the default group for a given user and network
485          *
486          * @param int $uid User id
487          *
488          * @return int group id
489          * @throws Exception
490          */
491         public static function getDefaultGroup($uid)
492         {
493                 $user = DBA::selectFirst('user', ['def_gid'], ['uid' => $uid]);
494                 if (DBA::isResult($user)) {
495                         $default_group = $user["def_gid"];
496                 } else {
497                         $default_group = 0;
498                 }
499
500                 return $default_group;
501         }
502
503         /**
504          * Authenticate a user with a clear text password
505          *
506          * Returns the user id associated with a successful password authentication
507          *
508          * @param mixed  $user_info
509          * @param string $password
510          * @param bool   $third_party
511          * @return int User Id if authentication is successful
512          * @throws HTTPException\ForbiddenException
513          * @throws HTTPException\NotFoundException
514          */
515         public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
516         {
517                 // Addons registered with the "authenticate" hook may create the user on the
518                 // fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
519                 // the user doesn't exist, we should give the addons a chance to create the
520                 // user in our database, if applicable, before re-throwing the exception if
521                 // they fail.
522                 try {
523                         $user = self::getAuthenticationInfo($user_info);
524                 } catch (Exception $e) {
525                         $username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
526
527                         // Addons can create users, and since this 'catch' branch should only
528                         // execute if getAuthenticationInfo can't find an existing user, that's
529                         // exactly what will happen here. Creating a numeric username would create
530                         // abiguity with user IDs, possibly opening up an attack vector.
531                         // So let's be very careful about that.
532                         if (empty($username) || is_numeric($username)) {
533                                 throw $e;
534                         }
535
536                         return self::getIdFromAuthenticateHooks($username, $password);
537                 }
538
539                 if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
540                         // Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
541                         if (AppSpecificPassword::authenticateUser($user['uid'], $password)) {
542                                 return $user['uid'];
543                         }
544                 } elseif (strpos($user['password'], '$') === false) {
545                         //Legacy hash that has not been replaced by a new hash yet
546                         if (self::hashPasswordLegacy($password) === $user['password']) {
547                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
548
549                                 return $user['uid'];
550                         }
551                 } elseif (!empty($user['legacy_password'])) {
552                         //Legacy hash that has been double-hashed and not replaced by a new hash yet
553                         //Warning: `legacy_password` is not necessary in sync with the content of `password`
554                         if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
555                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
556
557                                 return $user['uid'];
558                         }
559                 } elseif (password_verify($password, $user['password'])) {
560                         //New password hash
561                         if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
562                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
563                         }
564
565                         return $user['uid'];
566                 } else {
567                         return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
568                 }
569
570                 throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
571         }
572
573         /**
574          * Try to obtain a user ID via "authenticate" hook addons
575          *
576          * Returns the user id associated with a successful password authentication
577          *
578          * @param string $username
579          * @param string $password
580          * @return int User Id if authentication is successful
581          * @throws HTTPException\ForbiddenException
582          */
583         public static function getIdFromAuthenticateHooks($username, $password)
584         {
585                 $addon_auth = [
586                         'username'      => $username,
587                         'password'      => $password,
588                         'authenticated' => 0,
589                         'user_record'   => null
590                 ];
591
592                 /*
593                  * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
594                  * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
595                  * and later addons should not interfere with an earlier one that succeeded.
596                  */
597                 Hook::callAll('authenticate', $addon_auth);
598
599                 if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
600                         return $addon_auth['user_record']['uid'];
601                 }
602
603                 throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
604         }
605
606         /**
607          * Returns authentication info from various parameters types
608          *
609          * User info can be any of the following:
610          * - User DB object
611          * - User Id
612          * - User email or username or nickname
613          * - User array with at least the uid and the hashed password
614          *
615          * @param mixed $user_info
616          * @return array
617          * @throws HTTPException\NotFoundException
618          */
619         public static function getAuthenticationInfo($user_info)
620         {
621                 $user = null;
622
623                 if (is_object($user_info) || is_array($user_info)) {
624                         if (is_object($user_info)) {
625                                 $user = (array) $user_info;
626                         } else {
627                                 $user = $user_info;
628                         }
629
630                         if (
631                                 !isset($user['uid'])
632                                 || !isset($user['password'])
633                                 || !isset($user['legacy_password'])
634                         ) {
635                                 throw new Exception(DI::l10n()->t('Not enough information to authenticate'));
636                         }
637                 } elseif (is_int($user_info) || is_string($user_info)) {
638                         if (is_int($user_info)) {
639                                 $user = DBA::selectFirst(
640                                         'user',
641                                         ['uid', 'nickname', 'password', 'legacy_password'],
642                                         [
643                                                 'uid' => $user_info,
644                                                 'blocked' => 0,
645                                                 'account_expired' => 0,
646                                                 'account_removed' => 0,
647                                                 'verified' => 1
648                                         ]
649                                 );
650                         } else {
651                                 $fields = ['uid', 'nickname', 'password', 'legacy_password'];
652                                 $condition = [
653                                         "(`email` = ? OR `username` = ? OR `nickname` = ?)
654                                         AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
655                                         $user_info, $user_info, $user_info
656                                 ];
657                                 $user = DBA::selectFirst('user', $fields, $condition);
658                         }
659
660                         if (!DBA::isResult($user)) {
661                                 throw new HTTPException\NotFoundException(DI::l10n()->t('User not found'));
662                         }
663                 }
664
665                 return $user;
666         }
667
668         /**
669          * Generates a human-readable random password
670          *
671          * @return string
672          * @throws Exception
673          */
674         public static function generateNewPassword()
675         {
676                 return ucfirst(Strings::getRandomName(8)) . random_int(1000, 9999);
677         }
678
679         /**
680          * Checks if the provided plaintext password has been exposed or not
681          *
682          * @param string $password
683          * @return bool
684          * @throws Exception
685          */
686         public static function isPasswordExposed($password)
687         {
688                 $cache = new CacheItemPool();
689                 $cache->changeConfig([
690                         'cacheDirectory' => System::getTempPath() . '/password-exposed-cache/',
691                 ]);
692
693                 try {
694                         $passwordExposedChecker = new PasswordExposed\PasswordExposedChecker(null, $cache);
695
696                         return $passwordExposedChecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED;
697                 } catch (Exception $e) {
698                         Logger::error('Password Exposed Exception: ' . $e->getMessage(), [
699                                 'code' => $e->getCode(),
700                                 'file' => $e->getFile(),
701                                 'line' => $e->getLine(),
702                                 'trace' => $e->getTraceAsString()
703                         ]);
704
705                         return false;
706                 }
707         }
708
709         /**
710          * Legacy hashing function, kept for password migration purposes
711          *
712          * @param string $password
713          * @return string
714          */
715         private static function hashPasswordLegacy($password)
716         {
717                 return hash('whirlpool', $password);
718         }
719
720         /**
721          * Global user password hashing function
722          *
723          * @param string $password
724          * @return string
725          * @throws Exception
726          */
727         public static function hashPassword($password)
728         {
729                 if (!trim($password)) {
730                         throw new Exception(DI::l10n()->t('Password can\'t be empty'));
731                 }
732
733                 return password_hash($password, PASSWORD_DEFAULT);
734         }
735
736         /**
737          * Updates a user row with a new plaintext password
738          *
739          * @param int    $uid
740          * @param string $password
741          * @return bool
742          * @throws Exception
743          */
744         public static function updatePassword($uid, $password)
745         {
746                 $password = trim($password);
747
748                 if (empty($password)) {
749                         throw new Exception(DI::l10n()->t('Empty passwords are not allowed.'));
750                 }
751
752                 if (!DI::config()->get('system', 'disable_password_exposed', false) && self::isPasswordExposed($password)) {
753                         throw new Exception(DI::l10n()->t('The new password has been exposed in a public data dump, please choose another.'));
754                 }
755
756                 $allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
757
758                 if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) {
759                         throw new Exception(DI::l10n()->t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
760                 }
761
762                 return self::updatePasswordHashed($uid, self::hashPassword($password));
763         }
764
765         /**
766          * Updates a user row with a new hashed password.
767          * Empties the password reset token field just in case.
768          *
769          * @param int    $uid
770          * @param string $pasword_hashed
771          * @return bool
772          * @throws Exception
773          */
774         private static function updatePasswordHashed($uid, $pasword_hashed)
775         {
776                 $fields = [
777                         'password' => $pasword_hashed,
778                         'pwdreset' => null,
779                         'pwdreset_time' => null,
780                         'legacy_password' => false
781                 ];
782                 return DBA::update('user', $fields, ['uid' => $uid]);
783         }
784
785         /**
786          * Checks if a nickname is in the list of the forbidden nicknames
787          *
788          * Check if a nickname is forbidden from registration on the node by the
789          * admin. Forbidden nicknames (e.g. role namess) can be configured in the
790          * admin panel.
791          *
792          * @param string $nickname The nickname that should be checked
793          * @return boolean True is the nickname is blocked on the node
794          */
795         public static function isNicknameBlocked($nickname)
796         {
797                 $forbidden_nicknames = DI::config()->get('system', 'forbidden_nicknames', '');
798                 if (!empty($forbidden_nicknames)) {
799                         $forbidden = explode(',', $forbidden_nicknames);
800                         $forbidden = array_map('trim', $forbidden);
801                 } else {
802                         $forbidden = [];
803                 }
804
805                 // Add the name of the internal actor to the "forbidden" list
806                 $actor_name = self::getActorName();
807                 if (!empty($actor_name)) {
808                         $forbidden[] = $actor_name;
809                 }
810
811                 if (empty($forbidden)) {
812                         return false;
813                 }
814
815                 // check if the nickname is in the list of blocked nicknames
816                 if (in_array(strtolower($nickname), $forbidden)) {
817                         return true;
818                 }
819
820                 // else return false
821                 return false;
822         }
823
824         /**
825          * Get avatar link for given user
826          *
827          * @param array  $user
828          * @param string $size One of the Proxy::SIZE_* constants
829          * @return string avatar link
830          * @throws Exception
831          */
832         public static function getAvatarUrl(array $user, string $size = ''):string
833         {
834                 if (empty($user['nickname'])) {
835                         DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
836                 }
837
838                 $url = DI::baseUrl() . '/photo/';
839
840                 switch ($size) {
841                         case Proxy::SIZE_MICRO:
842                                 $url .= 'micro/';
843                                 $scale = 6;
844                                 break;
845                         case Proxy::SIZE_THUMB:
846                                 $url .= 'avatar/';
847                                 $scale = 5;
848                                 break;
849                         default:
850                                 $url .= 'profile/';
851                                 $scale = 4;
852                                 break;
853                 }
854
855                 $updated  =  '';
856                 $mimetype = '';
857
858                 $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => $scale, 'uid' => $user['uid'], 'profile' => true]);
859                 if (!empty($photo)) {
860                         $updated  = max($photo['created'], $photo['edited'], $photo['updated']);
861                         $mimetype = $photo['type'];
862                 }
863
864                 return $url . $user['nickname'] . Images::getExtensionByMimeType($mimetype) . ($updated ? '?ts=' . strtotime($updated) : '');
865         }
866
867         /**
868          * Get banner link for given user
869          *
870          * @param array  $user
871          * @return string banner link
872          * @throws Exception
873          */
874         public static function getBannerUrl(array $user):string
875         {
876                 if (empty($user['nickname'])) {
877                         DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
878                 }
879
880                 $url = DI::baseUrl() . '/photo/banner/';
881
882                 $updated  = '';
883                 $mimetype = '';
884
885                 $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => 3, 'uid' => $user['uid'], 'photo-type' => Photo::USER_BANNER]);
886                 if (!empty($photo)) {
887                         $updated  = max($photo['created'], $photo['edited'], $photo['updated']);
888                         $mimetype = $photo['type'];
889                 } else {
890                         // Only for the RC phase: Don't return an image link for the default picture
891                         return '';
892                 }
893
894                 return $url . $user['nickname'] . Images::getExtensionByMimeType($mimetype) . ($updated ? '?ts=' . strtotime($updated) : '');
895         }
896
897         /**
898          * Catch-all user creation function
899          *
900          * Creates a user from the provided data array, either form fields or OpenID.
901          * Required: { username, nickname, email } or { openid_url }
902          *
903          * Performs the following:
904          * - Sends to the OpenId auth URL (if relevant)
905          * - Creates new key pairs for crypto
906          * - Create self-contact
907          * - Create profile image
908          *
909          * @param  array $data
910          * @return array
911          * @throws ErrorException
912          * @throws HTTPException\InternalServerErrorException
913          * @throws ImagickException
914          * @throws Exception
915          */
916         public static function create(array $data)
917         {
918                 $return = ['user' => null, 'password' => ''];
919
920                 $using_invites = DI::config()->get('system', 'invitation_only');
921
922                 $invite_id  = !empty($data['invite_id'])  ? trim($data['invite_id'])  : '';
923                 $username   = !empty($data['username'])   ? trim($data['username'])   : '';
924                 $nickname   = !empty($data['nickname'])   ? trim($data['nickname'])   : '';
925                 $email      = !empty($data['email'])      ? trim($data['email'])      : '';
926                 $openid_url = !empty($data['openid_url']) ? trim($data['openid_url']) : '';
927                 $photo      = !empty($data['photo'])      ? trim($data['photo'])      : '';
928                 $password   = !empty($data['password'])   ? trim($data['password'])   : '';
929                 $password1  = !empty($data['password1'])  ? trim($data['password1'])  : '';
930                 $confirm    = !empty($data['confirm'])    ? trim($data['confirm'])    : '';
931                 $blocked    = !empty($data['blocked']);
932                 $verified   = !empty($data['verified']);
933                 $language   = !empty($data['language'])   ? trim($data['language'])   : 'en';
934
935                 $netpublish = $publish = !empty($data['profile_publish_reg']);
936
937                 if ($password1 != $confirm) {
938                         throw new Exception(DI::l10n()->t('Passwords do not match. Password unchanged.'));
939                 } elseif ($password1 != '') {
940                         $password = $password1;
941                 }
942
943                 if ($using_invites) {
944                         if (!$invite_id) {
945                                 throw new Exception(DI::l10n()->t('An invitation is required.'));
946                         }
947
948                         if (!Register::existsByHash($invite_id)) {
949                                 throw new Exception(DI::l10n()->t('Invitation could not be verified.'));
950                         }
951                 }
952
953                 /// @todo Check if this part is really needed. We should have fetched all this data in advance
954                 if (empty($username) || empty($email) || empty($nickname)) {
955                         if ($openid_url) {
956                                 if (!Network::isUrlValid($openid_url)) {
957                                         throw new Exception(DI::l10n()->t('Invalid OpenID url'));
958                                 }
959                                 $_SESSION['register'] = 1;
960                                 $_SESSION['openid'] = $openid_url;
961
962                                 $openid = new LightOpenID(DI::baseUrl()->getHostname());
963                                 $openid->identity = $openid_url;
964                                 $openid->returnUrl = DI::baseUrl() . '/openid';
965                                 $openid->required = ['namePerson/friendly', 'contact/email', 'namePerson'];
966                                 $openid->optional = ['namePerson/first', 'media/image/aspect11', 'media/image/default'];
967                                 try {
968                                         $authurl = $openid->authUrl();
969                                 } catch (Exception $e) {
970                                         throw new Exception(DI::l10n()->t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . DI::l10n()->t('The error message was:') . $e->getMessage(), 0, $e);
971                                 }
972                                 System::externalRedirect($authurl);
973                                 // NOTREACHED
974                         }
975
976                         throw new Exception(DI::l10n()->t('Please enter the required information.'));
977                 }
978
979                 if (!Network::isUrlValid($openid_url)) {
980                         $openid_url = '';
981                 }
982
983                 // collapse multiple spaces in name
984                 $username = preg_replace('/ +/', ' ', $username);
985
986                 $username_min_length = max(1, min(64, intval(DI::config()->get('system', 'username_min_length', 3))));
987                 $username_max_length = max(1, min(64, intval(DI::config()->get('system', 'username_max_length', 48))));
988
989                 if ($username_min_length > $username_max_length) {
990                         Logger::error(DI::l10n()->t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length));
991                         $tmp = $username_min_length;
992                         $username_min_length = $username_max_length;
993                         $username_max_length = $tmp;
994                 }
995
996                 if (mb_strlen($username) < $username_min_length) {
997                         throw new Exception(DI::l10n()->tt('Username should be at least %s character.', 'Username should be at least %s characters.', $username_min_length));
998                 }
999
1000                 if (mb_strlen($username) > $username_max_length) {
1001                         throw new Exception(DI::l10n()->tt('Username should be at most %s character.', 'Username should be at most %s characters.', $username_max_length));
1002                 }
1003
1004                 // So now we are just looking for a space in the full name.
1005                 $loose_reg = DI::config()->get('system', 'no_regfullname');
1006                 if (!$loose_reg) {
1007                         $username = mb_convert_case($username, MB_CASE_TITLE, 'UTF-8');
1008                         if (strpos($username, ' ') === false) {
1009                                 throw new Exception(DI::l10n()->t("That doesn't appear to be your full (First Last) name."));
1010                         }
1011                 }
1012
1013                 if (!Network::isEmailDomainAllowed($email)) {
1014                         throw new Exception(DI::l10n()->t('Your email domain is not among those allowed on this site.'));
1015                 }
1016
1017                 if (!filter_var($email, FILTER_VALIDATE_EMAIL) || !Network::isEmailDomainValid($email)) {
1018                         throw new Exception(DI::l10n()->t('Not a valid email address.'));
1019                 }
1020                 if (self::isNicknameBlocked($nickname)) {
1021                         throw new Exception(DI::l10n()->t('The nickname was blocked from registration by the nodes admin.'));
1022                 }
1023
1024                 if (DI::config()->get('system', 'block_extended_register', false) && DBA::exists('user', ['email' => $email])) {
1025                         throw new Exception(DI::l10n()->t('Cannot use that email.'));
1026                 }
1027
1028                 // Disallow somebody creating an account using openid that uses the admin email address,
1029                 // since openid bypasses email verification. We'll allow it if there is not yet an admin account.
1030                 if (DI::config()->get('config', 'admin_email') && strlen($openid_url)) {
1031                         $adminlist = explode(',', str_replace(' ', '', strtolower(DI::config()->get('config', 'admin_email'))));
1032                         if (in_array(strtolower($email), $adminlist)) {
1033                                 throw new Exception(DI::l10n()->t('Cannot use that email.'));
1034                         }
1035                 }
1036
1037                 $nickname = $data['nickname'] = strtolower($nickname);
1038
1039                 if (!preg_match('/^[a-z0-9][a-z0-9_]*$/', $nickname)) {
1040                         throw new Exception(DI::l10n()->t('Your nickname can only contain a-z, 0-9 and _.'));
1041                 }
1042
1043                 // Check existing and deleted accounts for this nickname.
1044                 if (
1045                         DBA::exists('user', ['nickname' => $nickname])
1046                         || DBA::exists('userd', ['username' => $nickname])
1047                 ) {
1048                         throw new Exception(DI::l10n()->t('Nickname is already registered. Please choose another.'));
1049                 }
1050
1051                 $new_password = strlen($password) ? $password : User::generateNewPassword();
1052                 $new_password_encoded = self::hashPassword($new_password);
1053
1054                 $return['password'] = $new_password;
1055
1056                 $keys = Crypto::newKeypair(4096);
1057                 if ($keys === false) {
1058                         throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
1059                 }
1060
1061                 $prvkey = $keys['prvkey'];
1062                 $pubkey = $keys['pubkey'];
1063
1064                 // Create another keypair for signing/verifying salmon protocol messages.
1065                 $sres = Crypto::newKeypair(512);
1066                 $sprvkey = $sres['prvkey'];
1067                 $spubkey = $sres['pubkey'];
1068
1069                 $insert_result = DBA::insert('user', [
1070                         'guid'     => System::createUUID(),
1071                         'username' => $username,
1072                         'password' => $new_password_encoded,
1073                         'email'    => $email,
1074                         'openid'   => $openid_url,
1075                         'nickname' => $nickname,
1076                         'pubkey'   => $pubkey,
1077                         'prvkey'   => $prvkey,
1078                         'spubkey'  => $spubkey,
1079                         'sprvkey'  => $sprvkey,
1080                         'verified' => $verified,
1081                         'blocked'  => $blocked,
1082                         'language' => $language,
1083                         'timezone' => 'UTC',
1084                         'register_date' => DateTimeFormat::utcNow(),
1085                         'default-location' => ''
1086                 ]);
1087
1088                 if ($insert_result) {
1089                         $uid = DBA::lastInsertId();
1090                         $user = DBA::selectFirst('user', [], ['uid' => $uid]);
1091                 } else {
1092                         throw new Exception(DI::l10n()->t('An error occurred during registration. Please try again.'));
1093                 }
1094
1095                 if (!$uid) {
1096                         throw new Exception(DI::l10n()->t('An error occurred during registration. Please try again.'));
1097                 }
1098
1099                 // if somebody clicked submit twice very quickly, they could end up with two accounts
1100                 // due to race condition. Remove this one.
1101                 $user_count = DBA::count('user', ['nickname' => $nickname]);
1102                 if ($user_count > 1) {
1103                         DBA::delete('user', ['uid' => $uid]);
1104
1105                         throw new Exception(DI::l10n()->t('Nickname is already registered. Please choose another.'));
1106                 }
1107
1108                 $insert_result = DBA::insert('profile', [
1109                         'uid' => $uid,
1110                         'name' => $username,
1111                         'photo' => self::getAvatarUrl($user),
1112                         'thumb' => self::getAvatarUrl($user, Proxy::SIZE_THUMB),
1113                         'publish' => $publish,
1114                         'net-publish' => $netpublish,
1115                 ]);
1116                 if (!$insert_result) {
1117                         DBA::delete('user', ['uid' => $uid]);
1118
1119                         throw new Exception(DI::l10n()->t('An error occurred creating your default profile. Please try again.'));
1120                 }
1121
1122                 // Create the self contact
1123                 if (!Contact::createSelfFromUserId($uid)) {
1124                         DBA::delete('user', ['uid' => $uid]);
1125
1126                         throw new Exception(DI::l10n()->t('An error occurred creating your self contact. Please try again.'));
1127                 }
1128
1129                 // Create a group with no members. This allows somebody to use it
1130                 // right away as a default group for new contacts.
1131                 $def_gid = Group::create($uid, DI::l10n()->t('Friends'));
1132                 if (!$def_gid) {
1133                         DBA::delete('user', ['uid' => $uid]);
1134
1135                         throw new Exception(DI::l10n()->t('An error occurred creating your default contact group. Please try again.'));
1136                 }
1137
1138                 $fields = ['def_gid' => $def_gid];
1139                 if (DI::config()->get('system', 'newuser_private') && $def_gid) {
1140                         $fields['allow_gid'] = '<' . $def_gid . '>';
1141                 }
1142
1143                 DBA::update('user', $fields, ['uid' => $uid]);
1144
1145                 // if we have no OpenID photo try to look up an avatar
1146                 if (!strlen($photo)) {
1147                         $photo = Network::lookupAvatarByEmail($email);
1148                 }
1149
1150                 // unless there is no avatar-addon loaded
1151                 if (strlen($photo)) {
1152                         $photo_failure = false;
1153
1154                         $filename = basename($photo);
1155                         $curlResult = DI::httpClient()->get($photo, HttpClientAccept::IMAGE);
1156                         if ($curlResult->isSuccess()) {
1157                                 Logger::debug('Got picture', ['Content-Type' => $curlResult->getHeader('Content-Type'), 'url' => $photo]);
1158                                 $img_str = $curlResult->getBody();
1159                                 $type = $curlResult->getContentType();
1160                         } else {
1161                                 $img_str = '';
1162                                 $type = '';
1163                         }
1164
1165                         $type = Images::getMimeTypeByData($img_str, $photo, $type);
1166
1167                         $Image = new Image($img_str, $type);
1168                         if ($Image->isValid()) {
1169                                 $Image->scaleToSquare(300);
1170
1171                                 $resource_id = Photo::newResource();
1172
1173                                 // Not using Photo::PROFILE_PHOTOS here, so that it is discovered as translateble string
1174                                 $profile_album = DI::l10n()->t('Profile Photos');
1175
1176                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 4);
1177
1178                                 if ($r === false) {
1179                                         $photo_failure = true;
1180                                 }
1181
1182                                 $Image->scaleDown(80);
1183
1184                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 5);
1185
1186                                 if ($r === false) {
1187                                         $photo_failure = true;
1188                                 }
1189
1190                                 $Image->scaleDown(48);
1191
1192                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 6);
1193
1194                                 if ($r === false) {
1195                                         $photo_failure = true;
1196                                 }
1197
1198                                 if (!$photo_failure) {
1199                                         Photo::update(['profile' => true, 'photo-type' => Photo::USER_AVATAR], ['resource-id' => $resource_id]);
1200                                 }
1201                         }
1202
1203                         Contact::updateSelfFromUserID($uid, true);
1204                 }
1205
1206                 Hook::callAll('register_account', $uid);
1207
1208                 $return['user'] = $user;
1209                 return $return;
1210         }
1211
1212         /**
1213          * Update a user entry and distribute the changes if needed
1214          *
1215          * @param array $fields
1216          * @param integer $uid
1217          * @return boolean
1218          */
1219         public static function update(array $fields, int $uid): bool
1220         {
1221                 $old_owner = self::getOwnerDataById($uid);
1222                 if (empty($old_owner)) {
1223                         return false;
1224                 }
1225
1226                 if (!DBA::update('user', $fields, ['uid' => $uid])) {
1227                         return false;
1228                 }
1229
1230                 $update = Contact::updateSelfFromUserID($uid);
1231
1232                 $owner = self::getOwnerDataById($uid);
1233                 if (empty($owner)) {
1234                         return false;
1235                 }
1236
1237                 if ($old_owner['name'] != $owner['name']) {
1238                         Profile::update(['name' => $owner['name']], $uid);
1239                 }
1240
1241                 if ($update) {
1242                         Profile::publishUpdate($uid);
1243                 }
1244
1245                 return true;
1246         }
1247
1248         /**
1249          * Sets block state for a given user
1250          *
1251          * @param int  $uid   The user id
1252          * @param bool $block Block state (default is true)
1253          *
1254          * @return bool True, if successfully blocked
1255
1256          * @throws Exception
1257          */
1258         public static function block(int $uid, bool $block = true)
1259         {
1260                 return DBA::update('user', ['blocked' => $block], ['uid' => $uid]);
1261         }
1262
1263         /**
1264          * Allows a registration based on a hash
1265          *
1266          * @param string $hash
1267          *
1268          * @return bool True, if the allow was successful
1269          *
1270          * @throws HTTPException\InternalServerErrorException
1271          * @throws Exception
1272          */
1273         public static function allow(string $hash)
1274         {
1275                 $register = Register::getByHash($hash);
1276                 if (!DBA::isResult($register)) {
1277                         return false;
1278                 }
1279
1280                 $user = User::getById($register['uid']);
1281                 if (!DBA::isResult($user)) {
1282                         return false;
1283                 }
1284
1285                 Register::deleteByHash($hash);
1286
1287                 DBA::update('user', ['blocked' => false, 'verified' => true], ['uid' => $register['uid']]);
1288
1289                 $profile = DBA::selectFirst('profile', ['net-publish'], ['uid' => $register['uid']]);
1290
1291                 if (DBA::isResult($profile) && $profile['net-publish'] && Search::getGlobalDirectory()) {
1292                         $url = DI::baseUrl() . '/profile/' . $user['nickname'];
1293                         Worker::add(PRIORITY_LOW, "Directory", $url);
1294                 }
1295
1296                 $l10n = DI::l10n()->withLang($register['language']);
1297
1298                 return User::sendRegisterOpenEmail(
1299                         $l10n,
1300                         $user,
1301                         DI::config()->get('config', 'sitename'),
1302                         DI::baseUrl()->get(),
1303                         ($register['password'] ?? '') ?: 'Sent in a previous email'
1304                 );
1305         }
1306
1307         /**
1308          * Denys a pending registration
1309          *
1310          * @param string $hash The hash of the pending user
1311          *
1312          * This does not have to go through user_remove() and save the nickname
1313          * permanently against re-registration, as the person was not yet
1314          * allowed to have friends on this system
1315          *
1316          * @return bool True, if the deny was successfull
1317          * @throws Exception
1318          */
1319         public static function deny(string $hash)
1320         {
1321                 $register = Register::getByHash($hash);
1322                 if (!DBA::isResult($register)) {
1323                         return false;
1324                 }
1325
1326                 $user = User::getById($register['uid']);
1327                 if (!DBA::isResult($user)) {
1328                         return false;
1329                 }
1330
1331                 // Delete the avatar
1332                 Photo::delete(['uid' => $register['uid']]);
1333
1334                 return DBA::delete('user', ['uid' => $register['uid']]) &&
1335                        Register::deleteByHash($register['hash']);
1336         }
1337
1338         /**
1339          * Creates a new user based on a minimal set and sends an email to this user
1340          *
1341          * @param string $name  The user's name
1342          * @param string $email The user's email address
1343          * @param string $nick  The user's nick name
1344          * @param string $lang  The user's language (default is english)
1345          *
1346          * @return bool True, if the user was created successfully
1347          * @throws HTTPException\InternalServerErrorException
1348          * @throws ErrorException
1349          * @throws ImagickException
1350          */
1351         public static function createMinimal(string $name, string $email, string $nick, string $lang = L10n::DEFAULT)
1352         {
1353                 if (empty($name) ||
1354                     empty($email) ||
1355                     empty($nick)) {
1356                         throw new HTTPException\InternalServerErrorException('Invalid arguments.');
1357                 }
1358
1359                 $result = self::create([
1360                         'username' => $name,
1361                         'email' => $email,
1362                         'nickname' => $nick,
1363                         'verified' => 1,
1364                         'language' => $lang
1365                 ]);
1366
1367                 $user = $result['user'];
1368                 $preamble = Strings::deindent(DI::l10n()->t('
1369                 Dear %1$s,
1370                         the administrator of %2$s has set up an account for you.'));
1371                 $body = Strings::deindent(DI::l10n()->t('
1372                 The login details are as follows:
1373
1374                 Site Location:  %1$s
1375                 Login Name:             %2$s
1376                 Password:               %3$s
1377
1378                 You may change your password from your account "Settings" page after logging
1379                 in.
1380
1381                 Please take a few moments to review the other account settings on that page.
1382
1383                 You may also wish to add some basic information to your default profile
1384                 (on the "Profiles" page) so that other people can easily find you.
1385
1386                 We recommend setting your full name, adding a profile photo,
1387                 adding some profile "keywords" (very useful in making new friends) - and
1388                 perhaps what country you live in; if you do not wish to be more specific
1389                 than that.
1390
1391                 We fully respect your right to privacy, and none of these items are necessary.
1392                 If you are new and do not know anybody here, they may help
1393                 you to make some new and interesting friends.
1394
1395                 If you ever want to delete your account, you can do so at %1$s/removeme
1396
1397                 Thank you and welcome to %4$s.'));
1398
1399                 $preamble = sprintf($preamble, $user['username'], DI::config()->get('config', 'sitename'));
1400                 $body = sprintf($body, DI::baseUrl()->get(), $user['nickname'], $result['password'], DI::config()->get('config', 'sitename'));
1401
1402                 $email = DI::emailer()
1403                         ->newSystemMail()
1404                         ->withMessage(DI::l10n()->t('Registration details for %s', DI::config()->get('config', 'sitename')), $preamble, $body)
1405                         ->forUser($user)
1406                         ->withRecipient($user['email'])
1407                         ->build();
1408                 return DI::emailer()->send($email);
1409         }
1410
1411         /**
1412          * Sends pending registration confirmation email
1413          *
1414          * @param array  $user     User record array
1415          * @param string $sitename
1416          * @param string $siteurl
1417          * @param string $password Plaintext password
1418          * @return NULL|boolean from notification() and email() inherited
1419          * @throws HTTPException\InternalServerErrorException
1420          */
1421         public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password)
1422         {
1423                 $body = Strings::deindent(DI::l10n()->t(
1424                         '
1425                         Dear %1$s,
1426                                 Thank you for registering at %2$s. Your account is pending for approval by the administrator.
1427
1428                         Your login details are as follows:
1429
1430                         Site Location:  %3$s
1431                         Login Name:             %4$s
1432                         Password:               %5$s
1433                 ',
1434                         $user['username'],
1435                         $sitename,
1436                         $siteurl,
1437                         $user['nickname'],
1438                         $password
1439                 ));
1440
1441                 $email = DI::emailer()
1442                         ->newSystemMail()
1443                         ->withMessage(DI::l10n()->t('Registration at %s', $sitename), $body)
1444                         ->forUser($user)
1445                         ->withRecipient($user['email'])
1446                         ->build();
1447                 return DI::emailer()->send($email);
1448         }
1449
1450         /**
1451          * Sends registration confirmation
1452          *
1453          * It's here as a function because the mail is sent from different parts
1454          *
1455          * @param L10n   $l10n     The used language
1456          * @param array  $user     User record array
1457          * @param string $sitename
1458          * @param string $siteurl
1459          * @param string $password Plaintext password
1460          *
1461          * @return NULL|boolean from notification() and email() inherited
1462          * @throws HTTPException\InternalServerErrorException
1463          */
1464         public static function sendRegisterOpenEmail(L10n $l10n, $user, $sitename, $siteurl, $password)
1465         {
1466                 $preamble = Strings::deindent($l10n->t(
1467                         '
1468                                 Dear %1$s,
1469                                 Thank you for registering at %2$s. Your account has been created.
1470                         ',
1471                         $user['username'],
1472                         $sitename
1473                 ));
1474                 $body = Strings::deindent($l10n->t(
1475                         '
1476                         The login details are as follows:
1477
1478                         Site Location:  %3$s
1479                         Login Name:             %1$s
1480                         Password:               %5$s
1481
1482                         You may change your password from your account "Settings" page after logging
1483                         in.
1484
1485                         Please take a few moments to review the other account settings on that page.
1486
1487                         You may also wish to add some basic information to your default profile
1488                         ' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you.
1489
1490                         We recommend setting your full name, adding a profile photo,
1491                         adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and
1492                         perhaps what country you live in; if you do not wish to be more specific
1493                         than that.
1494
1495                         We fully respect your right to privacy, and none of these items are necessary.
1496                         If you are new and do not know anybody here, they may help
1497                         you to make some new and interesting friends.
1498
1499                         If you ever want to delete your account, you can do so at %3$s/removeme
1500
1501                         Thank you and welcome to %2$s.',
1502                         $user['nickname'],
1503                         $sitename,
1504                         $siteurl,
1505                         $user['username'],
1506                         $password
1507                 ));
1508
1509                 $email = DI::emailer()
1510                         ->newSystemMail()
1511                         ->withMessage(DI::l10n()->t('Registration details for %s', $sitename), $preamble, $body)
1512                         ->forUser($user)
1513                         ->withRecipient($user['email'])
1514                         ->build();
1515                 return DI::emailer()->send($email);
1516         }
1517
1518         /**
1519          * @param int $uid user to remove
1520          * @return bool
1521          * @throws HTTPException\InternalServerErrorException
1522          */
1523         public static function remove(int $uid)
1524         {
1525                 if (empty($uid)) {
1526                         return false;
1527                 }
1528
1529                 Logger::notice('Removing user', ['user' => $uid]);
1530
1531                 $user = DBA::selectFirst('user', [], ['uid' => $uid]);
1532
1533                 Hook::callAll('remove_user', $user);
1534
1535                 // save username (actually the nickname as it is guaranteed
1536                 // unique), so it cannot be re-registered in the future.
1537                 DBA::insert('userd', ['username' => $user['nickname']]);
1538
1539                 // Remove all personal settings, especially connector settings
1540                 DBA::delete('pconfig', ['uid' => $uid]);
1541
1542                 // The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
1543                 DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
1544                 Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
1545
1546                 // Send an update to the directory
1547                 $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);
1548                 Worker::add(PRIORITY_LOW, 'Directory', $self['url']);
1549
1550                 // Remove the user relevant data
1551                 Worker::add(PRIORITY_NEGLIGIBLE, 'RemoveUser', $uid);
1552
1553                 return true;
1554         }
1555
1556         /**
1557          * Return all identities to a user
1558          *
1559          * @param int $uid The user id
1560          * @return array All identities for this user
1561          *
1562          * Example for a return:
1563          *    [
1564          *        [
1565          *            'uid' => 1,
1566          *            'username' => 'maxmuster',
1567          *            'nickname' => 'Max Mustermann'
1568          *        ],
1569          *        [
1570          *            'uid' => 2,
1571          *            'username' => 'johndoe',
1572          *            'nickname' => 'John Doe'
1573          *        ]
1574          *    ]
1575          * @throws Exception
1576          */
1577         public static function identities($uid)
1578         {
1579                 if (empty($uid)) {
1580                         return [];
1581                 }
1582
1583                 $identities = [];
1584
1585                 $user = DBA::selectFirst('user', ['uid', 'nickname', 'username', 'parent-uid'], ['uid' => $uid]);
1586                 if (!DBA::isResult($user)) {
1587                         return $identities;
1588                 }
1589
1590                 if ($user['parent-uid'] == 0) {
1591                         // First add our own entry
1592                         $identities = [[
1593                                 'uid' => $user['uid'],
1594                                 'username' => $user['username'],
1595                                 'nickname' => $user['nickname']
1596                         ]];
1597
1598                         // Then add all the children
1599                         $r = DBA::select(
1600                                 'user',
1601                                 ['uid', 'username', 'nickname'],
1602                                 ['parent-uid' => $user['uid'], 'account_removed' => false]
1603                         );
1604                         if (DBA::isResult($r)) {
1605                                 $identities = array_merge($identities, DBA::toArray($r));
1606                         }
1607                 } else {
1608                         // First entry is our parent
1609                         $r = DBA::select(
1610                                 'user',
1611                                 ['uid', 'username', 'nickname'],
1612                                 ['uid' => $user['parent-uid'], 'account_removed' => false]
1613                         );
1614                         if (DBA::isResult($r)) {
1615                                 $identities = DBA::toArray($r);
1616                         }
1617
1618                         // Then add all siblings
1619                         $r = DBA::select(
1620                                 'user',
1621                                 ['uid', 'username', 'nickname'],
1622                                 ['parent-uid' => $user['parent-uid'], 'account_removed' => false]
1623                         );
1624                         if (DBA::isResult($r)) {
1625                                 $identities = array_merge($identities, DBA::toArray($r));
1626                         }
1627                 }
1628
1629                 $r = DBA::p(
1630                         "SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
1631                         FROM `manage`
1632                         INNER JOIN `user` ON `manage`.`mid` = `user`.`uid`
1633                         WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?",
1634                         $user['uid']
1635                 );
1636                 if (DBA::isResult($r)) {
1637                         $identities = array_merge($identities, DBA::toArray($r));
1638                 }
1639
1640                 return $identities;
1641         }
1642
1643         /**
1644          * Check if the given user id has delegations or is delegated
1645          *
1646          * @param int $uid
1647          * @return bool
1648          */
1649         public static function hasIdentities(int $uid):bool
1650         {
1651                 if (empty($uid)) {
1652                         return false;
1653                 }
1654
1655                 $user = DBA::selectFirst('user', ['parent-uid'], ['uid' => $uid, 'account_removed' => false]);
1656                 if (!DBA::isResult($user)) {
1657                         return false;
1658                 }
1659
1660                 if ($user['parent-uid'] != 0) {
1661                         return true;
1662                 }
1663
1664                 if (DBA::exists('user', ['parent-uid' => $uid, 'account_removed' => false])) {
1665                         return true;
1666                 }
1667
1668                 if (DBA::exists('manage', ['uid' => $uid])) {
1669                         return true;
1670                 }
1671
1672                 return false;
1673         }
1674
1675         /**
1676          * Returns statistical information about the current users of this node
1677          *
1678          * @return array
1679          *
1680          * @throws Exception
1681          */
1682         public static function getStatistics()
1683         {
1684                 $statistics = [
1685                         'total_users'           => 0,
1686                         'active_users_halfyear' => 0,
1687                         'active_users_monthly'  => 0,
1688                         'active_users_weekly'   => 0,
1689                 ];
1690
1691                 $userStmt = DBA::select('owner-view', ['uid', 'login_date', 'last-item'],
1692                         ["`verified` AND `login_date` > ? AND NOT `blocked`
1693                         AND NOT `account_removed` AND NOT `account_expired`",
1694                         DBA::NULL_DATETIME]);
1695                 if (!DBA::isResult($userStmt)) {
1696                         return $statistics;
1697                 }
1698
1699                 $halfyear = time() - (180 * 24 * 60 * 60);
1700                 $month = time() - (30 * 24 * 60 * 60);
1701                 $week = time() - (7 * 24 * 60 * 60);
1702
1703                 while ($user = DBA::fetch($userStmt)) {
1704                         $statistics['total_users']++;
1705
1706                         if ((strtotime($user['login_date']) > $halfyear) || (strtotime($user['last-item']) > $halfyear)
1707                         ) {
1708                                 $statistics['active_users_halfyear']++;
1709                         }
1710
1711                         if ((strtotime($user['login_date']) > $month) || (strtotime($user['last-item']) > $month)
1712                         ) {
1713                                 $statistics['active_users_monthly']++;
1714                         }
1715
1716                         if ((strtotime($user['login_date']) > $week) || (strtotime($user['last-item']) > $week)
1717                         ) {
1718                                 $statistics['active_users_weekly']++;
1719                         }
1720                 }
1721                 DBA::close($userStmt);
1722
1723                 return $statistics;
1724         }
1725
1726         /**
1727          * Get all users of the current node
1728          *
1729          * @param int    $start Start count (Default is 0)
1730          * @param int    $count Count of the items per page (Default is @see Pager::ITEMS_PER_PAGE)
1731          * @param string $type  The type of users, which should get (all, bocked, removed)
1732          * @param string $order Order of the user list (Default is 'contact.name')
1733          * @param bool   $descending Order direction (Default is ascending)
1734          *
1735          * @return array The list of the users
1736          * @throws Exception
1737          */
1738         public static function getList($start = 0, $count = Pager::ITEMS_PER_PAGE, $type = 'all', $order = 'name', bool $descending = false)
1739         {
1740                 $param = ['limit' => [$start, $count], 'order' => [$order => $descending]];
1741                 $condition = [];
1742                 switch ($type) {
1743                         case 'active':
1744                                 $condition['account_removed'] = false;
1745                                 $condition['blocked'] = false;
1746                                 break;
1747                         case 'blocked':
1748                                 $condition['account_removed'] = false;
1749                                 $condition['blocked'] = true;
1750                                 $condition['verified'] = true;
1751                                 break;
1752                         case 'removed':
1753                                 $condition['account_removed'] = true;
1754                                 break;
1755                 }
1756
1757                 return DBA::selectToArray('owner-view', [], $condition, $param);
1758         }
1759 }