]> git.mxchange.org Git - friendica.git/blob - src/Model/User.php
Merge pull request #11141 from urbalazs/language-names
[friendica.git] / src / Model / User.php
1 <?php
2 /**
3  * @copyright Copyright (C) 2010-2022, the Friendica project
4  *
5  * @license GNU AGPL version 3 or any later version
6  *
7  * This program is free software: you can redistribute it and/or modify
8  * it under the terms of the GNU Affero General Public License as
9  * published by the Free Software Foundation, either version 3 of the
10  * License, or (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU Affero General Public License for more details.
16  *
17  * You should have received a copy of the GNU Affero General Public License
18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
19  *
20  */
21
22 namespace Friendica\Model;
23
24 use DivineOmega\DOFileCachePSR6\CacheItemPool;
25 use DivineOmega\PasswordExposed;
26 use ErrorException;
27 use Exception;
28 use Friendica\Content\Pager;
29 use Friendica\Core\Hook;
30 use Friendica\Core\L10n;
31 use Friendica\Core\Logger;
32 use Friendica\Core\Protocol;
33 use Friendica\Core\System;
34 use Friendica\Core\Worker;
35 use Friendica\Database\DBA;
36 use Friendica\DI;
37 use Friendica\Security\TwoFactor\Model\AppSpecificPassword;
38 use Friendica\Network\HTTPException;
39 use Friendica\Object\Image;
40 use Friendica\Util\Crypto;
41 use Friendica\Util\DateTimeFormat;
42 use Friendica\Util\Images;
43 use Friendica\Util\Network;
44 use Friendica\Util\Proxy;
45 use Friendica\Util\Strings;
46 use Friendica\Worker\Delivery;
47 use ImagickException;
48 use LightOpenID;
49
50 /**
51  * This class handles User related functions
52  */
53 class User
54 {
55         /**
56          * Page/profile types
57          *
58          * PAGE_FLAGS_NORMAL is a typical personal profile account
59          * PAGE_FLAGS_SOAPBOX automatically approves all friend requests as Contact::SHARING, (readonly)
60          * PAGE_FLAGS_COMMUNITY automatically approves all friend requests as Contact::SHARING, but with
61          *      write access to wall and comments (no email and not included in page owner's ACL lists)
62          * PAGE_FLAGS_FREELOVE automatically approves all friend requests as full friends (Contact::FRIEND).
63          *
64          * @{
65          */
66         const PAGE_FLAGS_NORMAL    = 0;
67         const PAGE_FLAGS_SOAPBOX   = 1;
68         const PAGE_FLAGS_COMMUNITY = 2;
69         const PAGE_FLAGS_FREELOVE  = 3;
70         const PAGE_FLAGS_BLOG      = 4;
71         const PAGE_FLAGS_PRVGROUP  = 5;
72         /**
73          * @}
74          */
75
76         /**
77          * Account types
78          *
79          * ACCOUNT_TYPE_PERSON - the account belongs to a person
80          *      Associated page types: PAGE_FLAGS_NORMAL, PAGE_FLAGS_SOAPBOX, PAGE_FLAGS_FREELOVE
81          *
82          * ACCOUNT_TYPE_ORGANISATION - the account belongs to an organisation
83          *      Associated page type: PAGE_FLAGS_SOAPBOX
84          *
85          * ACCOUNT_TYPE_NEWS - the account is a news reflector
86          *      Associated page type: PAGE_FLAGS_SOAPBOX
87          *
88          * ACCOUNT_TYPE_COMMUNITY - the account is community forum
89          *      Associated page types: PAGE_COMMUNITY, PAGE_FLAGS_PRVGROUP
90          *
91          * ACCOUNT_TYPE_RELAY - the account is a relay
92          *      This will only be assigned to contacts, not to user accounts
93          * @{
94          */
95         const ACCOUNT_TYPE_PERSON =       0;
96         const ACCOUNT_TYPE_ORGANISATION = 1;
97         const ACCOUNT_TYPE_NEWS =         2;
98         const ACCOUNT_TYPE_COMMUNITY =    3;
99         const ACCOUNT_TYPE_RELAY =        4;
100         const ACCOUNT_TYPE_DELETED =    127;
101         /**
102          * @}
103          */
104
105         private static $owner;
106
107         /**
108          * Returns the numeric account type by their string
109          *
110          * @param string $accounttype as string constant
111          * @return int|null Numeric account type - or null when not set
112          */
113         public static function getAccountTypeByString(string $accounttype)
114         {
115                 switch ($accounttype) {
116                         case 'person':
117                                 return User::ACCOUNT_TYPE_PERSON;
118                         case 'organisation':
119                                 return User::ACCOUNT_TYPE_ORGANISATION;
120                         case 'news':
121                                 return User::ACCOUNT_TYPE_NEWS;
122                         case 'community':
123                                 return User::ACCOUNT_TYPE_COMMUNITY;
124                         default:
125                                 return null;
126                         break;
127                 }
128         }
129
130         /**
131          * Fetch the system account
132          *
133          * @return array system account
134          */
135         public static function getSystemAccount()
136         {
137                 $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
138                 if (!DBA::isResult($system)) {
139                         self::createSystemAccount();
140                         $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
141                         if (!DBA::isResult($system)) {
142                                 return [];
143                         }
144                 }
145
146                 $system['sprvkey'] = $system['uprvkey'] = $system['prvkey'];
147                 $system['spubkey'] = $system['upubkey'] = $system['pubkey'];
148                 $system['nickname'] = $system['nick'];
149                 $system['page-flags'] = User::PAGE_FLAGS_SOAPBOX;
150                 $system['account-type'] = $system['contact-type'];
151                 $system['guid'] = '';
152                 $system['picdate'] = '';
153                 $system['theme'] = '';
154                 $system['publish'] = false;
155                 $system['net-publish'] = false;
156                 $system['hide-friends'] = true;
157                 $system['prv_keywords'] = '';
158                 $system['pub_keywords'] = '';
159                 $system['address'] = '';
160                 $system['locality'] = '';
161                 $system['region'] = '';
162                 $system['postal-code'] = '';
163                 $system['country-name'] = '';
164                 $system['homepage'] = DI::baseUrl()->get();
165                 $system['dob'] = '0000-00-00';
166
167                 // Ensure that the user contains data
168                 $user = DBA::selectFirst('user', ['prvkey', 'guid'], ['uid' => 0]);
169                 if (empty($user['prvkey']) || empty($user['guid'])) {
170                         $fields = [
171                                 'username' => $system['name'],
172                                 'nickname' => $system['nick'],
173                                 'register_date' => $system['created'],
174                                 'pubkey' => $system['pubkey'],
175                                 'prvkey' => $system['prvkey'],
176                                 'spubkey' => $system['spubkey'],
177                                 'sprvkey' => $system['sprvkey'],
178                                 'guid' => System::createUUID(),
179                                 'verified' => true,
180                                 'page-flags' => User::PAGE_FLAGS_SOAPBOX,
181                                 'account-type' => User::ACCOUNT_TYPE_RELAY,
182                         ];
183
184                         DBA::update('user', $fields, ['uid' => 0]);
185
186                         $system['guid'] = $fields['guid'];
187                 } else {
188                         $system['guid'] = $user['guid'];
189                 }
190
191                 return $system;
192         }
193
194         /**
195          * Create the system account
196          *
197          * @return void
198          */
199         private static function createSystemAccount()
200         {
201                 $system_actor_name = self::getActorName();
202                 if (empty($system_actor_name)) {
203                         return;
204                 }
205
206                 $keys = Crypto::newKeypair(4096);
207                 if ($keys === false) {
208                         throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
209                 }
210
211                 $system = [];
212                 $system['uid'] = 0;
213                 $system['created'] = DateTimeFormat::utcNow();
214                 $system['self'] = true;
215                 $system['network'] = Protocol::ACTIVITYPUB;
216                 $system['name'] = 'System Account';
217                 $system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname();
218                 $system['nick'] = $system_actor_name;
219                 $system['url'] = DI::baseUrl() . '/friendica';
220
221                 $system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);
222                 $system['thumb'] = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
223                 $system['micro'] = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
224
225                 $system['nurl'] = Strings::normaliseLink($system['url']);
226                 $system['pubkey'] = $keys['pubkey'];
227                 $system['prvkey'] = $keys['prvkey'];
228                 $system['blocked'] = 0;
229                 $system['pending'] = 0;
230                 $system['contact-type'] = Contact::TYPE_RELAY; // In AP this is translated to 'Application'
231                 $system['name-date'] = DateTimeFormat::utcNow();
232                 $system['uri-date'] = DateTimeFormat::utcNow();
233                 $system['avatar-date'] = DateTimeFormat::utcNow();
234                 $system['closeness'] = 0;
235                 $system['baseurl'] = DI::baseUrl();
236                 $system['gsid'] = GServer::getID($system['baseurl']);
237                 Contact::insert($system);
238         }
239
240         /**
241          * Detect a usable actor name
242          *
243          * @return string actor account name
244          */
245         public static function getActorName()
246         {
247                 $system_actor_name = DI::config()->get('system', 'actor_name');
248                 if (!empty($system_actor_name)) {
249                         $self = Contact::selectFirst(['nick'], ['uid' => 0, 'self' => true]);
250                         if (!empty($self['nick'])) {
251                                 if ($self['nick'] != $system_actor_name) {
252                                         // Reset the actor name to the already used name
253                                         DI::config()->set('system', 'actor_name', $self['nick']);
254                                         $system_actor_name = $self['nick'];
255                                 }
256                         }
257                         return $system_actor_name;
258                 }
259
260                 // List of possible actor names
261                 $possible_accounts = ['friendica', 'actor', 'system', 'internal'];
262                 foreach ($possible_accounts as $name) {
263                         if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire' => false]) &&
264                                 !DBA::exists('userd', ['username' => $name])) {
265                                 DI::config()->set('system', 'actor_name', $name);
266                                 return $name;
267                         }
268                 }
269                 return '';
270         }
271
272         /**
273          * Returns true if a user record exists with the provided id
274          *
275          * @param  integer $uid
276          * @return boolean
277          * @throws Exception
278          */
279         public static function exists($uid)
280         {
281                 return DBA::exists('user', ['uid' => $uid]);
282         }
283
284         /**
285          * @param  integer       $uid
286          * @param array          $fields
287          * @return array|boolean User record if it exists, false otherwise
288          * @throws Exception
289          */
290         public static function getById($uid, array $fields = [])
291         {
292                 return !empty($uid) ? DBA::selectFirst('user', $fields, ['uid' => $uid]) : [];
293         }
294
295         /**
296          * Returns a user record based on it's GUID
297          *
298          * @param string $guid   The guid of the user
299          * @param array  $fields The fields to retrieve
300          * @param bool   $active True, if only active records are searched
301          *
302          * @return array|boolean User record if it exists, false otherwise
303          * @throws Exception
304          */
305         public static function getByGuid(string $guid, array $fields = [], bool $active = true)
306         {
307                 if ($active) {
308                         $cond = ['guid' => $guid, 'account_expired' => false, 'account_removed' => false];
309                 } else {
310                         $cond = ['guid' => $guid];
311                 }
312
313                 return DBA::selectFirst('user', $fields, $cond);
314         }
315
316         /**
317          * @param  string        $nickname
318          * @param array          $fields
319          * @return array|boolean User record if it exists, false otherwise
320          * @throws Exception
321          */
322         public static function getByNickname($nickname, array $fields = [])
323         {
324                 return DBA::selectFirst('user', $fields, ['nickname' => $nickname]);
325         }
326
327         /**
328          * Returns the user id of a given profile URL
329          *
330          * @param string $url
331          *
332          * @return integer user id
333          * @throws Exception
334          */
335         public static function getIdForURL(string $url)
336         {
337                 // Avoid database queries when the local node hostname isn't even part of the url.
338                 if (!Contact::isLocal($url)) {
339                         return 0;
340                 }
341
342                 $self = Contact::selectFirst(['uid'], ['self' => true, 'nurl' => Strings::normaliseLink($url)]);
343                 if (!empty($self['uid'])) {
344                         return $self['uid'];
345                 }
346
347                 $self = Contact::selectFirst(['uid'], ['self' => true, 'addr' => $url]);
348                 if (!empty($self['uid'])) {
349                         return $self['uid'];
350                 }
351
352                 $self = Contact::selectFirst(['uid'], ['self' => true, 'alias' => [$url, Strings::normaliseLink($url)]]);
353                 if (!empty($self['uid'])) {
354                         return $self['uid'];
355                 }
356
357                 return 0;
358         }
359
360         /**
361          * Get a user based on its email
362          *
363          * @param string        $email
364          * @param array          $fields
365          *
366          * @return array|boolean User record if it exists, false otherwise
367          *
368          * @throws Exception
369          */
370         public static function getByEmail($email, array $fields = [])
371         {
372                 return DBA::selectFirst('user', $fields, ['email' => $email]);
373         }
374
375         /**
376          * Fetch the user array of the administrator. The first one if there are several.
377          *
378          * @param array $fields
379          * @return array user
380          */
381         public static function getFirstAdmin(array $fields = [])
382         {
383                 if (!empty(DI::config()->get('config', 'admin_nickname'))) {
384                         return self::getByNickname(DI::config()->get('config', 'admin_nickname'), $fields);
385                 } elseif (!empty(DI::config()->get('config', 'admin_email'))) {
386                         $adminList = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
387                         return self::getByEmail($adminList[0], $fields);
388                 } else {
389                         return [];
390                 }
391         }
392
393         /**
394          * Get owner data by user id
395          *
396          * @param int     $uid
397          * @param boolean $repairMissing Repair the owner data if it's missing
398          * @return boolean|array
399          * @throws Exception
400          */
401         public static function getOwnerDataById(int $uid, bool $repairMissing = true)
402         {
403                 if ($uid == 0) {
404                         return self::getSystemAccount();
405                 }
406
407                 if (!empty(self::$owner[$uid])) {
408                         return self::$owner[$uid];
409                 }
410
411                 $owner = DBA::selectFirst('owner-view', [], ['uid' => $uid]);
412                 if (!DBA::isResult($owner)) {
413                         if (!DBA::exists('user', ['uid' => $uid]) || !$repairMissing) {
414                                 return false;
415                         }
416                         if (!DBA::exists('profile', ['uid' => $uid])) {
417                                 DBA::insert('profile', ['uid' => $uid]);
418                         }
419                         if (!DBA::exists('contact', ['uid' => $uid, 'self' => true])) {
420                                 Contact::createSelfFromUserId($uid);
421                         }
422                         $owner = self::getOwnerDataById($uid, false);
423                 }
424
425                 if (empty($owner['nickname'])) {
426                         return false;
427                 }
428
429                 if (!$repairMissing || $owner['account_expired']) {
430                         return $owner;
431                 }
432
433                 // Check if the returned data is valid, otherwise fix it. See issue #6122
434
435                 // Check for correct url and normalised nurl
436                 $url = DI::baseUrl() . '/profile/' . $owner['nickname'];
437                 $repair = empty($owner['network']) || ($owner['url'] != $url) || ($owner['nurl'] != Strings::normaliseLink($owner['url']));
438
439                 if (!$repair) {
440                         // Check if "addr" is present and correct
441                         $addr = $owner['nickname'] . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
442                         $repair = ($addr != $owner['addr']) || empty($owner['prvkey']) || empty($owner['pubkey']);
443                 }
444
445                 if (!$repair) {
446                         // Check if the avatar field is filled and the photo directs to the correct path
447                         $avatar = Photo::selectFirst(['resource-id'], ['uid' => $uid, 'profile' => true]);
448                         if (DBA::isResult($avatar)) {
449                                 $repair = empty($owner['avatar']) || !strpos($owner['photo'], $avatar['resource-id']);
450                         }
451                 }
452
453                 if ($repair) {
454                         Contact::updateSelfFromUserID($uid);
455                         // Return the corrected data and avoid a loop
456                         $owner = self::getOwnerDataById($uid, false);
457                 }
458
459                 self::$owner[$uid] = $owner;
460                 return $owner;
461         }
462
463         /**
464          * Get owner data by nick name
465          *
466          * @param int $nick
467          * @return boolean|array
468          * @throws Exception
469          */
470         public static function getOwnerDataByNick($nick)
471         {
472                 $user = DBA::selectFirst('user', ['uid'], ['nickname' => $nick]);
473
474                 if (!DBA::isResult($user)) {
475                         return false;
476                 }
477
478                 return self::getOwnerDataById($user['uid']);
479         }
480
481         /**
482          * Returns the default group for a given user and network
483          *
484          * @param int $uid User id
485          *
486          * @return int group id
487          * @throws Exception
488          */
489         public static function getDefaultGroup($uid)
490         {
491                 $user = DBA::selectFirst('user', ['def_gid'], ['uid' => $uid]);
492                 if (DBA::isResult($user)) {
493                         $default_group = $user["def_gid"];
494                 } else {
495                         $default_group = 0;
496                 }
497
498                 return $default_group;
499         }
500
501         /**
502          * Authenticate a user with a clear text password
503          *
504          * Returns the user id associated with a successful password authentication
505          *
506          * @param mixed  $user_info
507          * @param string $password
508          * @param bool   $third_party
509          * @return int User Id if authentication is successful
510          * @throws HTTPException\ForbiddenException
511          * @throws HTTPException\NotFoundException
512          */
513         public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
514         {
515                 // Addons registered with the "authenticate" hook may create the user on the
516                 // fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
517                 // the user doesn't exist, we should give the addons a chance to create the
518                 // user in our database, if applicable, before re-throwing the exception if
519                 // they fail.
520                 try {
521                         $user = self::getAuthenticationInfo($user_info);
522                 } catch (Exception $e) {
523                         $username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
524
525                         // Addons can create users, and since this 'catch' branch should only
526                         // execute if getAuthenticationInfo can't find an existing user, that's
527                         // exactly what will happen here. Creating a numeric username would create
528                         // abiguity with user IDs, possibly opening up an attack vector.
529                         // So let's be very careful about that.
530                         if (empty($username) || is_numeric($username)) {
531                                 throw $e;
532                         }
533
534                         return self::getIdFromAuthenticateHooks($username, $password);
535                 }
536
537                 if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
538                         // Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
539                         if (AppSpecificPassword::authenticateUser($user['uid'], $password)) {
540                                 return $user['uid'];
541                         }
542                 } elseif (strpos($user['password'], '$') === false) {
543                         //Legacy hash that has not been replaced by a new hash yet
544                         if (self::hashPasswordLegacy($password) === $user['password']) {
545                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
546
547                                 return $user['uid'];
548                         }
549                 } elseif (!empty($user['legacy_password'])) {
550                         //Legacy hash that has been double-hashed and not replaced by a new hash yet
551                         //Warning: `legacy_password` is not necessary in sync with the content of `password`
552                         if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
553                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
554
555                                 return $user['uid'];
556                         }
557                 } elseif (password_verify($password, $user['password'])) {
558                         //New password hash
559                         if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
560                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
561                         }
562
563                         return $user['uid'];
564                 } else {
565                         return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
566                 }
567
568                 throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
569         }
570
571         /**
572          * Try to obtain a user ID via "authenticate" hook addons
573          *
574          * Returns the user id associated with a successful password authentication
575          *
576          * @param string $username
577          * @param string $password
578          * @return int User Id if authentication is successful
579          * @throws HTTPException\ForbiddenException
580          */
581         public static function getIdFromAuthenticateHooks($username, $password)
582         {
583                 $addon_auth = [
584                         'username'      => $username,
585                         'password'      => $password,
586                         'authenticated' => 0,
587                         'user_record'   => null
588                 ];
589
590                 /*
591                  * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
592                  * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
593                  * and later addons should not interfere with an earlier one that succeeded.
594                  */
595                 Hook::callAll('authenticate', $addon_auth);
596
597                 if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
598                         return $addon_auth['user_record']['uid'];
599                 }
600
601                 throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
602         }
603
604         /**
605          * Returns authentication info from various parameters types
606          *
607          * User info can be any of the following:
608          * - User DB object
609          * - User Id
610          * - User email or username or nickname
611          * - User array with at least the uid and the hashed password
612          *
613          * @param mixed $user_info
614          * @return array
615          * @throws HTTPException\NotFoundException
616          */
617         public static function getAuthenticationInfo($user_info)
618         {
619                 $user = null;
620
621                 if (is_object($user_info) || is_array($user_info)) {
622                         if (is_object($user_info)) {
623                                 $user = (array) $user_info;
624                         } else {
625                                 $user = $user_info;
626                         }
627
628                         if (
629                                 !isset($user['uid'])
630                                 || !isset($user['password'])
631                                 || !isset($user['legacy_password'])
632                         ) {
633                                 throw new Exception(DI::l10n()->t('Not enough information to authenticate'));
634                         }
635                 } elseif (is_int($user_info) || is_string($user_info)) {
636                         if (is_int($user_info)) {
637                                 $user = DBA::selectFirst(
638                                         'user',
639                                         ['uid', 'nickname', 'password', 'legacy_password'],
640                                         [
641                                                 'uid' => $user_info,
642                                                 'blocked' => 0,
643                                                 'account_expired' => 0,
644                                                 'account_removed' => 0,
645                                                 'verified' => 1
646                                         ]
647                                 );
648                         } else {
649                                 $fields = ['uid', 'nickname', 'password', 'legacy_password'];
650                                 $condition = [
651                                         "(`email` = ? OR `username` = ? OR `nickname` = ?)
652                                         AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
653                                         $user_info, $user_info, $user_info
654                                 ];
655                                 $user = DBA::selectFirst('user', $fields, $condition);
656                         }
657
658                         if (!DBA::isResult($user)) {
659                                 throw new HTTPException\NotFoundException(DI::l10n()->t('User not found'));
660                         }
661                 }
662
663                 return $user;
664         }
665
666         /**
667          * Generates a human-readable random password
668          *
669          * @return string
670          * @throws Exception
671          */
672         public static function generateNewPassword()
673         {
674                 return ucfirst(Strings::getRandomName(8)) . random_int(1000, 9999);
675         }
676
677         /**
678          * Checks if the provided plaintext password has been exposed or not
679          *
680          * @param string $password
681          * @return bool
682          * @throws Exception
683          */
684         public static function isPasswordExposed($password)
685         {
686                 $cache = new CacheItemPool();
687                 $cache->changeConfig([
688                         'cacheDirectory' => System::getTempPath() . '/password-exposed-cache/',
689                 ]);
690
691                 try {
692                         $passwordExposedChecker = new PasswordExposed\PasswordExposedChecker(null, $cache);
693
694                         return $passwordExposedChecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED;
695                 } catch (Exception $e) {
696                         Logger::error('Password Exposed Exception: ' . $e->getMessage(), [
697                                 'code' => $e->getCode(),
698                                 'file' => $e->getFile(),
699                                 'line' => $e->getLine(),
700                                 'trace' => $e->getTraceAsString()
701                         ]);
702
703                         return false;
704                 }
705         }
706
707         /**
708          * Legacy hashing function, kept for password migration purposes
709          *
710          * @param string $password
711          * @return string
712          */
713         private static function hashPasswordLegacy($password)
714         {
715                 return hash('whirlpool', $password);
716         }
717
718         /**
719          * Global user password hashing function
720          *
721          * @param string $password
722          * @return string
723          * @throws Exception
724          */
725         public static function hashPassword($password)
726         {
727                 if (!trim($password)) {
728                         throw new Exception(DI::l10n()->t('Password can\'t be empty'));
729                 }
730
731                 return password_hash($password, PASSWORD_DEFAULT);
732         }
733
734         /**
735          * Updates a user row with a new plaintext password
736          *
737          * @param int    $uid
738          * @param string $password
739          * @return bool
740          * @throws Exception
741          */
742         public static function updatePassword($uid, $password)
743         {
744                 $password = trim($password);
745
746                 if (empty($password)) {
747                         throw new Exception(DI::l10n()->t('Empty passwords are not allowed.'));
748                 }
749
750                 if (!DI::config()->get('system', 'disable_password_exposed', false) && self::isPasswordExposed($password)) {
751                         throw new Exception(DI::l10n()->t('The new password has been exposed in a public data dump, please choose another.'));
752                 }
753
754                 $allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
755
756                 if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) {
757                         throw new Exception(DI::l10n()->t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
758                 }
759
760                 return self::updatePasswordHashed($uid, self::hashPassword($password));
761         }
762
763         /**
764          * Updates a user row with a new hashed password.
765          * Empties the password reset token field just in case.
766          *
767          * @param int    $uid
768          * @param string $pasword_hashed
769          * @return bool
770          * @throws Exception
771          */
772         private static function updatePasswordHashed($uid, $pasword_hashed)
773         {
774                 $fields = [
775                         'password' => $pasword_hashed,
776                         'pwdreset' => null,
777                         'pwdreset_time' => null,
778                         'legacy_password' => false
779                 ];
780                 return DBA::update('user', $fields, ['uid' => $uid]);
781         }
782
783         /**
784          * Checks if a nickname is in the list of the forbidden nicknames
785          *
786          * Check if a nickname is forbidden from registration on the node by the
787          * admin. Forbidden nicknames (e.g. role namess) can be configured in the
788          * admin panel.
789          *
790          * @param string $nickname The nickname that should be checked
791          * @return boolean True is the nickname is blocked on the node
792          */
793         public static function isNicknameBlocked($nickname)
794         {
795                 $forbidden_nicknames = DI::config()->get('system', 'forbidden_nicknames', '');
796                 if (!empty($forbidden_nicknames)) {
797                         $forbidden = explode(',', $forbidden_nicknames);
798                         $forbidden = array_map('trim', $forbidden);
799                 } else {
800                         $forbidden = [];
801                 }
802
803                 // Add the name of the internal actor to the "forbidden" list
804                 $actor_name = self::getActorName();
805                 if (!empty($actor_name)) {
806                         $forbidden[] = $actor_name;
807                 }
808
809                 if (empty($forbidden)) {
810                         return false;
811                 }
812
813                 // check if the nickname is in the list of blocked nicknames
814                 if (in_array(strtolower($nickname), $forbidden)) {
815                         return true;
816                 }
817
818                 // else return false
819                 return false;
820         }
821
822         /**
823          * Get avatar link for given user
824          *
825          * @param array  $user
826          * @param string $size One of the Proxy::SIZE_* constants
827          * @return string avatar link
828          * @throws Exception
829          */
830         public static function getAvatarUrl(array $user, string $size = ''):string
831         {
832                 if (empty($user['nickname'])) {
833                         DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
834                 }
835
836                 $url = DI::baseUrl() . '/photo/';
837
838                 switch ($size) {
839                         case Proxy::SIZE_MICRO:
840                                 $url .= 'micro/';
841                                 $scale = 6;
842                                 break;
843                         case Proxy::SIZE_THUMB:
844                                 $url .= 'avatar/';
845                                 $scale = 5;
846                                 break;
847                         default:
848                                 $url .= 'profile/';
849                                 $scale = 4;
850                                 break;
851                 }
852
853                 $updated  =  '';
854                 $mimetype = '';
855
856                 $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => $scale, 'uid' => $user['uid'], 'profile' => true]);
857                 if (!empty($photo)) {
858                         $updated  = max($photo['created'], $photo['edited'], $photo['updated']);
859                         $mimetype = $photo['type'];
860                 }
861
862                 return $url . $user['nickname'] . Images::getExtensionByMimeType($mimetype) . ($updated ? '?ts=' . strtotime($updated) : '');
863         }
864
865         /**
866          * Get banner link for given user
867          *
868          * @param array  $user
869          * @return string banner link
870          * @throws Exception
871          */
872         public static function getBannerUrl(array $user):string
873         {
874                 if (empty($user['nickname'])) {
875                         DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
876                 }
877
878                 $url = DI::baseUrl() . '/photo/banner/';
879
880                 $updated  = '';
881                 $mimetype = '';
882
883                 $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => 3, 'uid' => $user['uid'], 'photo-type' => Photo::USER_BANNER]);
884                 if (!empty($photo)) {
885                         $updated  = max($photo['created'], $photo['edited'], $photo['updated']);
886                         $mimetype = $photo['type'];
887                 } else {
888                         // Only for the RC phase: Don't return an image link for the default picture
889                         return '';
890                 }
891
892                 return $url . $user['nickname'] . Images::getExtensionByMimeType($mimetype) . ($updated ? '?ts=' . strtotime($updated) : '');
893         }
894
895         /**
896          * Catch-all user creation function
897          *
898          * Creates a user from the provided data array, either form fields or OpenID.
899          * Required: { username, nickname, email } or { openid_url }
900          *
901          * Performs the following:
902          * - Sends to the OpenId auth URL (if relevant)
903          * - Creates new key pairs for crypto
904          * - Create self-contact
905          * - Create profile image
906          *
907          * @param  array $data
908          * @return array
909          * @throws ErrorException
910          * @throws HTTPException\InternalServerErrorException
911          * @throws ImagickException
912          * @throws Exception
913          */
914         public static function create(array $data)
915         {
916                 $return = ['user' => null, 'password' => ''];
917
918                 $using_invites = DI::config()->get('system', 'invitation_only');
919
920                 $invite_id  = !empty($data['invite_id'])  ? trim($data['invite_id'])  : '';
921                 $username   = !empty($data['username'])   ? trim($data['username'])   : '';
922                 $nickname   = !empty($data['nickname'])   ? trim($data['nickname'])   : '';
923                 $email      = !empty($data['email'])      ? trim($data['email'])      : '';
924                 $openid_url = !empty($data['openid_url']) ? trim($data['openid_url']) : '';
925                 $photo      = !empty($data['photo'])      ? trim($data['photo'])      : '';
926                 $password   = !empty($data['password'])   ? trim($data['password'])   : '';
927                 $password1  = !empty($data['password1'])  ? trim($data['password1'])  : '';
928                 $confirm    = !empty($data['confirm'])    ? trim($data['confirm'])    : '';
929                 $blocked    = !empty($data['blocked']);
930                 $verified   = !empty($data['verified']);
931                 $language   = !empty($data['language'])   ? trim($data['language'])   : 'en';
932
933                 $netpublish = $publish = !empty($data['profile_publish_reg']);
934
935                 if ($password1 != $confirm) {
936                         throw new Exception(DI::l10n()->t('Passwords do not match. Password unchanged.'));
937                 } elseif ($password1 != '') {
938                         $password = $password1;
939                 }
940
941                 if ($using_invites) {
942                         if (!$invite_id) {
943                                 throw new Exception(DI::l10n()->t('An invitation is required.'));
944                         }
945
946                         if (!Register::existsByHash($invite_id)) {
947                                 throw new Exception(DI::l10n()->t('Invitation could not be verified.'));
948                         }
949                 }
950
951                 /// @todo Check if this part is really needed. We should have fetched all this data in advance
952                 if (empty($username) || empty($email) || empty($nickname)) {
953                         if ($openid_url) {
954                                 if (!Network::isUrlValid($openid_url)) {
955                                         throw new Exception(DI::l10n()->t('Invalid OpenID url'));
956                                 }
957                                 $_SESSION['register'] = 1;
958                                 $_SESSION['openid'] = $openid_url;
959
960                                 $openid = new LightOpenID(DI::baseUrl()->getHostname());
961                                 $openid->identity = $openid_url;
962                                 $openid->returnUrl = DI::baseUrl() . '/openid';
963                                 $openid->required = ['namePerson/friendly', 'contact/email', 'namePerson'];
964                                 $openid->optional = ['namePerson/first', 'media/image/aspect11', 'media/image/default'];
965                                 try {
966                                         $authurl = $openid->authUrl();
967                                 } catch (Exception $e) {
968                                         throw new Exception(DI::l10n()->t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . DI::l10n()->t('The error message was:') . $e->getMessage(), 0, $e);
969                                 }
970                                 System::externalRedirect($authurl);
971                                 // NOTREACHED
972                         }
973
974                         throw new Exception(DI::l10n()->t('Please enter the required information.'));
975                 }
976
977                 if (!Network::isUrlValid($openid_url)) {
978                         $openid_url = '';
979                 }
980
981                 // collapse multiple spaces in name
982                 $username = preg_replace('/ +/', ' ', $username);
983
984                 $username_min_length = max(1, min(64, intval(DI::config()->get('system', 'username_min_length', 3))));
985                 $username_max_length = max(1, min(64, intval(DI::config()->get('system', 'username_max_length', 48))));
986
987                 if ($username_min_length > $username_max_length) {
988                         Logger::error(DI::l10n()->t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length));
989                         $tmp = $username_min_length;
990                         $username_min_length = $username_max_length;
991                         $username_max_length = $tmp;
992                 }
993
994                 if (mb_strlen($username) < $username_min_length) {
995                         throw new Exception(DI::l10n()->tt('Username should be at least %s character.', 'Username should be at least %s characters.', $username_min_length));
996                 }
997
998                 if (mb_strlen($username) > $username_max_length) {
999                         throw new Exception(DI::l10n()->tt('Username should be at most %s character.', 'Username should be at most %s characters.', $username_max_length));
1000                 }
1001
1002                 // So now we are just looking for a space in the full name.
1003                 $loose_reg = DI::config()->get('system', 'no_regfullname');
1004                 if (!$loose_reg) {
1005                         $username = mb_convert_case($username, MB_CASE_TITLE, 'UTF-8');
1006                         if (strpos($username, ' ') === false) {
1007                                 throw new Exception(DI::l10n()->t("That doesn't appear to be your full (First Last) name."));
1008                         }
1009                 }
1010
1011                 if (!Network::isEmailDomainAllowed($email)) {
1012                         throw new Exception(DI::l10n()->t('Your email domain is not among those allowed on this site.'));
1013                 }
1014
1015                 if (!filter_var($email, FILTER_VALIDATE_EMAIL) || !Network::isEmailDomainValid($email)) {
1016                         throw new Exception(DI::l10n()->t('Not a valid email address.'));
1017                 }
1018                 if (self::isNicknameBlocked($nickname)) {
1019                         throw new Exception(DI::l10n()->t('The nickname was blocked from registration by the nodes admin.'));
1020                 }
1021
1022                 if (DI::config()->get('system', 'block_extended_register', false) && DBA::exists('user', ['email' => $email])) {
1023                         throw new Exception(DI::l10n()->t('Cannot use that email.'));
1024                 }
1025
1026                 // Disallow somebody creating an account using openid that uses the admin email address,
1027                 // since openid bypasses email verification. We'll allow it if there is not yet an admin account.
1028                 if (DI::config()->get('config', 'admin_email') && strlen($openid_url)) {
1029                         $adminlist = explode(',', str_replace(' ', '', strtolower(DI::config()->get('config', 'admin_email'))));
1030                         if (in_array(strtolower($email), $adminlist)) {
1031                                 throw new Exception(DI::l10n()->t('Cannot use that email.'));
1032                         }
1033                 }
1034
1035                 $nickname = $data['nickname'] = strtolower($nickname);
1036
1037                 if (!preg_match('/^[a-z0-9][a-z0-9_]*$/', $nickname)) {
1038                         throw new Exception(DI::l10n()->t('Your nickname can only contain a-z, 0-9 and _.'));
1039                 }
1040
1041                 // Check existing and deleted accounts for this nickname.
1042                 if (
1043                         DBA::exists('user', ['nickname' => $nickname])
1044                         || DBA::exists('userd', ['username' => $nickname])
1045                 ) {
1046                         throw new Exception(DI::l10n()->t('Nickname is already registered. Please choose another.'));
1047                 }
1048
1049                 $new_password = strlen($password) ? $password : User::generateNewPassword();
1050                 $new_password_encoded = self::hashPassword($new_password);
1051
1052                 $return['password'] = $new_password;
1053
1054                 $keys = Crypto::newKeypair(4096);
1055                 if ($keys === false) {
1056                         throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
1057                 }
1058
1059                 $prvkey = $keys['prvkey'];
1060                 $pubkey = $keys['pubkey'];
1061
1062                 // Create another keypair for signing/verifying salmon protocol messages.
1063                 $sres = Crypto::newKeypair(512);
1064                 $sprvkey = $sres['prvkey'];
1065                 $spubkey = $sres['pubkey'];
1066
1067                 $insert_result = DBA::insert('user', [
1068                         'guid'     => System::createUUID(),
1069                         'username' => $username,
1070                         'password' => $new_password_encoded,
1071                         'email'    => $email,
1072                         'openid'   => $openid_url,
1073                         'nickname' => $nickname,
1074                         'pubkey'   => $pubkey,
1075                         'prvkey'   => $prvkey,
1076                         'spubkey'  => $spubkey,
1077                         'sprvkey'  => $sprvkey,
1078                         'verified' => $verified,
1079                         'blocked'  => $blocked,
1080                         'language' => $language,
1081                         'timezone' => 'UTC',
1082                         'register_date' => DateTimeFormat::utcNow(),
1083                         'default-location' => ''
1084                 ]);
1085
1086                 if ($insert_result) {
1087                         $uid = DBA::lastInsertId();
1088                         $user = DBA::selectFirst('user', [], ['uid' => $uid]);
1089                 } else {
1090                         throw new Exception(DI::l10n()->t('An error occurred during registration. Please try again.'));
1091                 }
1092
1093                 if (!$uid) {
1094                         throw new Exception(DI::l10n()->t('An error occurred during registration. Please try again.'));
1095                 }
1096
1097                 // if somebody clicked submit twice very quickly, they could end up with two accounts
1098                 // due to race condition. Remove this one.
1099                 $user_count = DBA::count('user', ['nickname' => $nickname]);
1100                 if ($user_count > 1) {
1101                         DBA::delete('user', ['uid' => $uid]);
1102
1103                         throw new Exception(DI::l10n()->t('Nickname is already registered. Please choose another.'));
1104                 }
1105
1106                 $insert_result = DBA::insert('profile', [
1107                         'uid' => $uid,
1108                         'name' => $username,
1109                         'photo' => self::getAvatarUrl($user),
1110                         'thumb' => self::getAvatarUrl($user, Proxy::SIZE_THUMB),
1111                         'publish' => $publish,
1112                         'net-publish' => $netpublish,
1113                 ]);
1114                 if (!$insert_result) {
1115                         DBA::delete('user', ['uid' => $uid]);
1116
1117                         throw new Exception(DI::l10n()->t('An error occurred creating your default profile. Please try again.'));
1118                 }
1119
1120                 // Create the self contact
1121                 if (!Contact::createSelfFromUserId($uid)) {
1122                         DBA::delete('user', ['uid' => $uid]);
1123
1124                         throw new Exception(DI::l10n()->t('An error occurred creating your self contact. Please try again.'));
1125                 }
1126
1127                 // Create a group with no members. This allows somebody to use it
1128                 // right away as a default group for new contacts.
1129                 $def_gid = Group::create($uid, DI::l10n()->t('Friends'));
1130                 if (!$def_gid) {
1131                         DBA::delete('user', ['uid' => $uid]);
1132
1133                         throw new Exception(DI::l10n()->t('An error occurred creating your default contact group. Please try again.'));
1134                 }
1135
1136                 $fields = ['def_gid' => $def_gid];
1137                 if (DI::config()->get('system', 'newuser_private') && $def_gid) {
1138                         $fields['allow_gid'] = '<' . $def_gid . '>';
1139                 }
1140
1141                 DBA::update('user', $fields, ['uid' => $uid]);
1142
1143                 // if we have no OpenID photo try to look up an avatar
1144                 if (!strlen($photo)) {
1145                         $photo = Network::lookupAvatarByEmail($email);
1146                 }
1147
1148                 // unless there is no avatar-addon loaded
1149                 if (strlen($photo)) {
1150                         $photo_failure = false;
1151
1152                         $filename = basename($photo);
1153                         $curlResult = DI::httpClient()->get($photo);
1154                         if ($curlResult->isSuccess()) {
1155                                 $img_str = $curlResult->getBody();
1156                                 $type = $curlResult->getContentType();
1157                         } else {
1158                                 $img_str = '';
1159                                 $type = '';
1160                         }
1161
1162                         $type = Images::getMimeTypeByData($img_str, $photo, $type);
1163
1164                         $Image = new Image($img_str, $type);
1165                         if ($Image->isValid()) {
1166                                 $Image->scaleToSquare(300);
1167
1168                                 $resource_id = Photo::newResource();
1169
1170                                 // Not using Photo::PROFILE_PHOTOS here, so that it is discovered as translateble string
1171                                 $profile_album = DI::l10n()->t('Profile Photos');
1172
1173                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 4);
1174
1175                                 if ($r === false) {
1176                                         $photo_failure = true;
1177                                 }
1178
1179                                 $Image->scaleDown(80);
1180
1181                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 5);
1182
1183                                 if ($r === false) {
1184                                         $photo_failure = true;
1185                                 }
1186
1187                                 $Image->scaleDown(48);
1188
1189                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 6);
1190
1191                                 if ($r === false) {
1192                                         $photo_failure = true;
1193                                 }
1194
1195                                 if (!$photo_failure) {
1196                                         Photo::update(['profile' => true, 'photo-type' => Photo::USER_AVATAR], ['resource-id' => $resource_id]);
1197                                 }
1198                         }
1199
1200                         Contact::updateSelfFromUserID($uid, true);
1201                 }
1202
1203                 Hook::callAll('register_account', $uid);
1204
1205                 $return['user'] = $user;
1206                 return $return;
1207         }
1208
1209         /**
1210          * Update a user entry and distribute the changes if needed
1211          *
1212          * @param array $fields
1213          * @param integer $uid
1214          * @return boolean
1215          */
1216         public static function update(array $fields, int $uid): bool
1217         {
1218                 $old_owner = self::getOwnerDataById($uid);
1219                 if (empty($old_owner)) {
1220                         return false;
1221                 }
1222
1223                 if (!DBA::update('user', $fields, ['uid' => $uid])) {
1224                         return false;
1225                 }
1226
1227                 $update = Contact::updateSelfFromUserID($uid);
1228
1229                 $owner = self::getOwnerDataById($uid);
1230                 if (empty($owner)) {
1231                         return false;
1232                 }
1233
1234                 if ($old_owner['name'] != $owner['name']) {
1235                         Profile::update(['name' => $owner['name']], $uid);
1236                 }
1237
1238                 if ($update) {
1239                         Profile::publishUpdate($uid);
1240                 }
1241
1242                 return true;
1243         }
1244
1245         /**
1246          * Sets block state for a given user
1247          *
1248          * @param int  $uid   The user id
1249          * @param bool $block Block state (default is true)
1250          *
1251          * @return bool True, if successfully blocked
1252
1253          * @throws Exception
1254          */
1255         public static function block(int $uid, bool $block = true)
1256         {
1257                 return DBA::update('user', ['blocked' => $block], ['uid' => $uid]);
1258         }
1259
1260         /**
1261          * Allows a registration based on a hash
1262          *
1263          * @param string $hash
1264          *
1265          * @return bool True, if the allow was successful
1266          *
1267          * @throws HTTPException\InternalServerErrorException
1268          * @throws Exception
1269          */
1270         public static function allow(string $hash)
1271         {
1272                 $register = Register::getByHash($hash);
1273                 if (!DBA::isResult($register)) {
1274                         return false;
1275                 }
1276
1277                 $user = User::getById($register['uid']);
1278                 if (!DBA::isResult($user)) {
1279                         return false;
1280                 }
1281
1282                 Register::deleteByHash($hash);
1283
1284                 DBA::update('user', ['blocked' => false, 'verified' => true], ['uid' => $register['uid']]);
1285
1286                 $profile = DBA::selectFirst('profile', ['net-publish'], ['uid' => $register['uid']]);
1287
1288                 if (DBA::isResult($profile) && $profile['net-publish'] && DI::config()->get('system', 'directory')) {
1289                         $url = DI::baseUrl() . '/profile/' . $user['nickname'];
1290                         Worker::add(PRIORITY_LOW, "Directory", $url);
1291                 }
1292
1293                 $l10n = DI::l10n()->withLang($register['language']);
1294
1295                 return User::sendRegisterOpenEmail(
1296                         $l10n,
1297                         $user,
1298                         DI::config()->get('config', 'sitename'),
1299                         DI::baseUrl()->get(),
1300                         ($register['password'] ?? '') ?: 'Sent in a previous email'
1301                 );
1302         }
1303
1304         /**
1305          * Denys a pending registration
1306          *
1307          * @param string $hash The hash of the pending user
1308          *
1309          * This does not have to go through user_remove() and save the nickname
1310          * permanently against re-registration, as the person was not yet
1311          * allowed to have friends on this system
1312          *
1313          * @return bool True, if the deny was successfull
1314          * @throws Exception
1315          */
1316         public static function deny(string $hash)
1317         {
1318                 $register = Register::getByHash($hash);
1319                 if (!DBA::isResult($register)) {
1320                         return false;
1321                 }
1322
1323                 $user = User::getById($register['uid']);
1324                 if (!DBA::isResult($user)) {
1325                         return false;
1326                 }
1327
1328                 // Delete the avatar
1329                 Photo::delete(['uid' => $register['uid']]);
1330
1331                 return DBA::delete('user', ['uid' => $register['uid']]) &&
1332                        Register::deleteByHash($register['hash']);
1333         }
1334
1335         /**
1336          * Creates a new user based on a minimal set and sends an email to this user
1337          *
1338          * @param string $name  The user's name
1339          * @param string $email The user's email address
1340          * @param string $nick  The user's nick name
1341          * @param string $lang  The user's language (default is english)
1342          *
1343          * @return bool True, if the user was created successfully
1344          * @throws HTTPException\InternalServerErrorException
1345          * @throws ErrorException
1346          * @throws ImagickException
1347          */
1348         public static function createMinimal(string $name, string $email, string $nick, string $lang = L10n::DEFAULT)
1349         {
1350                 if (empty($name) ||
1351                     empty($email) ||
1352                     empty($nick)) {
1353                         throw new HTTPException\InternalServerErrorException('Invalid arguments.');
1354                 }
1355
1356                 $result = self::create([
1357                         'username' => $name,
1358                         'email' => $email,
1359                         'nickname' => $nick,
1360                         'verified' => 1,
1361                         'language' => $lang
1362                 ]);
1363
1364                 $user = $result['user'];
1365                 $preamble = Strings::deindent(DI::l10n()->t('
1366                 Dear %1$s,
1367                         the administrator of %2$s has set up an account for you.'));
1368                 $body = Strings::deindent(DI::l10n()->t('
1369                 The login details are as follows:
1370
1371                 Site Location:  %1$s
1372                 Login Name:             %2$s
1373                 Password:               %3$s
1374
1375                 You may change your password from your account "Settings" page after logging
1376                 in.
1377
1378                 Please take a few moments to review the other account settings on that page.
1379
1380                 You may also wish to add some basic information to your default profile
1381                 (on the "Profiles" page) so that other people can easily find you.
1382
1383                 We recommend setting your full name, adding a profile photo,
1384                 adding some profile "keywords" (very useful in making new friends) - and
1385                 perhaps what country you live in; if you do not wish to be more specific
1386                 than that.
1387
1388                 We fully respect your right to privacy, and none of these items are necessary.
1389                 If you are new and do not know anybody here, they may help
1390                 you to make some new and interesting friends.
1391
1392                 If you ever want to delete your account, you can do so at %1$s/removeme
1393
1394                 Thank you and welcome to %4$s.'));
1395
1396                 $preamble = sprintf($preamble, $user['username'], DI::config()->get('config', 'sitename'));
1397                 $body = sprintf($body, DI::baseUrl()->get(), $user['nickname'], $result['password'], DI::config()->get('config', 'sitename'));
1398
1399                 $email = DI::emailer()
1400                         ->newSystemMail()
1401                         ->withMessage(DI::l10n()->t('Registration details for %s', DI::config()->get('config', 'sitename')), $preamble, $body)
1402                         ->forUser($user)
1403                         ->withRecipient($user['email'])
1404                         ->build();
1405                 return DI::emailer()->send($email);
1406         }
1407
1408         /**
1409          * Sends pending registration confirmation email
1410          *
1411          * @param array  $user     User record array
1412          * @param string $sitename
1413          * @param string $siteurl
1414          * @param string $password Plaintext password
1415          * @return NULL|boolean from notification() and email() inherited
1416          * @throws HTTPException\InternalServerErrorException
1417          */
1418         public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password)
1419         {
1420                 $body = Strings::deindent(DI::l10n()->t(
1421                         '
1422                         Dear %1$s,
1423                                 Thank you for registering at %2$s. Your account is pending for approval by the administrator.
1424
1425                         Your login details are as follows:
1426
1427                         Site Location:  %3$s
1428                         Login Name:             %4$s
1429                         Password:               %5$s
1430                 ',
1431                         $user['username'],
1432                         $sitename,
1433                         $siteurl,
1434                         $user['nickname'],
1435                         $password
1436                 ));
1437
1438                 $email = DI::emailer()
1439                         ->newSystemMail()
1440                         ->withMessage(DI::l10n()->t('Registration at %s', $sitename), $body)
1441                         ->forUser($user)
1442                         ->withRecipient($user['email'])
1443                         ->build();
1444                 return DI::emailer()->send($email);
1445         }
1446
1447         /**
1448          * Sends registration confirmation
1449          *
1450          * It's here as a function because the mail is sent from different parts
1451          *
1452          * @param L10n   $l10n     The used language
1453          * @param array  $user     User record array
1454          * @param string $sitename
1455          * @param string $siteurl
1456          * @param string $password Plaintext password
1457          *
1458          * @return NULL|boolean from notification() and email() inherited
1459          * @throws HTTPException\InternalServerErrorException
1460          */
1461         public static function sendRegisterOpenEmail(L10n $l10n, $user, $sitename, $siteurl, $password)
1462         {
1463                 $preamble = Strings::deindent($l10n->t(
1464                         '
1465                                 Dear %1$s,
1466                                 Thank you for registering at %2$s. Your account has been created.
1467                         ',
1468                         $user['username'],
1469                         $sitename
1470                 ));
1471                 $body = Strings::deindent($l10n->t(
1472                         '
1473                         The login details are as follows:
1474
1475                         Site Location:  %3$s
1476                         Login Name:             %1$s
1477                         Password:               %5$s
1478
1479                         You may change your password from your account "Settings" page after logging
1480                         in.
1481
1482                         Please take a few moments to review the other account settings on that page.
1483
1484                         You may also wish to add some basic information to your default profile
1485                         ' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you.
1486
1487                         We recommend setting your full name, adding a profile photo,
1488                         adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and
1489                         perhaps what country you live in; if you do not wish to be more specific
1490                         than that.
1491
1492                         We fully respect your right to privacy, and none of these items are necessary.
1493                         If you are new and do not know anybody here, they may help
1494                         you to make some new and interesting friends.
1495
1496                         If you ever want to delete your account, you can do so at %3$s/removeme
1497
1498                         Thank you and welcome to %2$s.',
1499                         $user['nickname'],
1500                         $sitename,
1501                         $siteurl,
1502                         $user['username'],
1503                         $password
1504                 ));
1505
1506                 $email = DI::emailer()
1507                         ->newSystemMail()
1508                         ->withMessage(DI::l10n()->t('Registration details for %s', $sitename), $preamble, $body)
1509                         ->forUser($user)
1510                         ->withRecipient($user['email'])
1511                         ->build();
1512                 return DI::emailer()->send($email);
1513         }
1514
1515         /**
1516          * @param int $uid user to remove
1517          * @return bool
1518          * @throws HTTPException\InternalServerErrorException
1519          */
1520         public static function remove(int $uid)
1521         {
1522                 if (empty($uid)) {
1523                         return false;
1524                 }
1525
1526                 Logger::notice('Removing user', ['user' => $uid]);
1527
1528                 $user = DBA::selectFirst('user', [], ['uid' => $uid]);
1529
1530                 Hook::callAll('remove_user', $user);
1531
1532                 // save username (actually the nickname as it is guaranteed
1533                 // unique), so it cannot be re-registered in the future.
1534                 DBA::insert('userd', ['username' => $user['nickname']]);
1535
1536                 // Remove all personal settings, especially connector settings
1537                 DBA::delete('pconfig', ['uid' => $uid]);
1538
1539                 // The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
1540                 DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
1541                 Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
1542
1543                 // Send an update to the directory
1544                 $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);
1545                 Worker::add(PRIORITY_LOW, 'Directory', $self['url']);
1546
1547                 // Remove the user relevant data
1548                 Worker::add(PRIORITY_NEGLIGIBLE, 'RemoveUser', $uid);
1549
1550                 return true;
1551         }
1552
1553         /**
1554          * Return all identities to a user
1555          *
1556          * @param int $uid The user id
1557          * @return array All identities for this user
1558          *
1559          * Example for a return:
1560          *    [
1561          *        [
1562          *            'uid' => 1,
1563          *            'username' => 'maxmuster',
1564          *            'nickname' => 'Max Mustermann'
1565          *        ],
1566          *        [
1567          *            'uid' => 2,
1568          *            'username' => 'johndoe',
1569          *            'nickname' => 'John Doe'
1570          *        ]
1571          *    ]
1572          * @throws Exception
1573          */
1574         public static function identities($uid)
1575         {
1576                 if (empty($uid)) {
1577                         return [];
1578                 }
1579
1580                 $identities = [];
1581
1582                 $user = DBA::selectFirst('user', ['uid', 'nickname', 'username', 'parent-uid'], ['uid' => $uid]);
1583                 if (!DBA::isResult($user)) {
1584                         return $identities;
1585                 }
1586
1587                 if ($user['parent-uid'] == 0) {
1588                         // First add our own entry
1589                         $identities = [[
1590                                 'uid' => $user['uid'],
1591                                 'username' => $user['username'],
1592                                 'nickname' => $user['nickname']
1593                         ]];
1594
1595                         // Then add all the children
1596                         $r = DBA::select(
1597                                 'user',
1598                                 ['uid', 'username', 'nickname'],
1599                                 ['parent-uid' => $user['uid'], 'account_removed' => false]
1600                         );
1601                         if (DBA::isResult($r)) {
1602                                 $identities = array_merge($identities, DBA::toArray($r));
1603                         }
1604                 } else {
1605                         // First entry is our parent
1606                         $r = DBA::select(
1607                                 'user',
1608                                 ['uid', 'username', 'nickname'],
1609                                 ['uid' => $user['parent-uid'], 'account_removed' => false]
1610                         );
1611                         if (DBA::isResult($r)) {
1612                                 $identities = DBA::toArray($r);
1613                         }
1614
1615                         // Then add all siblings
1616                         $r = DBA::select(
1617                                 'user',
1618                                 ['uid', 'username', 'nickname'],
1619                                 ['parent-uid' => $user['parent-uid'], 'account_removed' => false]
1620                         );
1621                         if (DBA::isResult($r)) {
1622                                 $identities = array_merge($identities, DBA::toArray($r));
1623                         }
1624                 }
1625
1626                 $r = DBA::p(
1627                         "SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
1628                         FROM `manage`
1629                         INNER JOIN `user` ON `manage`.`mid` = `user`.`uid`
1630                         WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?",
1631                         $user['uid']
1632                 );
1633                 if (DBA::isResult($r)) {
1634                         $identities = array_merge($identities, DBA::toArray($r));
1635                 }
1636
1637                 return $identities;
1638         }
1639
1640         /**
1641          * Check if the given user id has delegations or is delegated
1642          *
1643          * @param int $uid
1644          * @return bool
1645          */
1646         public static function hasIdentities(int $uid):bool
1647         {
1648                 if (empty($uid)) {
1649                         return false;
1650                 }
1651
1652                 $user = DBA::selectFirst('user', ['parent-uid'], ['uid' => $uid, 'account_removed' => false]);
1653                 if (!DBA::isResult($user)) {
1654                         return false;
1655                 }
1656
1657                 if ($user['parent-uid'] != 0) {
1658                         return true;
1659                 }
1660
1661                 if (DBA::exists('user', ['parent-uid' => $uid, 'account_removed' => false])) {
1662                         return true;
1663                 }
1664
1665                 if (DBA::exists('manage', ['uid' => $uid])) {
1666                         return true;
1667                 }
1668
1669                 return false;
1670         }
1671
1672         /**
1673          * Returns statistical information about the current users of this node
1674          *
1675          * @return array
1676          *
1677          * @throws Exception
1678          */
1679         public static function getStatistics()
1680         {
1681                 $statistics = [
1682                         'total_users'           => 0,
1683                         'active_users_halfyear' => 0,
1684                         'active_users_monthly'  => 0,
1685                         'active_users_weekly'   => 0,
1686                 ];
1687
1688                 $userStmt = DBA::select('owner-view', ['uid', 'login_date', 'last-item'],
1689                         ["`verified` AND `login_date` > ? AND NOT `blocked`
1690                         AND NOT `account_removed` AND NOT `account_expired`",
1691                         DBA::NULL_DATETIME]);
1692                 if (!DBA::isResult($userStmt)) {
1693                         return $statistics;
1694                 }
1695
1696                 $halfyear = time() - (180 * 24 * 60 * 60);
1697                 $month = time() - (30 * 24 * 60 * 60);
1698                 $week = time() - (7 * 24 * 60 * 60);
1699
1700                 while ($user = DBA::fetch($userStmt)) {
1701                         $statistics['total_users']++;
1702
1703                         if ((strtotime($user['login_date']) > $halfyear) || (strtotime($user['last-item']) > $halfyear)
1704                         ) {
1705                                 $statistics['active_users_halfyear']++;
1706                         }
1707
1708                         if ((strtotime($user['login_date']) > $month) || (strtotime($user['last-item']) > $month)
1709                         ) {
1710                                 $statistics['active_users_monthly']++;
1711                         }
1712
1713                         if ((strtotime($user['login_date']) > $week) || (strtotime($user['last-item']) > $week)
1714                         ) {
1715                                 $statistics['active_users_weekly']++;
1716                         }
1717                 }
1718                 DBA::close($userStmt);
1719
1720                 return $statistics;
1721         }
1722
1723         /**
1724          * Get all users of the current node
1725          *
1726          * @param int    $start Start count (Default is 0)
1727          * @param int    $count Count of the items per page (Default is @see Pager::ITEMS_PER_PAGE)
1728          * @param string $type  The type of users, which should get (all, bocked, removed)
1729          * @param string $order Order of the user list (Default is 'contact.name')
1730          * @param bool   $descending Order direction (Default is ascending)
1731          *
1732          * @return array The list of the users
1733          * @throws Exception
1734          */
1735         public static function getList($start = 0, $count = Pager::ITEMS_PER_PAGE, $type = 'all', $order = 'name', bool $descending = false)
1736         {
1737                 $param = ['limit' => [$start, $count], 'order' => [$order => $descending]];
1738                 $condition = [];
1739                 switch ($type) {
1740                         case 'active':
1741                                 $condition['account_removed'] = false;
1742                                 $condition['blocked'] = false;
1743                                 break;
1744                         case 'blocked':
1745                                 $condition['account_removed'] = false;
1746                                 $condition['blocked'] = true;
1747                                 $condition['verified'] = true;
1748                                 break;
1749                         case 'removed':
1750                                 $condition['account_removed'] = true;
1751                                 break;
1752                 }
1753
1754                 return DBA::selectToArray('owner-view', [], $condition, $param);
1755         }
1756 }