]> git.mxchange.org Git - friendica.git/blob - src/Model/User.php
Merge pull request #11019 from foss-/develop
[friendica.git] / src / Model / User.php
1 <?php
2 /**
3  * @copyright Copyright (C) 2010-2021, the Friendica project
4  *
5  * @license GNU AGPL version 3 or any later version
6  *
7  * This program is free software: you can redistribute it and/or modify
8  * it under the terms of the GNU Affero General Public License as
9  * published by the Free Software Foundation, either version 3 of the
10  * License, or (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU Affero General Public License for more details.
16  *
17  * You should have received a copy of the GNU Affero General Public License
18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
19  *
20  */
21
22 namespace Friendica\Model;
23
24 use DivineOmega\DOFileCachePSR6\CacheItemPool;
25 use DivineOmega\PasswordExposed;
26 use ErrorException;
27 use Exception;
28 use Friendica\Content\Pager;
29 use Friendica\Core\Hook;
30 use Friendica\Core\L10n;
31 use Friendica\Core\Logger;
32 use Friendica\Core\Protocol;
33 use Friendica\Core\System;
34 use Friendica\Core\Worker;
35 use Friendica\Database\DBA;
36 use Friendica\DI;
37 use Friendica\Security\TwoFactor\Model\AppSpecificPassword;
38 use Friendica\Network\HTTPException;
39 use Friendica\Object\Image;
40 use Friendica\Util\Crypto;
41 use Friendica\Util\DateTimeFormat;
42 use Friendica\Util\Images;
43 use Friendica\Util\Network;
44 use Friendica\Util\Proxy;
45 use Friendica\Util\Strings;
46 use Friendica\Worker\Delivery;
47 use ImagickException;
48 use LightOpenID;
49
50 /**
51  * This class handles User related functions
52  */
53 class User
54 {
55         /**
56          * Page/profile types
57          *
58          * PAGE_FLAGS_NORMAL is a typical personal profile account
59          * PAGE_FLAGS_SOAPBOX automatically approves all friend requests as Contact::SHARING, (readonly)
60          * PAGE_FLAGS_COMMUNITY automatically approves all friend requests as Contact::SHARING, but with
61          *      write access to wall and comments (no email and not included in page owner's ACL lists)
62          * PAGE_FLAGS_FREELOVE automatically approves all friend requests as full friends (Contact::FRIEND).
63          *
64          * @{
65          */
66         const PAGE_FLAGS_NORMAL    = 0;
67         const PAGE_FLAGS_SOAPBOX   = 1;
68         const PAGE_FLAGS_COMMUNITY = 2;
69         const PAGE_FLAGS_FREELOVE  = 3;
70         const PAGE_FLAGS_BLOG      = 4;
71         const PAGE_FLAGS_PRVGROUP  = 5;
72         /**
73          * @}
74          */
75
76         /**
77          * Account types
78          *
79          * ACCOUNT_TYPE_PERSON - the account belongs to a person
80          *      Associated page types: PAGE_FLAGS_NORMAL, PAGE_FLAGS_SOAPBOX, PAGE_FLAGS_FREELOVE
81          *
82          * ACCOUNT_TYPE_ORGANISATION - the account belongs to an organisation
83          *      Associated page type: PAGE_FLAGS_SOAPBOX
84          *
85          * ACCOUNT_TYPE_NEWS - the account is a news reflector
86          *      Associated page type: PAGE_FLAGS_SOAPBOX
87          *
88          * ACCOUNT_TYPE_COMMUNITY - the account is community forum
89          *      Associated page types: PAGE_COMMUNITY, PAGE_FLAGS_PRVGROUP
90          *
91          * ACCOUNT_TYPE_RELAY - the account is a relay
92          *      This will only be assigned to contacts, not to user accounts
93          * @{
94          */
95         const ACCOUNT_TYPE_PERSON =       0;
96         const ACCOUNT_TYPE_ORGANISATION = 1;
97         const ACCOUNT_TYPE_NEWS =         2;
98         const ACCOUNT_TYPE_COMMUNITY =    3;
99         const ACCOUNT_TYPE_RELAY =        4;
100         const ACCOUNT_TYPE_DELETED =    127;
101         /**
102          * @}
103          */
104
105         private static $owner;
106
107         /**
108          * Returns the numeric account type by their string
109          *
110          * @param string $accounttype as string constant
111          * @return int|null Numeric account type - or null when not set
112          */
113         public static function getAccountTypeByString(string $accounttype)
114         {
115                 switch ($accounttype) {
116                         case 'person':
117                                 return User::ACCOUNT_TYPE_PERSON;
118                         case 'organisation':
119                                 return User::ACCOUNT_TYPE_ORGANISATION;
120                         case 'news':
121                                 return User::ACCOUNT_TYPE_NEWS;
122                         case 'community':
123                                 return User::ACCOUNT_TYPE_COMMUNITY;
124                         default:
125                                 return null;
126                         break;
127                 }
128         }
129
130         /**
131          * Fetch the system account
132          *
133          * @return array system account
134          */
135         public static function getSystemAccount()
136         {
137                 $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
138                 if (!DBA::isResult($system)) {
139                         self::createSystemAccount();
140                         $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
141                         if (!DBA::isResult($system)) {
142                                 return [];
143                         }
144                 }
145
146                 $system['sprvkey'] = $system['uprvkey'] = $system['prvkey'];
147                 $system['spubkey'] = $system['upubkey'] = $system['pubkey'];
148                 $system['nickname'] = $system['nick'];
149                 $system['page-flags'] = User::PAGE_FLAGS_SOAPBOX;
150                 $system['account-type'] = $system['contact-type'];
151                 $system['guid'] = '';
152                 $system['picdate'] = '';
153                 $system['theme'] = '';
154                 $system['publish'] = false;
155                 $system['net-publish'] = false;
156                 $system['hide-friends'] = true;
157                 $system['prv_keywords'] = '';
158                 $system['pub_keywords'] = '';
159                 $system['address'] = '';
160                 $system['locality'] = '';
161                 $system['region'] = '';
162                 $system['postal-code'] = '';
163                 $system['country-name'] = '';
164                 $system['homepage'] = DI::baseUrl()->get();
165                 $system['dob'] = '0000-00-00';
166
167                 // Ensure that the user contains data
168                 $user = DBA::selectFirst('user', ['prvkey', 'guid'], ['uid' => 0]);
169                 if (empty($user['prvkey']) || empty($user['guid'])) {
170                         $fields = [
171                                 'username' => $system['name'],
172                                 'nickname' => $system['nick'],
173                                 'register_date' => $system['created'],
174                                 'pubkey' => $system['pubkey'],
175                                 'prvkey' => $system['prvkey'],
176                                 'spubkey' => $system['spubkey'],
177                                 'sprvkey' => $system['sprvkey'],
178                                 'guid' => System::createUUID(),
179                                 'verified' => true,
180                                 'page-flags' => User::PAGE_FLAGS_SOAPBOX,
181                                 'account-type' => User::ACCOUNT_TYPE_RELAY,
182                         ];
183
184                         DBA::update('user', $fields, ['uid' => 0]);
185
186                         $system['guid'] = $fields['guid'];
187                 } else {
188                         $system['guid'] = $user['guid'];
189                 }
190
191                 return $system;
192         }
193
194         /**
195          * Create the system account
196          *
197          * @return void
198          */
199         private static function createSystemAccount()
200         {
201                 $system_actor_name = self::getActorName();
202                 if (empty($system_actor_name)) {
203                         return;
204                 }
205
206                 $keys = Crypto::newKeypair(4096);
207                 if ($keys === false) {
208                         throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
209                 }
210
211                 $system = [];
212                 $system['uid'] = 0;
213                 $system['created'] = DateTimeFormat::utcNow();
214                 $system['self'] = true;
215                 $system['network'] = Protocol::ACTIVITYPUB;
216                 $system['name'] = 'System Account';
217                 $system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname();
218                 $system['nick'] = $system_actor_name;
219                 $system['url'] = DI::baseUrl() . '/friendica';
220
221                 $system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);
222                 $system['thumb'] = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
223                 $system['micro'] = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
224
225                 $system['nurl'] = Strings::normaliseLink($system['url']);
226                 $system['pubkey'] = $keys['pubkey'];
227                 $system['prvkey'] = $keys['prvkey'];
228                 $system['blocked'] = 0;
229                 $system['pending'] = 0;
230                 $system['contact-type'] = Contact::TYPE_RELAY; // In AP this is translated to 'Application'
231                 $system['name-date'] = DateTimeFormat::utcNow();
232                 $system['uri-date'] = DateTimeFormat::utcNow();
233                 $system['avatar-date'] = DateTimeFormat::utcNow();
234                 $system['closeness'] = 0;
235                 $system['baseurl'] = DI::baseUrl();
236                 $system['gsid'] = GServer::getID($system['baseurl']);
237                 Contact::insert($system);
238         }
239
240         /**
241          * Detect a usable actor name
242          *
243          * @return string actor account name
244          */
245         public static function getActorName()
246         {
247                 $system_actor_name = DI::config()->get('system', 'actor_name');
248                 if (!empty($system_actor_name)) {
249                         $self = Contact::selectFirst(['nick'], ['uid' => 0, 'self' => true]);
250                         if (!empty($self['nick'])) {
251                                 if ($self['nick'] != $system_actor_name) {
252                                         // Reset the actor name to the already used name
253                                         DI::config()->set('system', 'actor_name', $self['nick']);
254                                         $system_actor_name = $self['nick'];
255                                 }
256                         }
257                         return $system_actor_name;
258                 }
259
260                 // List of possible actor names
261                 $possible_accounts = ['friendica', 'actor', 'system', 'internal'];
262                 foreach ($possible_accounts as $name) {
263                         if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire' => false]) &&
264                                 !DBA::exists('userd', ['username' => $name])) {
265                                 DI::config()->set('system', 'actor_name', $name);
266                                 return $name;
267                         }
268                 }
269                 return '';
270         }
271
272         /**
273          * Returns true if a user record exists with the provided id
274          *
275          * @param  integer $uid
276          * @return boolean
277          * @throws Exception
278          */
279         public static function exists($uid)
280         {
281                 return DBA::exists('user', ['uid' => $uid]);
282         }
283
284         /**
285          * @param  integer       $uid
286          * @param array          $fields
287          * @return array|boolean User record if it exists, false otherwise
288          * @throws Exception
289          */
290         public static function getById($uid, array $fields = [])
291         {
292                 return !empty($uid) ? DBA::selectFirst('user', $fields, ['uid' => $uid]) : [];
293         }
294
295         /**
296          * Returns a user record based on it's GUID
297          *
298          * @param string $guid   The guid of the user
299          * @param array  $fields The fields to retrieve
300          * @param bool   $active True, if only active records are searched
301          *
302          * @return array|boolean User record if it exists, false otherwise
303          * @throws Exception
304          */
305         public static function getByGuid(string $guid, array $fields = [], bool $active = true)
306         {
307                 if ($active) {
308                         $cond = ['guid' => $guid, 'account_expired' => false, 'account_removed' => false];
309                 } else {
310                         $cond = ['guid' => $guid];
311                 }
312
313                 return DBA::selectFirst('user', $fields, $cond);
314         }
315
316         /**
317          * @param  string        $nickname
318          * @param array          $fields
319          * @return array|boolean User record if it exists, false otherwise
320          * @throws Exception
321          */
322         public static function getByNickname($nickname, array $fields = [])
323         {
324                 return DBA::selectFirst('user', $fields, ['nickname' => $nickname]);
325         }
326
327         /**
328          * Returns the user id of a given profile URL
329          *
330          * @param string $url
331          *
332          * @return integer user id
333          * @throws Exception
334          */
335         public static function getIdForURL(string $url)
336         {
337                 // Avoid database queries when the local node hostname isn't even part of the url.
338                 if (!Contact::isLocal($url)) {
339                         return 0;
340                 }
341
342                 $self = Contact::selectFirst(['uid'], ['self' => true, 'nurl' => Strings::normaliseLink($url)]);
343                 if (!empty($self['uid'])) {
344                         return $self['uid'];
345                 }
346
347                 $self = Contact::selectFirst(['uid'], ['self' => true, 'addr' => $url]);
348                 if (!empty($self['uid'])) {
349                         return $self['uid'];
350                 }
351
352                 $self = Contact::selectFirst(['uid'], ['self' => true, 'alias' => [$url, Strings::normaliseLink($url)]]);
353                 if (!empty($self['uid'])) {
354                         return $self['uid'];
355                 }
356
357                 return 0;
358         }
359
360         /**
361          * Get a user based on its email
362          *
363          * @param string        $email
364          * @param array          $fields
365          *
366          * @return array|boolean User record if it exists, false otherwise
367          *
368          * @throws Exception
369          */
370         public static function getByEmail($email, array $fields = [])
371         {
372                 return DBA::selectFirst('user', $fields, ['email' => $email]);
373         }
374
375         /**
376          * Fetch the user array of the administrator. The first one if there are several.
377          *
378          * @param array $fields
379          * @return array user
380          */
381         public static function getFirstAdmin(array $fields = [])
382         {
383                 if (!empty(DI::config()->get('config', 'admin_nickname'))) {
384                         return self::getByNickname(DI::config()->get('config', 'admin_nickname'), $fields);
385                 } elseif (!empty(DI::config()->get('config', 'admin_email'))) {
386                         $adminList = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
387                         return self::getByEmail($adminList[0], $fields);
388                 } else {
389                         return [];
390                 }
391         }
392
393         /**
394          * Get owner data by user id
395          *
396          * @param int     $uid
397          * @param boolean $repairMissing Repair the owner data if it's missing
398          * @return boolean|array
399          * @throws Exception
400          */
401         public static function getOwnerDataById(int $uid, bool $repairMissing = true)
402         {
403                 if ($uid == 0) {
404                         return self::getSystemAccount();
405                 }
406
407                 if (!empty(self::$owner[$uid])) {
408                         return self::$owner[$uid];
409                 }
410
411                 $owner = DBA::selectFirst('owner-view', [], ['uid' => $uid]);
412                 if (!DBA::isResult($owner)) {
413                         if (!DBA::exists('user', ['uid' => $uid]) || !$repairMissing) {
414                                 return false;
415                         }
416                         if (!DBA::exists('profile', ['uid' => $uid])) {
417                                 DBA::insert('profile', ['uid' => $uid]);
418                         }
419                         if (!DBA::exists('contact', ['uid' => $uid, 'self' => true])) {
420                                 Contact::createSelfFromUserId($uid);
421                         }
422                         $owner = self::getOwnerDataById($uid, false);
423                 }
424
425                 if (empty($owner['nickname'])) {
426                         return false;
427                 }
428
429                 if (!$repairMissing || $owner['account_expired']) {
430                         return $owner;
431                 }
432
433                 // Check if the returned data is valid, otherwise fix it. See issue #6122
434
435                 // Check for correct url and normalised nurl
436                 $url = DI::baseUrl() . '/profile/' . $owner['nickname'];
437                 $repair = empty($owner['network']) || ($owner['url'] != $url) || ($owner['nurl'] != Strings::normaliseLink($owner['url']));
438
439                 if (!$repair) {
440                         // Check if "addr" is present and correct
441                         $addr = $owner['nickname'] . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
442                         $repair = ($addr != $owner['addr']) || empty($owner['prvkey']) || empty($owner['pubkey']);
443                 }
444
445                 if (!$repair) {
446                         // Check if the avatar field is filled and the photo directs to the correct path
447                         $avatar = Photo::selectFirst(['resource-id'], ['uid' => $uid, 'profile' => true]);
448                         if (DBA::isResult($avatar)) {
449                                 $repair = empty($owner['avatar']) || !strpos($owner['photo'], $avatar['resource-id']);
450                         }
451                 }
452
453                 if ($repair) {
454                         Contact::updateSelfFromUserID($uid);
455                         // Return the corrected data and avoid a loop
456                         $owner = self::getOwnerDataById($uid, false);
457                 }
458
459                 self::$owner[$uid] = $owner;
460                 return $owner;
461         }
462
463         /**
464          * Get owner data by nick name
465          *
466          * @param int $nick
467          * @return boolean|array
468          * @throws Exception
469          */
470         public static function getOwnerDataByNick($nick)
471         {
472                 $user = DBA::selectFirst('user', ['uid'], ['nickname' => $nick]);
473
474                 if (!DBA::isResult($user)) {
475                         return false;
476                 }
477
478                 return self::getOwnerDataById($user['uid']);
479         }
480
481         /**
482          * Returns the default group for a given user and network
483          *
484          * @param int $uid User id
485          *
486          * @return int group id
487          * @throws Exception
488          */
489         public static function getDefaultGroup($uid)
490         {
491                 $user = DBA::selectFirst('user', ['def_gid'], ['uid' => $uid]);
492                 if (DBA::isResult($user)) {
493                         $default_group = $user["def_gid"];
494                 } else {
495                         $default_group = 0;
496                 }
497
498                 return $default_group;
499         }
500
501         /**
502          * Authenticate a user with a clear text password
503          *
504          * Returns the user id associated with a successful password authentication
505          *
506          * @param mixed  $user_info
507          * @param string $password
508          * @param bool   $third_party
509          * @return int User Id if authentication is successful
510          * @throws HTTPException\ForbiddenException
511          * @throws HTTPException\NotFoundException
512          */
513         public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
514         {
515                 // Addons registered with the "authenticate" hook may create the user on the
516                 // fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
517                 // the user doesn't exist, we should give the addons a chance to create the
518                 // user in our database, if applicable, before re-throwing the exception if
519                 // they fail.
520                 try {
521                         $user = self::getAuthenticationInfo($user_info);
522                 } catch (Exception $e) {
523                         $username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
524
525                         // Addons can create users, and since this 'catch' branch should only
526                         // execute if getAuthenticationInfo can't find an existing user, that's
527                         // exactly what will happen here. Creating a numeric username would create
528                         // abiguity with user IDs, possibly opening up an attack vector.
529                         // So let's be very careful about that.
530                         if (empty($username) || is_numeric($username)) {
531                                 throw $e;
532                         }
533
534                         return self::getIdFromAuthenticateHooks($username, $password);
535                 }
536
537                 if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
538                         // Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
539                         if (AppSpecificPassword::authenticateUser($user['uid'], $password)) {
540                                 return $user['uid'];
541                         }
542                 } elseif (strpos($user['password'], '$') === false) {
543                         //Legacy hash that has not been replaced by a new hash yet
544                         if (self::hashPasswordLegacy($password) === $user['password']) {
545                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
546
547                                 return $user['uid'];
548                         }
549                 } elseif (!empty($user['legacy_password'])) {
550                         //Legacy hash that has been double-hashed and not replaced by a new hash yet
551                         //Warning: `legacy_password` is not necessary in sync with the content of `password`
552                         if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
553                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
554
555                                 return $user['uid'];
556                         }
557                 } elseif (password_verify($password, $user['password'])) {
558                         //New password hash
559                         if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
560                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
561                         }
562
563                         return $user['uid'];
564                 } else {
565                         return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
566                 }
567
568                 throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
569         }
570
571         /**
572          * Try to obtain a user ID via "authenticate" hook addons
573          *
574          * Returns the user id associated with a successful password authentication
575          *
576          * @param string $username
577          * @param string $password
578          * @return int User Id if authentication is successful
579          * @throws HTTPException\ForbiddenException
580          */
581         public static function getIdFromAuthenticateHooks($username, $password)
582         {
583                 $addon_auth = [
584                         'username'      => $username,
585                         'password'      => $password,
586                         'authenticated' => 0,
587                         'user_record'   => null
588                 ];
589
590                 /*
591                  * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
592                  * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
593                  * and later addons should not interfere with an earlier one that succeeded.
594                  */
595                 Hook::callAll('authenticate', $addon_auth);
596
597                 if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
598                         return $addon_auth['user_record']['uid'];
599                 }
600
601                 throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
602         }
603
604         /**
605          * Returns authentication info from various parameters types
606          *
607          * User info can be any of the following:
608          * - User DB object
609          * - User Id
610          * - User email or username or nickname
611          * - User array with at least the uid and the hashed password
612          *
613          * @param mixed $user_info
614          * @return array
615          * @throws HTTPException\NotFoundException
616          */
617         public static function getAuthenticationInfo($user_info)
618         {
619                 $user = null;
620
621                 if (is_object($user_info) || is_array($user_info)) {
622                         if (is_object($user_info)) {
623                                 $user = (array) $user_info;
624                         } else {
625                                 $user = $user_info;
626                         }
627
628                         if (
629                                 !isset($user['uid'])
630                                 || !isset($user['password'])
631                                 || !isset($user['legacy_password'])
632                         ) {
633                                 throw new Exception(DI::l10n()->t('Not enough information to authenticate'));
634                         }
635                 } elseif (is_int($user_info) || is_string($user_info)) {
636                         if (is_int($user_info)) {
637                                 $user = DBA::selectFirst(
638                                         'user',
639                                         ['uid', 'nickname', 'password', 'legacy_password'],
640                                         [
641                                                 'uid' => $user_info,
642                                                 'blocked' => 0,
643                                                 'account_expired' => 0,
644                                                 'account_removed' => 0,
645                                                 'verified' => 1
646                                         ]
647                                 );
648                         } else {
649                                 $fields = ['uid', 'nickname', 'password', 'legacy_password'];
650                                 $condition = [
651                                         "(`email` = ? OR `username` = ? OR `nickname` = ?)
652                                         AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
653                                         $user_info, $user_info, $user_info
654                                 ];
655                                 $user = DBA::selectFirst('user', $fields, $condition);
656                         }
657
658                         if (!DBA::isResult($user)) {
659                                 throw new HTTPException\NotFoundException(DI::l10n()->t('User not found'));
660                         }
661                 }
662
663                 return $user;
664         }
665
666         /**
667          * Generates a human-readable random password
668          *
669          * @return string
670          * @throws Exception
671          */
672         public static function generateNewPassword()
673         {
674                 return ucfirst(Strings::getRandomName(8)) . random_int(1000, 9999);
675         }
676
677         /**
678          * Checks if the provided plaintext password has been exposed or not
679          *
680          * @param string $password
681          * @return bool
682          * @throws Exception
683          */
684         public static function isPasswordExposed($password)
685         {
686                 $cache = new CacheItemPool();
687                 $cache->changeConfig([
688                         'cacheDirectory' => System::getTempPath() . '/password-exposed-cache/',
689                 ]);
690
691                 try {
692                         $passwordExposedChecker = new PasswordExposed\PasswordExposedChecker(null, $cache);
693
694                         return $passwordExposedChecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED;
695                 } catch (Exception $e) {
696                         Logger::error('Password Exposed Exception: ' . $e->getMessage(), [
697                                 'code' => $e->getCode(),
698                                 'file' => $e->getFile(),
699                                 'line' => $e->getLine(),
700                                 'trace' => $e->getTraceAsString()
701                         ]);
702
703                         return false;
704                 }
705         }
706
707         /**
708          * Legacy hashing function, kept for password migration purposes
709          *
710          * @param string $password
711          * @return string
712          */
713         private static function hashPasswordLegacy($password)
714         {
715                 return hash('whirlpool', $password);
716         }
717
718         /**
719          * Global user password hashing function
720          *
721          * @param string $password
722          * @return string
723          * @throws Exception
724          */
725         public static function hashPassword($password)
726         {
727                 if (!trim($password)) {
728                         throw new Exception(DI::l10n()->t('Password can\'t be empty'));
729                 }
730
731                 return password_hash($password, PASSWORD_DEFAULT);
732         }
733
734         /**
735          * Updates a user row with a new plaintext password
736          *
737          * @param int    $uid
738          * @param string $password
739          * @return bool
740          * @throws Exception
741          */
742         public static function updatePassword($uid, $password)
743         {
744                 $password = trim($password);
745
746                 if (empty($password)) {
747                         throw new Exception(DI::l10n()->t('Empty passwords are not allowed.'));
748                 }
749
750                 if (!DI::config()->get('system', 'disable_password_exposed', false) && self::isPasswordExposed($password)) {
751                         throw new Exception(DI::l10n()->t('The new password has been exposed in a public data dump, please choose another.'));
752                 }
753
754                 $allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
755
756                 if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) {
757                         throw new Exception(DI::l10n()->t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
758                 }
759
760                 return self::updatePasswordHashed($uid, self::hashPassword($password));
761         }
762
763         /**
764          * Updates a user row with a new hashed password.
765          * Empties the password reset token field just in case.
766          *
767          * @param int    $uid
768          * @param string $pasword_hashed
769          * @return bool
770          * @throws Exception
771          */
772         private static function updatePasswordHashed($uid, $pasword_hashed)
773         {
774                 $fields = [
775                         'password' => $pasword_hashed,
776                         'pwdreset' => null,
777                         'pwdreset_time' => null,
778                         'legacy_password' => false
779                 ];
780                 return DBA::update('user', $fields, ['uid' => $uid]);
781         }
782
783         /**
784          * Checks if a nickname is in the list of the forbidden nicknames
785          *
786          * Check if a nickname is forbidden from registration on the node by the
787          * admin. Forbidden nicknames (e.g. role namess) can be configured in the
788          * admin panel.
789          *
790          * @param string $nickname The nickname that should be checked
791          * @return boolean True is the nickname is blocked on the node
792          */
793         public static function isNicknameBlocked($nickname)
794         {
795                 $forbidden_nicknames = DI::config()->get('system', 'forbidden_nicknames', '');
796                 if (!empty($forbidden_nicknames)) {
797                         $forbidden = explode(',', $forbidden_nicknames);
798                         $forbidden = array_map('trim', $forbidden);
799                 } else {
800                         $forbidden = [];
801                 }
802
803                 // Add the name of the internal actor to the "forbidden" list
804                 $actor_name = self::getActorName();
805                 if (!empty($actor_name)) {
806                         $forbidden[] = $actor_name;
807                 }
808
809                 if (empty($forbidden)) {
810                         return false;
811                 }
812
813                 // check if the nickname is in the list of blocked nicknames
814                 if (in_array(strtolower($nickname), $forbidden)) {
815                         return true;
816                 }
817
818                 // else return false
819                 return false;
820         }
821
822         /**
823          * Get avatar link for given user
824          *
825          * @param array  $user
826          * @param string $size One of the Proxy::SIZE_* constants
827          * @return string avatar link
828          * @throws Exception
829          */
830         public static function getAvatarUrl(array $user, string $size = ''):string
831         {
832                 if (empty($user['nickname'])) {
833                         DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
834                 }
835
836                 $url = DI::baseUrl() . '/photo/';
837
838                 switch ($size) {
839                         case Proxy::SIZE_MICRO:
840                                 $url .= 'micro/';
841                                 $scale = 6;
842                                 break;
843                         case Proxy::SIZE_THUMB:
844                                 $url .= 'avatar/';
845                                 $scale = 5;
846                                 break;
847                         default:
848                                 $url .= 'profile/';
849                                 $scale = 4;
850                                 break;
851                 }
852
853                 $updated =  '';
854                 $imagetype = IMAGETYPE_JPEG;
855
856                 $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => $scale, 'uid' => $user['uid'], 'profile' => true]);
857                 if (!empty($photo)) {
858                         $updated = max($photo['created'], $photo['edited'], $photo['updated']);
859
860                         if (in_array($photo['type'], ['image/png', 'image/gif'])) {
861                                 $imagetype = IMAGETYPE_PNG;
862                         }
863                 }
864
865                 return $url . $user['nickname'] . image_type_to_extension($imagetype) . ($updated ? '?ts=' . strtotime($updated) : '');
866         }
867
868         /**
869          * Catch-all user creation function
870          *
871          * Creates a user from the provided data array, either form fields or OpenID.
872          * Required: { username, nickname, email } or { openid_url }
873          *
874          * Performs the following:
875          * - Sends to the OpenId auth URL (if relevant)
876          * - Creates new key pairs for crypto
877          * - Create self-contact
878          * - Create profile image
879          *
880          * @param  array $data
881          * @return array
882          * @throws ErrorException
883          * @throws HTTPException\InternalServerErrorException
884          * @throws ImagickException
885          * @throws Exception
886          */
887         public static function create(array $data)
888         {
889                 $return = ['user' => null, 'password' => ''];
890
891                 $using_invites = DI::config()->get('system', 'invitation_only');
892
893                 $invite_id  = !empty($data['invite_id'])  ? trim($data['invite_id'])  : '';
894                 $username   = !empty($data['username'])   ? trim($data['username'])   : '';
895                 $nickname   = !empty($data['nickname'])   ? trim($data['nickname'])   : '';
896                 $email      = !empty($data['email'])      ? trim($data['email'])      : '';
897                 $openid_url = !empty($data['openid_url']) ? trim($data['openid_url']) : '';
898                 $photo      = !empty($data['photo'])      ? trim($data['photo'])      : '';
899                 $password   = !empty($data['password'])   ? trim($data['password'])   : '';
900                 $password1  = !empty($data['password1'])  ? trim($data['password1'])  : '';
901                 $confirm    = !empty($data['confirm'])    ? trim($data['confirm'])    : '';
902                 $blocked    = !empty($data['blocked']);
903                 $verified   = !empty($data['verified']);
904                 $language   = !empty($data['language'])   ? trim($data['language'])   : 'en';
905
906                 $netpublish = $publish = !empty($data['profile_publish_reg']);
907
908                 if ($password1 != $confirm) {
909                         throw new Exception(DI::l10n()->t('Passwords do not match. Password unchanged.'));
910                 } elseif ($password1 != '') {
911                         $password = $password1;
912                 }
913
914                 if ($using_invites) {
915                         if (!$invite_id) {
916                                 throw new Exception(DI::l10n()->t('An invitation is required.'));
917                         }
918
919                         if (!Register::existsByHash($invite_id)) {
920                                 throw new Exception(DI::l10n()->t('Invitation could not be verified.'));
921                         }
922                 }
923
924                 /// @todo Check if this part is really needed. We should have fetched all this data in advance
925                 if (empty($username) || empty($email) || empty($nickname)) {
926                         if ($openid_url) {
927                                 if (!Network::isUrlValid($openid_url)) {
928                                         throw new Exception(DI::l10n()->t('Invalid OpenID url'));
929                                 }
930                                 $_SESSION['register'] = 1;
931                                 $_SESSION['openid'] = $openid_url;
932
933                                 $openid = new LightOpenID(DI::baseUrl()->getHostname());
934                                 $openid->identity = $openid_url;
935                                 $openid->returnUrl = DI::baseUrl() . '/openid';
936                                 $openid->required = ['namePerson/friendly', 'contact/email', 'namePerson'];
937                                 $openid->optional = ['namePerson/first', 'media/image/aspect11', 'media/image/default'];
938                                 try {
939                                         $authurl = $openid->authUrl();
940                                 } catch (Exception $e) {
941                                         throw new Exception(DI::l10n()->t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . DI::l10n()->t('The error message was:') . $e->getMessage(), 0, $e);
942                                 }
943                                 System::externalRedirect($authurl);
944                                 // NOTREACHED
945                         }
946
947                         throw new Exception(DI::l10n()->t('Please enter the required information.'));
948                 }
949
950                 if (!Network::isUrlValid($openid_url)) {
951                         $openid_url = '';
952                 }
953
954                 // collapse multiple spaces in name
955                 $username = preg_replace('/ +/', ' ', $username);
956
957                 $username_min_length = max(1, min(64, intval(DI::config()->get('system', 'username_min_length', 3))));
958                 $username_max_length = max(1, min(64, intval(DI::config()->get('system', 'username_max_length', 48))));
959
960                 if ($username_min_length > $username_max_length) {
961                         Logger::error(DI::l10n()->t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length));
962                         $tmp = $username_min_length;
963                         $username_min_length = $username_max_length;
964                         $username_max_length = $tmp;
965                 }
966
967                 if (mb_strlen($username) < $username_min_length) {
968                         throw new Exception(DI::l10n()->tt('Username should be at least %s character.', 'Username should be at least %s characters.', $username_min_length));
969                 }
970
971                 if (mb_strlen($username) > $username_max_length) {
972                         throw new Exception(DI::l10n()->tt('Username should be at most %s character.', 'Username should be at most %s characters.', $username_max_length));
973                 }
974
975                 // So now we are just looking for a space in the full name.
976                 $loose_reg = DI::config()->get('system', 'no_regfullname');
977                 if (!$loose_reg) {
978                         $username = mb_convert_case($username, MB_CASE_TITLE, 'UTF-8');
979                         if (strpos($username, ' ') === false) {
980                                 throw new Exception(DI::l10n()->t("That doesn't appear to be your full (First Last) name."));
981                         }
982                 }
983
984                 if (!Network::isEmailDomainAllowed($email)) {
985                         throw new Exception(DI::l10n()->t('Your email domain is not among those allowed on this site.'));
986                 }
987
988                 if (!filter_var($email, FILTER_VALIDATE_EMAIL) || !Network::isEmailDomainValid($email)) {
989                         throw new Exception(DI::l10n()->t('Not a valid email address.'));
990                 }
991                 if (self::isNicknameBlocked($nickname)) {
992                         throw new Exception(DI::l10n()->t('The nickname was blocked from registration by the nodes admin.'));
993                 }
994
995                 if (DI::config()->get('system', 'block_extended_register', false) && DBA::exists('user', ['email' => $email])) {
996                         throw new Exception(DI::l10n()->t('Cannot use that email.'));
997                 }
998
999                 // Disallow somebody creating an account using openid that uses the admin email address,
1000                 // since openid bypasses email verification. We'll allow it if there is not yet an admin account.
1001                 if (DI::config()->get('config', 'admin_email') && strlen($openid_url)) {
1002                         $adminlist = explode(',', str_replace(' ', '', strtolower(DI::config()->get('config', 'admin_email'))));
1003                         if (in_array(strtolower($email), $adminlist)) {
1004                                 throw new Exception(DI::l10n()->t('Cannot use that email.'));
1005                         }
1006                 }
1007
1008                 $nickname = $data['nickname'] = strtolower($nickname);
1009
1010                 if (!preg_match('/^[a-z0-9][a-z0-9_]*$/', $nickname)) {
1011                         throw new Exception(DI::l10n()->t('Your nickname can only contain a-z, 0-9 and _.'));
1012                 }
1013
1014                 // Check existing and deleted accounts for this nickname.
1015                 if (
1016                         DBA::exists('user', ['nickname' => $nickname])
1017                         || DBA::exists('userd', ['username' => $nickname])
1018                 ) {
1019                         throw new Exception(DI::l10n()->t('Nickname is already registered. Please choose another.'));
1020                 }
1021
1022                 $new_password = strlen($password) ? $password : User::generateNewPassword();
1023                 $new_password_encoded = self::hashPassword($new_password);
1024
1025                 $return['password'] = $new_password;
1026
1027                 $keys = Crypto::newKeypair(4096);
1028                 if ($keys === false) {
1029                         throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
1030                 }
1031
1032                 $prvkey = $keys['prvkey'];
1033                 $pubkey = $keys['pubkey'];
1034
1035                 // Create another keypair for signing/verifying salmon protocol messages.
1036                 $sres = Crypto::newKeypair(512);
1037                 $sprvkey = $sres['prvkey'];
1038                 $spubkey = $sres['pubkey'];
1039
1040                 $insert_result = DBA::insert('user', [
1041                         'guid'     => System::createUUID(),
1042                         'username' => $username,
1043                         'password' => $new_password_encoded,
1044                         'email'    => $email,
1045                         'openid'   => $openid_url,
1046                         'nickname' => $nickname,
1047                         'pubkey'   => $pubkey,
1048                         'prvkey'   => $prvkey,
1049                         'spubkey'  => $spubkey,
1050                         'sprvkey'  => $sprvkey,
1051                         'verified' => $verified,
1052                         'blocked'  => $blocked,
1053                         'language' => $language,
1054                         'timezone' => 'UTC',
1055                         'register_date' => DateTimeFormat::utcNow(),
1056                         'default-location' => ''
1057                 ]);
1058
1059                 if ($insert_result) {
1060                         $uid = DBA::lastInsertId();
1061                         $user = DBA::selectFirst('user', [], ['uid' => $uid]);
1062                 } else {
1063                         throw new Exception(DI::l10n()->t('An error occurred during registration. Please try again.'));
1064                 }
1065
1066                 if (!$uid) {
1067                         throw new Exception(DI::l10n()->t('An error occurred during registration. Please try again.'));
1068                 }
1069
1070                 // if somebody clicked submit twice very quickly, they could end up with two accounts
1071                 // due to race condition. Remove this one.
1072                 $user_count = DBA::count('user', ['nickname' => $nickname]);
1073                 if ($user_count > 1) {
1074                         DBA::delete('user', ['uid' => $uid]);
1075
1076                         throw new Exception(DI::l10n()->t('Nickname is already registered. Please choose another.'));
1077                 }
1078
1079                 $insert_result = DBA::insert('profile', [
1080                         'uid' => $uid,
1081                         'name' => $username,
1082                         'photo' => self::getAvatarUrl($user),
1083                         'thumb' => self::getAvatarUrl($user, Proxy::SIZE_THUMB),
1084                         'publish' => $publish,
1085                         'net-publish' => $netpublish,
1086                 ]);
1087                 if (!$insert_result) {
1088                         DBA::delete('user', ['uid' => $uid]);
1089
1090                         throw new Exception(DI::l10n()->t('An error occurred creating your default profile. Please try again.'));
1091                 }
1092
1093                 // Create the self contact
1094                 if (!Contact::createSelfFromUserId($uid)) {
1095                         DBA::delete('user', ['uid' => $uid]);
1096
1097                         throw new Exception(DI::l10n()->t('An error occurred creating your self contact. Please try again.'));
1098                 }
1099
1100                 // Create a group with no members. This allows somebody to use it
1101                 // right away as a default group for new contacts.
1102                 $def_gid = Group::create($uid, DI::l10n()->t('Friends'));
1103                 if (!$def_gid) {
1104                         DBA::delete('user', ['uid' => $uid]);
1105
1106                         throw new Exception(DI::l10n()->t('An error occurred creating your default contact group. Please try again.'));
1107                 }
1108
1109                 $fields = ['def_gid' => $def_gid];
1110                 if (DI::config()->get('system', 'newuser_private') && $def_gid) {
1111                         $fields['allow_gid'] = '<' . $def_gid . '>';
1112                 }
1113
1114                 DBA::update('user', $fields, ['uid' => $uid]);
1115
1116                 // if we have no OpenID photo try to look up an avatar
1117                 if (!strlen($photo)) {
1118                         $photo = Network::lookupAvatarByEmail($email);
1119                 }
1120
1121                 // unless there is no avatar-addon loaded
1122                 if (strlen($photo)) {
1123                         $photo_failure = false;
1124
1125                         $filename = basename($photo);
1126                         $curlResult = DI::httpClient()->get($photo);
1127                         if ($curlResult->isSuccess()) {
1128                                 $img_str = $curlResult->getBody();
1129                                 $type = $curlResult->getContentType();
1130                         } else {
1131                                 $img_str = '';
1132                                 $type = '';
1133                         }
1134
1135                         $type = Images::getMimeTypeByData($img_str, $photo, $type);
1136
1137                         $Image = new Image($img_str, $type);
1138                         if ($Image->isValid()) {
1139                                 $Image->scaleToSquare(300);
1140
1141                                 $resource_id = Photo::newResource();
1142
1143                                 // Not using Photo::PROFILE_PHOTOS here, so that it is discovered as translateble string
1144                                 $profile_album = DI::l10n()->t('Profile Photos');
1145
1146                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 4);
1147
1148                                 if ($r === false) {
1149                                         $photo_failure = true;
1150                                 }
1151
1152                                 $Image->scaleDown(80);
1153
1154                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 5);
1155
1156                                 if ($r === false) {
1157                                         $photo_failure = true;
1158                                 }
1159
1160                                 $Image->scaleDown(48);
1161
1162                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 6);
1163
1164                                 if ($r === false) {
1165                                         $photo_failure = true;
1166                                 }
1167
1168                                 if (!$photo_failure) {
1169                                         Photo::update(['profile' => true, 'photo-type' => Photo::USER_AVATAR], ['resource-id' => $resource_id]);
1170                                 }
1171                         }
1172
1173                         Contact::updateSelfFromUserID($uid, true);
1174                 }
1175
1176                 Hook::callAll('register_account', $uid);
1177
1178                 $return['user'] = $user;
1179                 return $return;
1180         }
1181
1182         /**
1183          * Update a user entry and distribute the changes if needed
1184          *
1185          * @param array $fields
1186          * @param integer $uid
1187          * @return boolean
1188          */
1189         public static function update(array $fields, int $uid): bool
1190         {
1191                 $old_owner = self::getOwnerDataById($uid);
1192                 if (empty($old_owner)) {
1193                         return false;
1194                 }
1195
1196                 if (!DBA::update('user', $fields, ['uid' => $uid])) {
1197                         return false;
1198                 }
1199
1200                 $update = Contact::updateSelfFromUserID($uid);
1201
1202                 $owner = self::getOwnerDataById($uid);
1203                 if (empty($owner)) {
1204                         return false;
1205                 }
1206
1207                 if ($old_owner['name'] != $owner['name']) {
1208                         Profile::update(['name' => $owner['name']], $uid);
1209                 }
1210
1211                 if ($update) {
1212                         Profile::publishUpdate($uid);
1213                 }
1214
1215                 return true;
1216         }
1217
1218         /**
1219          * Sets block state for a given user
1220          *
1221          * @param int  $uid   The user id
1222          * @param bool $block Block state (default is true)
1223          *
1224          * @return bool True, if successfully blocked
1225
1226          * @throws Exception
1227          */
1228         public static function block(int $uid, bool $block = true)
1229         {
1230                 return DBA::update('user', ['blocked' => $block], ['uid' => $uid]);
1231         }
1232
1233         /**
1234          * Allows a registration based on a hash
1235          *
1236          * @param string $hash
1237          *
1238          * @return bool True, if the allow was successful
1239          *
1240          * @throws HTTPException\InternalServerErrorException
1241          * @throws Exception
1242          */
1243         public static function allow(string $hash)
1244         {
1245                 $register = Register::getByHash($hash);
1246                 if (!DBA::isResult($register)) {
1247                         return false;
1248                 }
1249
1250                 $user = User::getById($register['uid']);
1251                 if (!DBA::isResult($user)) {
1252                         return false;
1253                 }
1254
1255                 Register::deleteByHash($hash);
1256
1257                 DBA::update('user', ['blocked' => false, 'verified' => true], ['uid' => $register['uid']]);
1258
1259                 $profile = DBA::selectFirst('profile', ['net-publish'], ['uid' => $register['uid']]);
1260
1261                 if (DBA::isResult($profile) && $profile['net-publish'] && DI::config()->get('system', 'directory')) {
1262                         $url = DI::baseUrl() . '/profile/' . $user['nickname'];
1263                         Worker::add(PRIORITY_LOW, "Directory", $url);
1264                 }
1265
1266                 $l10n = DI::l10n()->withLang($register['language']);
1267
1268                 return User::sendRegisterOpenEmail(
1269                         $l10n,
1270                         $user,
1271                         DI::config()->get('config', 'sitename'),
1272                         DI::baseUrl()->get(),
1273                         ($register['password'] ?? '') ?: 'Sent in a previous email'
1274                 );
1275         }
1276
1277         /**
1278          * Denys a pending registration
1279          *
1280          * @param string $hash The hash of the pending user
1281          *
1282          * This does not have to go through user_remove() and save the nickname
1283          * permanently against re-registration, as the person was not yet
1284          * allowed to have friends on this system
1285          *
1286          * @return bool True, if the deny was successfull
1287          * @throws Exception
1288          */
1289         public static function deny(string $hash)
1290         {
1291                 $register = Register::getByHash($hash);
1292                 if (!DBA::isResult($register)) {
1293                         return false;
1294                 }
1295
1296                 $user = User::getById($register['uid']);
1297                 if (!DBA::isResult($user)) {
1298                         return false;
1299                 }
1300
1301                 // Delete the avatar
1302                 Photo::delete(['uid' => $register['uid']]);
1303
1304                 return DBA::delete('user', ['uid' => $register['uid']]) &&
1305                        Register::deleteByHash($register['hash']);
1306         }
1307
1308         /**
1309          * Creates a new user based on a minimal set and sends an email to this user
1310          *
1311          * @param string $name  The user's name
1312          * @param string $email The user's email address
1313          * @param string $nick  The user's nick name
1314          * @param string $lang  The user's language (default is english)
1315          *
1316          * @return bool True, if the user was created successfully
1317          * @throws HTTPException\InternalServerErrorException
1318          * @throws ErrorException
1319          * @throws ImagickException
1320          */
1321         public static function createMinimal(string $name, string $email, string $nick, string $lang = L10n::DEFAULT)
1322         {
1323                 if (empty($name) ||
1324                     empty($email) ||
1325                     empty($nick)) {
1326                         throw new HTTPException\InternalServerErrorException('Invalid arguments.');
1327                 }
1328
1329                 $result = self::create([
1330                         'username' => $name,
1331                         'email' => $email,
1332                         'nickname' => $nick,
1333                         'verified' => 1,
1334                         'language' => $lang
1335                 ]);
1336
1337                 $user = $result['user'];
1338                 $preamble = Strings::deindent(DI::l10n()->t('
1339                 Dear %1$s,
1340                         the administrator of %2$s has set up an account for you.'));
1341                 $body = Strings::deindent(DI::l10n()->t('
1342                 The login details are as follows:
1343
1344                 Site Location:  %1$s
1345                 Login Name:             %2$s
1346                 Password:               %3$s
1347
1348                 You may change your password from your account "Settings" page after logging
1349                 in.
1350
1351                 Please take a few moments to review the other account settings on that page.
1352
1353                 You may also wish to add some basic information to your default profile
1354                 (on the "Profiles" page) so that other people can easily find you.
1355
1356                 We recommend setting your full name, adding a profile photo,
1357                 adding some profile "keywords" (very useful in making new friends) - and
1358                 perhaps what country you live in; if you do not wish to be more specific
1359                 than that.
1360
1361                 We fully respect your right to privacy, and none of these items are necessary.
1362                 If you are new and do not know anybody here, they may help
1363                 you to make some new and interesting friends.
1364
1365                 If you ever want to delete your account, you can do so at %1$s/removeme
1366
1367                 Thank you and welcome to %4$s.'));
1368
1369                 $preamble = sprintf($preamble, $user['username'], DI::config()->get('config', 'sitename'));
1370                 $body = sprintf($body, DI::baseUrl()->get(), $user['nickname'], $result['password'], DI::config()->get('config', 'sitename'));
1371
1372                 $email = DI::emailer()
1373                         ->newSystemMail()
1374                         ->withMessage(DI::l10n()->t('Registration details for %s', DI::config()->get('config', 'sitename')), $preamble, $body)
1375                         ->forUser($user)
1376                         ->withRecipient($user['email'])
1377                         ->build();
1378                 return DI::emailer()->send($email);
1379         }
1380
1381         /**
1382          * Sends pending registration confirmation email
1383          *
1384          * @param array  $user     User record array
1385          * @param string $sitename
1386          * @param string $siteurl
1387          * @param string $password Plaintext password
1388          * @return NULL|boolean from notification() and email() inherited
1389          * @throws HTTPException\InternalServerErrorException
1390          */
1391         public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password)
1392         {
1393                 $body = Strings::deindent(DI::l10n()->t(
1394                         '
1395                         Dear %1$s,
1396                                 Thank you for registering at %2$s. Your account is pending for approval by the administrator.
1397
1398                         Your login details are as follows:
1399
1400                         Site Location:  %3$s
1401                         Login Name:             %4$s
1402                         Password:               %5$s
1403                 ',
1404                         $user['username'],
1405                         $sitename,
1406                         $siteurl,
1407                         $user['nickname'],
1408                         $password
1409                 ));
1410
1411                 $email = DI::emailer()
1412                         ->newSystemMail()
1413                         ->withMessage(DI::l10n()->t('Registration at %s', $sitename), $body)
1414                         ->forUser($user)
1415                         ->withRecipient($user['email'])
1416                         ->build();
1417                 return DI::emailer()->send($email);
1418         }
1419
1420         /**
1421          * Sends registration confirmation
1422          *
1423          * It's here as a function because the mail is sent from different parts
1424          *
1425          * @param L10n   $l10n     The used language
1426          * @param array  $user     User record array
1427          * @param string $sitename
1428          * @param string $siteurl
1429          * @param string $password Plaintext password
1430          *
1431          * @return NULL|boolean from notification() and email() inherited
1432          * @throws HTTPException\InternalServerErrorException
1433          */
1434         public static function sendRegisterOpenEmail(L10n $l10n, $user, $sitename, $siteurl, $password)
1435         {
1436                 $preamble = Strings::deindent($l10n->t(
1437                         '
1438                                 Dear %1$s,
1439                                 Thank you for registering at %2$s. Your account has been created.
1440                         ',
1441                         $user['username'],
1442                         $sitename
1443                 ));
1444                 $body = Strings::deindent($l10n->t(
1445                         '
1446                         The login details are as follows:
1447
1448                         Site Location:  %3$s
1449                         Login Name:             %1$s
1450                         Password:               %5$s
1451
1452                         You may change your password from your account "Settings" page after logging
1453                         in.
1454
1455                         Please take a few moments to review the other account settings on that page.
1456
1457                         You may also wish to add some basic information to your default profile
1458                         ' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you.
1459
1460                         We recommend setting your full name, adding a profile photo,
1461                         adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and
1462                         perhaps what country you live in; if you do not wish to be more specific
1463                         than that.
1464
1465                         We fully respect your right to privacy, and none of these items are necessary.
1466                         If you are new and do not know anybody here, they may help
1467                         you to make some new and interesting friends.
1468
1469                         If you ever want to delete your account, you can do so at %3$s/removeme
1470
1471                         Thank you and welcome to %2$s.',
1472                         $user['nickname'],
1473                         $sitename,
1474                         $siteurl,
1475                         $user['username'],
1476                         $password
1477                 ));
1478
1479                 $email = DI::emailer()
1480                         ->newSystemMail()
1481                         ->withMessage(DI::l10n()->t('Registration details for %s', $sitename), $preamble, $body)
1482                         ->forUser($user)
1483                         ->withRecipient($user['email'])
1484                         ->build();
1485                 return DI::emailer()->send($email);
1486         }
1487
1488         /**
1489          * @param int $uid user to remove
1490          * @return bool
1491          * @throws HTTPException\InternalServerErrorException
1492          */
1493         public static function remove(int $uid)
1494         {
1495                 if (empty($uid)) {
1496                         return false;
1497                 }
1498
1499                 Logger::notice('Removing user', ['user' => $uid]);
1500
1501                 $user = DBA::selectFirst('user', [], ['uid' => $uid]);
1502
1503                 Hook::callAll('remove_user', $user);
1504
1505                 // save username (actually the nickname as it is guaranteed
1506                 // unique), so it cannot be re-registered in the future.
1507                 DBA::insert('userd', ['username' => $user['nickname']]);
1508
1509                 // Remove all personal settings, especially connector settings
1510                 DBA::delete('pconfig', ['uid' => $uid]);
1511
1512                 // The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
1513                 DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
1514                 Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
1515
1516                 // Send an update to the directory
1517                 $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);
1518                 Worker::add(PRIORITY_LOW, 'Directory', $self['url']);
1519
1520                 // Remove the user relevant data
1521                 Worker::add(PRIORITY_NEGLIGIBLE, 'RemoveUser', $uid);
1522
1523                 return true;
1524         }
1525
1526         /**
1527          * Return all identities to a user
1528          *
1529          * @param int $uid The user id
1530          * @return array All identities for this user
1531          *
1532          * Example for a return:
1533          *    [
1534          *        [
1535          *            'uid' => 1,
1536          *            'username' => 'maxmuster',
1537          *            'nickname' => 'Max Mustermann'
1538          *        ],
1539          *        [
1540          *            'uid' => 2,
1541          *            'username' => 'johndoe',
1542          *            'nickname' => 'John Doe'
1543          *        ]
1544          *    ]
1545          * @throws Exception
1546          */
1547         public static function identities($uid)
1548         {
1549                 if (empty($uid)) {
1550                         return [];
1551                 }
1552
1553                 $identities = [];
1554
1555                 $user = DBA::selectFirst('user', ['uid', 'nickname', 'username', 'parent-uid'], ['uid' => $uid]);
1556                 if (!DBA::isResult($user)) {
1557                         return $identities;
1558                 }
1559
1560                 if ($user['parent-uid'] == 0) {
1561                         // First add our own entry
1562                         $identities = [[
1563                                 'uid' => $user['uid'],
1564                                 'username' => $user['username'],
1565                                 'nickname' => $user['nickname']
1566                         ]];
1567
1568                         // Then add all the children
1569                         $r = DBA::select(
1570                                 'user',
1571                                 ['uid', 'username', 'nickname'],
1572                                 ['parent-uid' => $user['uid'], 'account_removed' => false]
1573                         );
1574                         if (DBA::isResult($r)) {
1575                                 $identities = array_merge($identities, DBA::toArray($r));
1576                         }
1577                 } else {
1578                         // First entry is our parent
1579                         $r = DBA::select(
1580                                 'user',
1581                                 ['uid', 'username', 'nickname'],
1582                                 ['uid' => $user['parent-uid'], 'account_removed' => false]
1583                         );
1584                         if (DBA::isResult($r)) {
1585                                 $identities = DBA::toArray($r);
1586                         }
1587
1588                         // Then add all siblings
1589                         $r = DBA::select(
1590                                 'user',
1591                                 ['uid', 'username', 'nickname'],
1592                                 ['parent-uid' => $user['parent-uid'], 'account_removed' => false]
1593                         );
1594                         if (DBA::isResult($r)) {
1595                                 $identities = array_merge($identities, DBA::toArray($r));
1596                         }
1597                 }
1598
1599                 $r = DBA::p(
1600                         "SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
1601                         FROM `manage`
1602                         INNER JOIN `user` ON `manage`.`mid` = `user`.`uid`
1603                         WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?",
1604                         $user['uid']
1605                 );
1606                 if (DBA::isResult($r)) {
1607                         $identities = array_merge($identities, DBA::toArray($r));
1608                 }
1609
1610                 return $identities;
1611         }
1612
1613         /**
1614          * Check if the given user id has delegations or is delegated
1615          *
1616          * @param int $uid
1617          * @return bool
1618          */
1619         public static function hasIdentities(int $uid):bool
1620         {
1621                 if (empty($uid)) {
1622                         return false;
1623                 }
1624
1625                 $user = DBA::selectFirst('user', ['parent-uid'], ['uid' => $uid, 'account_removed' => false]);
1626                 if (!DBA::isResult($user)) {
1627                         return false;
1628                 }
1629
1630                 if ($user['parent-uid'] != 0) {
1631                         return true;
1632                 }
1633
1634                 if (DBA::exists('user', ['parent-uid' => $uid, 'account_removed' => false])) {
1635                         return true;
1636                 }
1637
1638                 if (DBA::exists('manage', ['uid' => $uid])) {
1639                         return true;
1640                 }
1641
1642                 return false;
1643         }
1644
1645         /**
1646          * Returns statistical information about the current users of this node
1647          *
1648          * @return array
1649          *
1650          * @throws Exception
1651          */
1652         public static function getStatistics()
1653         {
1654                 $statistics = [
1655                         'total_users'           => 0,
1656                         'active_users_halfyear' => 0,
1657                         'active_users_monthly'  => 0,
1658                         'active_users_weekly'   => 0,
1659                 ];
1660
1661                 $userStmt = DBA::select('owner-view', ['uid', 'login_date', 'last-item'],
1662                         ["`verified` AND `login_date` > ? AND NOT `blocked`
1663                         AND NOT `account_removed` AND NOT `account_expired`",
1664                         DBA::NULL_DATETIME]);
1665                 if (!DBA::isResult($userStmt)) {
1666                         return $statistics;
1667                 }
1668
1669                 $halfyear = time() - (180 * 24 * 60 * 60);
1670                 $month = time() - (30 * 24 * 60 * 60);
1671                 $week = time() - (7 * 24 * 60 * 60);
1672
1673                 while ($user = DBA::fetch($userStmt)) {
1674                         $statistics['total_users']++;
1675
1676                         if ((strtotime($user['login_date']) > $halfyear) || (strtotime($user['last-item']) > $halfyear)
1677                         ) {
1678                                 $statistics['active_users_halfyear']++;
1679                         }
1680
1681                         if ((strtotime($user['login_date']) > $month) || (strtotime($user['last-item']) > $month)
1682                         ) {
1683                                 $statistics['active_users_monthly']++;
1684                         }
1685
1686                         if ((strtotime($user['login_date']) > $week) || (strtotime($user['last-item']) > $week)
1687                         ) {
1688                                 $statistics['active_users_weekly']++;
1689                         }
1690                 }
1691                 DBA::close($userStmt);
1692
1693                 return $statistics;
1694         }
1695
1696         /**
1697          * Get all users of the current node
1698          *
1699          * @param int    $start Start count (Default is 0)
1700          * @param int    $count Count of the items per page (Default is @see Pager::ITEMS_PER_PAGE)
1701          * @param string $type  The type of users, which should get (all, bocked, removed)
1702          * @param string $order Order of the user list (Default is 'contact.name')
1703          * @param bool   $descending Order direction (Default is ascending)
1704          *
1705          * @return array The list of the users
1706          * @throws Exception
1707          */
1708         public static function getList($start = 0, $count = Pager::ITEMS_PER_PAGE, $type = 'all', $order = 'name', bool $descending = false)
1709         {
1710                 $param = ['limit' => [$start, $count], 'order' => [$order => $descending]];
1711                 $condition = [];
1712                 switch ($type) {
1713                         case 'active':
1714                                 $condition['account_removed'] = false;
1715                                 $condition['blocked'] = false;
1716                                 break;
1717                         case 'blocked':
1718                                 $condition['account_removed'] = false;
1719                                 $condition['blocked'] = true;
1720                                 $condition['verified'] = true;
1721                                 break;
1722                         case 'removed':
1723                                 $condition['account_removed'] = true;
1724                                 break;
1725                 }
1726
1727                 return DBA::selectToArray('owner-view', [], $condition, $param);
1728         }
1729 }