]> git.mxchange.org Git - friendica.git/blob - src/Model/User.php
Partially revert changes for the RC
[friendica.git] / src / Model / User.php
1 <?php
2 /**
3  * @copyright Copyright (C) 2010-2022, the Friendica project
4  *
5  * @license GNU AGPL version 3 or any later version
6  *
7  * This program is free software: you can redistribute it and/or modify
8  * it under the terms of the GNU Affero General Public License as
9  * published by the Free Software Foundation, either version 3 of the
10  * License, or (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU Affero General Public License for more details.
16  *
17  * You should have received a copy of the GNU Affero General Public License
18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
19  *
20  */
21
22 namespace Friendica\Model;
23
24 use DivineOmega\DOFileCachePSR6\CacheItemPool;
25 use DivineOmega\PasswordExposed;
26 use ErrorException;
27 use Exception;
28 use Friendica\Content\Pager;
29 use Friendica\Core\Hook;
30 use Friendica\Core\L10n;
31 use Friendica\Core\Logger;
32 use Friendica\Core\Protocol;
33 use Friendica\Core\System;
34 use Friendica\Core\Worker;
35 use Friendica\Database\DBA;
36 use Friendica\DI;
37 use Friendica\Security\TwoFactor\Model\AppSpecificPassword;
38 use Friendica\Network\HTTPException;
39 use Friendica\Object\Image;
40 use Friendica\Util\Crypto;
41 use Friendica\Util\DateTimeFormat;
42 use Friendica\Util\Images;
43 use Friendica\Util\Network;
44 use Friendica\Util\Proxy;
45 use Friendica\Util\Strings;
46 use Friendica\Worker\Delivery;
47 use ImagickException;
48 use LightOpenID;
49
50 /**
51  * This class handles User related functions
52  */
53 class User
54 {
55         /**
56          * Page/profile types
57          *
58          * PAGE_FLAGS_NORMAL is a typical personal profile account
59          * PAGE_FLAGS_SOAPBOX automatically approves all friend requests as Contact::SHARING, (readonly)
60          * PAGE_FLAGS_COMMUNITY automatically approves all friend requests as Contact::SHARING, but with
61          *      write access to wall and comments (no email and not included in page owner's ACL lists)
62          * PAGE_FLAGS_FREELOVE automatically approves all friend requests as full friends (Contact::FRIEND).
63          *
64          * @{
65          */
66         const PAGE_FLAGS_NORMAL    = 0;
67         const PAGE_FLAGS_SOAPBOX   = 1;
68         const PAGE_FLAGS_COMMUNITY = 2;
69         const PAGE_FLAGS_FREELOVE  = 3;
70         const PAGE_FLAGS_BLOG      = 4;
71         const PAGE_FLAGS_PRVGROUP  = 5;
72         /**
73          * @}
74          */
75
76         /**
77          * Account types
78          *
79          * ACCOUNT_TYPE_PERSON - the account belongs to a person
80          *      Associated page types: PAGE_FLAGS_NORMAL, PAGE_FLAGS_SOAPBOX, PAGE_FLAGS_FREELOVE
81          *
82          * ACCOUNT_TYPE_ORGANISATION - the account belongs to an organisation
83          *      Associated page type: PAGE_FLAGS_SOAPBOX
84          *
85          * ACCOUNT_TYPE_NEWS - the account is a news reflector
86          *      Associated page type: PAGE_FLAGS_SOAPBOX
87          *
88          * ACCOUNT_TYPE_COMMUNITY - the account is community forum
89          *      Associated page types: PAGE_COMMUNITY, PAGE_FLAGS_PRVGROUP
90          *
91          * ACCOUNT_TYPE_RELAY - the account is a relay
92          *      This will only be assigned to contacts, not to user accounts
93          * @{
94          */
95         const ACCOUNT_TYPE_PERSON =       0;
96         const ACCOUNT_TYPE_ORGANISATION = 1;
97         const ACCOUNT_TYPE_NEWS =         2;
98         const ACCOUNT_TYPE_COMMUNITY =    3;
99         const ACCOUNT_TYPE_RELAY =        4;
100         const ACCOUNT_TYPE_DELETED =    127;
101         /**
102          * @}
103          */
104
105         private static $owner;
106
107         /**
108          * Returns the numeric account type by their string
109          *
110          * @param string $accounttype as string constant
111          * @return int|null Numeric account type - or null when not set
112          */
113         public static function getAccountTypeByString(string $accounttype)
114         {
115                 switch ($accounttype) {
116                         case 'person':
117                                 return User::ACCOUNT_TYPE_PERSON;
118                         case 'organisation':
119                                 return User::ACCOUNT_TYPE_ORGANISATION;
120                         case 'news':
121                                 return User::ACCOUNT_TYPE_NEWS;
122                         case 'community':
123                                 return User::ACCOUNT_TYPE_COMMUNITY;
124                         default:
125                                 return null;
126                         break;
127                 }
128         }
129
130         /**
131          * Fetch the system account
132          *
133          * @return array system account
134          */
135         public static function getSystemAccount()
136         {
137                 $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
138                 if (!DBA::isResult($system)) {
139                         self::createSystemAccount();
140                         $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]);
141                         if (!DBA::isResult($system)) {
142                                 return [];
143                         }
144                 }
145
146                 $system['sprvkey'] = $system['uprvkey'] = $system['prvkey'];
147                 $system['spubkey'] = $system['upubkey'] = $system['pubkey'];
148                 $system['nickname'] = $system['nick'];
149                 $system['page-flags'] = User::PAGE_FLAGS_SOAPBOX;
150                 $system['account-type'] = $system['contact-type'];
151                 $system['guid'] = '';
152                 $system['picdate'] = '';
153                 $system['theme'] = '';
154                 $system['publish'] = false;
155                 $system['net-publish'] = false;
156                 $system['hide-friends'] = true;
157                 $system['prv_keywords'] = '';
158                 $system['pub_keywords'] = '';
159                 $system['address'] = '';
160                 $system['locality'] = '';
161                 $system['region'] = '';
162                 $system['postal-code'] = '';
163                 $system['country-name'] = '';
164                 $system['homepage'] = DI::baseUrl()->get();
165                 $system['dob'] = '0000-00-00';
166
167                 // Ensure that the user contains data
168                 $user = DBA::selectFirst('user', ['prvkey', 'guid'], ['uid' => 0]);
169                 if (empty($user['prvkey']) || empty($user['guid'])) {
170                         $fields = [
171                                 'username' => $system['name'],
172                                 'nickname' => $system['nick'],
173                                 'register_date' => $system['created'],
174                                 'pubkey' => $system['pubkey'],
175                                 'prvkey' => $system['prvkey'],
176                                 'spubkey' => $system['spubkey'],
177                                 'sprvkey' => $system['sprvkey'],
178                                 'guid' => System::createUUID(),
179                                 'verified' => true,
180                                 'page-flags' => User::PAGE_FLAGS_SOAPBOX,
181                                 'account-type' => User::ACCOUNT_TYPE_RELAY,
182                         ];
183
184                         DBA::update('user', $fields, ['uid' => 0]);
185
186                         $system['guid'] = $fields['guid'];
187                 } else {
188                         $system['guid'] = $user['guid'];
189                 }
190
191                 return $system;
192         }
193
194         /**
195          * Create the system account
196          *
197          * @return void
198          */
199         private static function createSystemAccount()
200         {
201                 $system_actor_name = self::getActorName();
202                 if (empty($system_actor_name)) {
203                         return;
204                 }
205
206                 $keys = Crypto::newKeypair(4096);
207                 if ($keys === false) {
208                         throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
209                 }
210
211                 $system = [];
212                 $system['uid'] = 0;
213                 $system['created'] = DateTimeFormat::utcNow();
214                 $system['self'] = true;
215                 $system['network'] = Protocol::ACTIVITYPUB;
216                 $system['name'] = 'System Account';
217                 $system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname();
218                 $system['nick'] = $system_actor_name;
219                 $system['url'] = DI::baseUrl() . '/friendica';
220
221                 $system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);
222                 $system['thumb'] = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
223                 $system['micro'] = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
224
225                 $system['nurl'] = Strings::normaliseLink($system['url']);
226                 $system['pubkey'] = $keys['pubkey'];
227                 $system['prvkey'] = $keys['prvkey'];
228                 $system['blocked'] = 0;
229                 $system['pending'] = 0;
230                 $system['contact-type'] = Contact::TYPE_RELAY; // In AP this is translated to 'Application'
231                 $system['name-date'] = DateTimeFormat::utcNow();
232                 $system['uri-date'] = DateTimeFormat::utcNow();
233                 $system['avatar-date'] = DateTimeFormat::utcNow();
234                 $system['closeness'] = 0;
235                 $system['baseurl'] = DI::baseUrl();
236                 $system['gsid'] = GServer::getID($system['baseurl']);
237                 Contact::insert($system);
238         }
239
240         /**
241          * Detect a usable actor name
242          *
243          * @return string actor account name
244          */
245         public static function getActorName()
246         {
247                 $system_actor_name = DI::config()->get('system', 'actor_name');
248                 if (!empty($system_actor_name)) {
249                         $self = Contact::selectFirst(['nick'], ['uid' => 0, 'self' => true]);
250                         if (!empty($self['nick'])) {
251                                 if ($self['nick'] != $system_actor_name) {
252                                         // Reset the actor name to the already used name
253                                         DI::config()->set('system', 'actor_name', $self['nick']);
254                                         $system_actor_name = $self['nick'];
255                                 }
256                         }
257                         return $system_actor_name;
258                 }
259
260                 // List of possible actor names
261                 $possible_accounts = ['friendica', 'actor', 'system', 'internal'];
262                 foreach ($possible_accounts as $name) {
263                         if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire' => false]) &&
264                                 !DBA::exists('userd', ['username' => $name])) {
265                                 DI::config()->set('system', 'actor_name', $name);
266                                 return $name;
267                         }
268                 }
269                 return '';
270         }
271
272         /**
273          * Returns true if a user record exists with the provided id
274          *
275          * @param  integer $uid
276          * @return boolean
277          * @throws Exception
278          */
279         public static function exists($uid)
280         {
281                 return DBA::exists('user', ['uid' => $uid]);
282         }
283
284         /**
285          * @param  integer       $uid
286          * @param array          $fields
287          * @return array|boolean User record if it exists, false otherwise
288          * @throws Exception
289          */
290         public static function getById($uid, array $fields = [])
291         {
292                 return !empty($uid) ? DBA::selectFirst('user', $fields, ['uid' => $uid]) : [];
293         }
294
295         /**
296          * Returns a user record based on it's GUID
297          *
298          * @param string $guid   The guid of the user
299          * @param array  $fields The fields to retrieve
300          * @param bool   $active True, if only active records are searched
301          *
302          * @return array|boolean User record if it exists, false otherwise
303          * @throws Exception
304          */
305         public static function getByGuid(string $guid, array $fields = [], bool $active = true)
306         {
307                 if ($active) {
308                         $cond = ['guid' => $guid, 'account_expired' => false, 'account_removed' => false];
309                 } else {
310                         $cond = ['guid' => $guid];
311                 }
312
313                 return DBA::selectFirst('user', $fields, $cond);
314         }
315
316         /**
317          * @param  string        $nickname
318          * @param array          $fields
319          * @return array|boolean User record if it exists, false otherwise
320          * @throws Exception
321          */
322         public static function getByNickname($nickname, array $fields = [])
323         {
324                 return DBA::selectFirst('user', $fields, ['nickname' => $nickname]);
325         }
326
327         /**
328          * Returns the user id of a given profile URL
329          *
330          * @param string $url
331          *
332          * @return integer user id
333          * @throws Exception
334          */
335         public static function getIdForURL(string $url)
336         {
337                 // Avoid database queries when the local node hostname isn't even part of the url.
338                 if (!Contact::isLocal($url)) {
339                         return 0;
340                 }
341
342                 $self = Contact::selectFirst(['uid'], ['self' => true, 'nurl' => Strings::normaliseLink($url)]);
343                 if (!empty($self['uid'])) {
344                         return $self['uid'];
345                 }
346
347                 $self = Contact::selectFirst(['uid'], ['self' => true, 'addr' => $url]);
348                 if (!empty($self['uid'])) {
349                         return $self['uid'];
350                 }
351
352                 $self = Contact::selectFirst(['uid'], ['self' => true, 'alias' => [$url, Strings::normaliseLink($url)]]);
353                 if (!empty($self['uid'])) {
354                         return $self['uid'];
355                 }
356
357                 return 0;
358         }
359
360         /**
361          * Get a user based on its email
362          *
363          * @param string        $email
364          * @param array          $fields
365          *
366          * @return array|boolean User record if it exists, false otherwise
367          *
368          * @throws Exception
369          */
370         public static function getByEmail($email, array $fields = [])
371         {
372                 return DBA::selectFirst('user', $fields, ['email' => $email]);
373         }
374
375         /**
376          * Fetch the user array of the administrator. The first one if there are several.
377          *
378          * @param array $fields
379          * @return array user
380          */
381         public static function getFirstAdmin(array $fields = [])
382         {
383                 if (!empty(DI::config()->get('config', 'admin_nickname'))) {
384                         return self::getByNickname(DI::config()->get('config', 'admin_nickname'), $fields);
385                 } elseif (!empty(DI::config()->get('config', 'admin_email'))) {
386                         $adminList = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
387                         return self::getByEmail($adminList[0], $fields);
388                 } else {
389                         return [];
390                 }
391         }
392
393         /**
394          * Get owner data by user id
395          *
396          * @param int     $uid
397          * @param boolean $repairMissing Repair the owner data if it's missing
398          * @return boolean|array
399          * @throws Exception
400          */
401         public static function getOwnerDataById(int $uid, bool $repairMissing = true)
402         {
403                 if ($uid == 0) {
404                         return self::getSystemAccount();
405                 }
406
407                 if (!empty(self::$owner[$uid])) {
408                         return self::$owner[$uid];
409                 }
410
411                 $owner = DBA::selectFirst('owner-view', [], ['uid' => $uid]);
412                 if (!DBA::isResult($owner)) {
413                         if (!DBA::exists('user', ['uid' => $uid]) || !$repairMissing) {
414                                 return false;
415                         }
416                         if (!DBA::exists('profile', ['uid' => $uid])) {
417                                 DBA::insert('profile', ['uid' => $uid]);
418                         }
419                         if (!DBA::exists('contact', ['uid' => $uid, 'self' => true])) {
420                                 Contact::createSelfFromUserId($uid);
421                         }
422                         $owner = self::getOwnerDataById($uid, false);
423                 }
424
425                 if (empty($owner['nickname'])) {
426                         return false;
427                 }
428
429                 if (!$repairMissing || $owner['account_expired']) {
430                         return $owner;
431                 }
432
433                 // Check if the returned data is valid, otherwise fix it. See issue #6122
434
435                 // Check for correct url and normalised nurl
436                 $url = DI::baseUrl() . '/profile/' . $owner['nickname'];
437                 $repair = empty($owner['network']) || ($owner['url'] != $url) || ($owner['nurl'] != Strings::normaliseLink($owner['url']));
438
439                 if (!$repair) {
440                         // Check if "addr" is present and correct
441                         $addr = $owner['nickname'] . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
442                         $repair = ($addr != $owner['addr']) || empty($owner['prvkey']) || empty($owner['pubkey']);
443                 }
444
445                 if (!$repair) {
446                         // Check if the avatar field is filled and the photo directs to the correct path
447                         $avatar = Photo::selectFirst(['resource-id'], ['uid' => $uid, 'profile' => true]);
448                         if (DBA::isResult($avatar)) {
449                                 $repair = empty($owner['avatar']) || !strpos($owner['photo'], $avatar['resource-id']);
450                         }
451                 }
452
453                 if ($repair) {
454                         Contact::updateSelfFromUserID($uid);
455                         // Return the corrected data and avoid a loop
456                         $owner = self::getOwnerDataById($uid, false);
457                 }
458
459                 self::$owner[$uid] = $owner;
460                 return $owner;
461         }
462
463         /**
464          * Get owner data by nick name
465          *
466          * @param int $nick
467          * @return boolean|array
468          * @throws Exception
469          */
470         public static function getOwnerDataByNick($nick)
471         {
472                 $user = DBA::selectFirst('user', ['uid'], ['nickname' => $nick]);
473
474                 if (!DBA::isResult($user)) {
475                         return false;
476                 }
477
478                 return self::getOwnerDataById($user['uid']);
479         }
480
481         /**
482          * Returns the default group for a given user and network
483          *
484          * @param int $uid User id
485          *
486          * @return int group id
487          * @throws Exception
488          */
489         public static function getDefaultGroup($uid)
490         {
491                 $user = DBA::selectFirst('user', ['def_gid'], ['uid' => $uid]);
492                 if (DBA::isResult($user)) {
493                         $default_group = $user["def_gid"];
494                 } else {
495                         $default_group = 0;
496                 }
497
498                 return $default_group;
499         }
500
501         /**
502          * Authenticate a user with a clear text password
503          *
504          * Returns the user id associated with a successful password authentication
505          *
506          * @param mixed  $user_info
507          * @param string $password
508          * @param bool   $third_party
509          * @return int User Id if authentication is successful
510          * @throws HTTPException\ForbiddenException
511          * @throws HTTPException\NotFoundException
512          */
513         public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
514         {
515                 // Addons registered with the "authenticate" hook may create the user on the
516                 // fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
517                 // the user doesn't exist, we should give the addons a chance to create the
518                 // user in our database, if applicable, before re-throwing the exception if
519                 // they fail.
520                 try {
521                         $user = self::getAuthenticationInfo($user_info);
522                 } catch (Exception $e) {
523                         $username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');
524
525                         // Addons can create users, and since this 'catch' branch should only
526                         // execute if getAuthenticationInfo can't find an existing user, that's
527                         // exactly what will happen here. Creating a numeric username would create
528                         // abiguity with user IDs, possibly opening up an attack vector.
529                         // So let's be very careful about that.
530                         if (empty($username) || is_numeric($username)) {
531                                 throw $e;
532                         }
533
534                         return self::getIdFromAuthenticateHooks($username, $password);
535                 }
536
537                 if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
538                         // Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
539                         if (AppSpecificPassword::authenticateUser($user['uid'], $password)) {
540                                 return $user['uid'];
541                         }
542                 } elseif (strpos($user['password'], '$') === false) {
543                         //Legacy hash that has not been replaced by a new hash yet
544                         if (self::hashPasswordLegacy($password) === $user['password']) {
545                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
546
547                                 return $user['uid'];
548                         }
549                 } elseif (!empty($user['legacy_password'])) {
550                         //Legacy hash that has been double-hashed and not replaced by a new hash yet
551                         //Warning: `legacy_password` is not necessary in sync with the content of `password`
552                         if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
553                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
554
555                                 return $user['uid'];
556                         }
557                 } elseif (password_verify($password, $user['password'])) {
558                         //New password hash
559                         if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
560                                 self::updatePasswordHashed($user['uid'], self::hashPassword($password));
561                         }
562
563                         return $user['uid'];
564                 } else {
565                         return self::getIdFromAuthenticateHooks($user['nickname'], $password); // throws
566                 }
567
568                 throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
569         }
570
571         /**
572          * Try to obtain a user ID via "authenticate" hook addons
573          *
574          * Returns the user id associated with a successful password authentication
575          *
576          * @param string $username
577          * @param string $password
578          * @return int User Id if authentication is successful
579          * @throws HTTPException\ForbiddenException
580          */
581         public static function getIdFromAuthenticateHooks($username, $password)
582         {
583                 $addon_auth = [
584                         'username'      => $username,
585                         'password'      => $password,
586                         'authenticated' => 0,
587                         'user_record'   => null
588                 ];
589
590                 /*
591                  * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
592                  * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
593                  * and later addons should not interfere with an earlier one that succeeded.
594                  */
595                 Hook::callAll('authenticate', $addon_auth);
596
597                 if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
598                         return $addon_auth['user_record']['uid'];
599                 }
600
601                 throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
602         }
603
604         /**
605          * Returns authentication info from various parameters types
606          *
607          * User info can be any of the following:
608          * - User DB object
609          * - User Id
610          * - User email or username or nickname
611          * - User array with at least the uid and the hashed password
612          *
613          * @param mixed $user_info
614          * @return array
615          * @throws HTTPException\NotFoundException
616          */
617         public static function getAuthenticationInfo($user_info)
618         {
619                 $user = null;
620
621                 if (is_object($user_info) || is_array($user_info)) {
622                         if (is_object($user_info)) {
623                                 $user = (array) $user_info;
624                         } else {
625                                 $user = $user_info;
626                         }
627
628                         if (
629                                 !isset($user['uid'])
630                                 || !isset($user['password'])
631                                 || !isset($user['legacy_password'])
632                         ) {
633                                 throw new Exception(DI::l10n()->t('Not enough information to authenticate'));
634                         }
635                 } elseif (is_int($user_info) || is_string($user_info)) {
636                         if (is_int($user_info)) {
637                                 $user = DBA::selectFirst(
638                                         'user',
639                                         ['uid', 'nickname', 'password', 'legacy_password'],
640                                         [
641                                                 'uid' => $user_info,
642                                                 'blocked' => 0,
643                                                 'account_expired' => 0,
644                                                 'account_removed' => 0,
645                                                 'verified' => 1
646                                         ]
647                                 );
648                         } else {
649                                 $fields = ['uid', 'nickname', 'password', 'legacy_password'];
650                                 $condition = [
651                                         "(`email` = ? OR `username` = ? OR `nickname` = ?)
652                                         AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
653                                         $user_info, $user_info, $user_info
654                                 ];
655                                 $user = DBA::selectFirst('user', $fields, $condition);
656                         }
657
658                         if (!DBA::isResult($user)) {
659                                 throw new HTTPException\NotFoundException(DI::l10n()->t('User not found'));
660                         }
661                 }
662
663                 return $user;
664         }
665
666         /**
667          * Generates a human-readable random password
668          *
669          * @return string
670          * @throws Exception
671          */
672         public static function generateNewPassword()
673         {
674                 return ucfirst(Strings::getRandomName(8)) . random_int(1000, 9999);
675         }
676
677         /**
678          * Checks if the provided plaintext password has been exposed or not
679          *
680          * @param string $password
681          * @return bool
682          * @throws Exception
683          */
684         public static function isPasswordExposed($password)
685         {
686                 $cache = new CacheItemPool();
687                 $cache->changeConfig([
688                         'cacheDirectory' => System::getTempPath() . '/password-exposed-cache/',
689                 ]);
690
691                 try {
692                         $passwordExposedChecker = new PasswordExposed\PasswordExposedChecker(null, $cache);
693
694                         return $passwordExposedChecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED;
695                 } catch (Exception $e) {
696                         Logger::error('Password Exposed Exception: ' . $e->getMessage(), [
697                                 'code' => $e->getCode(),
698                                 'file' => $e->getFile(),
699                                 'line' => $e->getLine(),
700                                 'trace' => $e->getTraceAsString()
701                         ]);
702
703                         return false;
704                 }
705         }
706
707         /**
708          * Legacy hashing function, kept for password migration purposes
709          *
710          * @param string $password
711          * @return string
712          */
713         private static function hashPasswordLegacy($password)
714         {
715                 return hash('whirlpool', $password);
716         }
717
718         /**
719          * Global user password hashing function
720          *
721          * @param string $password
722          * @return string
723          * @throws Exception
724          */
725         public static function hashPassword($password)
726         {
727                 if (!trim($password)) {
728                         throw new Exception(DI::l10n()->t('Password can\'t be empty'));
729                 }
730
731                 return password_hash($password, PASSWORD_DEFAULT);
732         }
733
734         /**
735          * Updates a user row with a new plaintext password
736          *
737          * @param int    $uid
738          * @param string $password
739          * @return bool
740          * @throws Exception
741          */
742         public static function updatePassword($uid, $password)
743         {
744                 $password = trim($password);
745
746                 if (empty($password)) {
747                         throw new Exception(DI::l10n()->t('Empty passwords are not allowed.'));
748                 }
749
750                 if (!DI::config()->get('system', 'disable_password_exposed', false) && self::isPasswordExposed($password)) {
751                         throw new Exception(DI::l10n()->t('The new password has been exposed in a public data dump, please choose another.'));
752                 }
753
754                 $allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
755
756                 if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) {
757                         throw new Exception(DI::l10n()->t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
758                 }
759
760                 return self::updatePasswordHashed($uid, self::hashPassword($password));
761         }
762
763         /**
764          * Updates a user row with a new hashed password.
765          * Empties the password reset token field just in case.
766          *
767          * @param int    $uid
768          * @param string $pasword_hashed
769          * @return bool
770          * @throws Exception
771          */
772         private static function updatePasswordHashed($uid, $pasword_hashed)
773         {
774                 $fields = [
775                         'password' => $pasword_hashed,
776                         'pwdreset' => null,
777                         'pwdreset_time' => null,
778                         'legacy_password' => false
779                 ];
780                 return DBA::update('user', $fields, ['uid' => $uid]);
781         }
782
783         /**
784          * Checks if a nickname is in the list of the forbidden nicknames
785          *
786          * Check if a nickname is forbidden from registration on the node by the
787          * admin. Forbidden nicknames (e.g. role namess) can be configured in the
788          * admin panel.
789          *
790          * @param string $nickname The nickname that should be checked
791          * @return boolean True is the nickname is blocked on the node
792          */
793         public static function isNicknameBlocked($nickname)
794         {
795                 $forbidden_nicknames = DI::config()->get('system', 'forbidden_nicknames', '');
796                 if (!empty($forbidden_nicknames)) {
797                         $forbidden = explode(',', $forbidden_nicknames);
798                         $forbidden = array_map('trim', $forbidden);
799                 } else {
800                         $forbidden = [];
801                 }
802
803                 // Add the name of the internal actor to the "forbidden" list
804                 $actor_name = self::getActorName();
805                 if (!empty($actor_name)) {
806                         $forbidden[] = $actor_name;
807                 }
808
809                 if (empty($forbidden)) {
810                         return false;
811                 }
812
813                 // check if the nickname is in the list of blocked nicknames
814                 if (in_array(strtolower($nickname), $forbidden)) {
815                         return true;
816                 }
817
818                 // else return false
819                 return false;
820         }
821
822         /**
823          * Get avatar link for given user
824          *
825          * @param array  $user
826          * @param string $size One of the Proxy::SIZE_* constants
827          * @return string avatar link
828          * @throws Exception
829          */
830         public static function getAvatarUrl(array $user, string $size = ''):string
831         {
832                 if (empty($user['nickname'])) {
833                         DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
834                 }
835
836                 $url = DI::baseUrl() . '/photo/';
837
838                 switch ($size) {
839                         case Proxy::SIZE_MICRO:
840                                 $url .= 'micro/';
841                                 $scale = 6;
842                                 break;
843                         case Proxy::SIZE_THUMB:
844                                 $url .= 'avatar/';
845                                 $scale = 5;
846                                 break;
847                         default:
848                                 $url .= 'profile/';
849                                 $scale = 4;
850                                 break;
851                 }
852
853                 $updated =  '';
854                 $imagetype = IMAGETYPE_JPEG;
855
856                 $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => $scale, 'uid' => $user['uid'], 'profile' => true]);
857                 if (!empty($photo)) {
858                         $updated = max($photo['created'], $photo['edited'], $photo['updated']);
859
860                         if (in_array($photo['type'], ['image/png', 'image/gif'])) {
861                                 $imagetype = IMAGETYPE_PNG;
862                         }
863                 }
864
865                 return $url . $user['nickname'] . image_type_to_extension($imagetype) . ($updated ? '?ts=' . strtotime($updated) : '');
866         }
867
868         /**
869          * Get banner link for given user
870          *
871          * @param array  $user
872          * @return string banner link
873          * @throws Exception
874          */
875         public static function getBannerUrl(array $user):string
876         {
877                 if (empty($user['nickname'])) {
878                         DI::logger()->warning('Missing user nickname key', ['trace' => System::callstack(20)]);
879                 }
880
881                 $url = DI::baseUrl() . '/photo/banner/';
882
883                 $updated =  '';
884                 $imagetype = IMAGETYPE_JPEG;
885
886                 $photo = Photo::selectFirst(['type', 'created', 'edited', 'updated'], ["scale" => 3, 'uid' => $user['uid'], 'photo-type' => Photo::USER_BANNER]);
887                 if (!empty($photo)) {
888                         $updated = max($photo['created'], $photo['edited'], $photo['updated']);
889
890                         if (in_array($photo['type'], ['image/png', 'image/gif'])) {
891                                 $imagetype = IMAGETYPE_PNG;
892                         }
893                 } else {
894                         // Only for the RC phase: Don't return an image link for the default picture
895                         return '';
896                 }
897
898                 return $url . $user['nickname'] . image_type_to_extension($imagetype) . ($updated ? '?ts=' . strtotime($updated) : '');
899         }
900
901         /**
902          * Catch-all user creation function
903          *
904          * Creates a user from the provided data array, either form fields or OpenID.
905          * Required: { username, nickname, email } or { openid_url }
906          *
907          * Performs the following:
908          * - Sends to the OpenId auth URL (if relevant)
909          * - Creates new key pairs for crypto
910          * - Create self-contact
911          * - Create profile image
912          *
913          * @param  array $data
914          * @return array
915          * @throws ErrorException
916          * @throws HTTPException\InternalServerErrorException
917          * @throws ImagickException
918          * @throws Exception
919          */
920         public static function create(array $data)
921         {
922                 $return = ['user' => null, 'password' => ''];
923
924                 $using_invites = DI::config()->get('system', 'invitation_only');
925
926                 $invite_id  = !empty($data['invite_id'])  ? trim($data['invite_id'])  : '';
927                 $username   = !empty($data['username'])   ? trim($data['username'])   : '';
928                 $nickname   = !empty($data['nickname'])   ? trim($data['nickname'])   : '';
929                 $email      = !empty($data['email'])      ? trim($data['email'])      : '';
930                 $openid_url = !empty($data['openid_url']) ? trim($data['openid_url']) : '';
931                 $photo      = !empty($data['photo'])      ? trim($data['photo'])      : '';
932                 $password   = !empty($data['password'])   ? trim($data['password'])   : '';
933                 $password1  = !empty($data['password1'])  ? trim($data['password1'])  : '';
934                 $confirm    = !empty($data['confirm'])    ? trim($data['confirm'])    : '';
935                 $blocked    = !empty($data['blocked']);
936                 $verified   = !empty($data['verified']);
937                 $language   = !empty($data['language'])   ? trim($data['language'])   : 'en';
938
939                 $netpublish = $publish = !empty($data['profile_publish_reg']);
940
941                 if ($password1 != $confirm) {
942                         throw new Exception(DI::l10n()->t('Passwords do not match. Password unchanged.'));
943                 } elseif ($password1 != '') {
944                         $password = $password1;
945                 }
946
947                 if ($using_invites) {
948                         if (!$invite_id) {
949                                 throw new Exception(DI::l10n()->t('An invitation is required.'));
950                         }
951
952                         if (!Register::existsByHash($invite_id)) {
953                                 throw new Exception(DI::l10n()->t('Invitation could not be verified.'));
954                         }
955                 }
956
957                 /// @todo Check if this part is really needed. We should have fetched all this data in advance
958                 if (empty($username) || empty($email) || empty($nickname)) {
959                         if ($openid_url) {
960                                 if (!Network::isUrlValid($openid_url)) {
961                                         throw new Exception(DI::l10n()->t('Invalid OpenID url'));
962                                 }
963                                 $_SESSION['register'] = 1;
964                                 $_SESSION['openid'] = $openid_url;
965
966                                 $openid = new LightOpenID(DI::baseUrl()->getHostname());
967                                 $openid->identity = $openid_url;
968                                 $openid->returnUrl = DI::baseUrl() . '/openid';
969                                 $openid->required = ['namePerson/friendly', 'contact/email', 'namePerson'];
970                                 $openid->optional = ['namePerson/first', 'media/image/aspect11', 'media/image/default'];
971                                 try {
972                                         $authurl = $openid->authUrl();
973                                 } catch (Exception $e) {
974                                         throw new Exception(DI::l10n()->t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . DI::l10n()->t('The error message was:') . $e->getMessage(), 0, $e);
975                                 }
976                                 System::externalRedirect($authurl);
977                                 // NOTREACHED
978                         }
979
980                         throw new Exception(DI::l10n()->t('Please enter the required information.'));
981                 }
982
983                 if (!Network::isUrlValid($openid_url)) {
984                         $openid_url = '';
985                 }
986
987                 // collapse multiple spaces in name
988                 $username = preg_replace('/ +/', ' ', $username);
989
990                 $username_min_length = max(1, min(64, intval(DI::config()->get('system', 'username_min_length', 3))));
991                 $username_max_length = max(1, min(64, intval(DI::config()->get('system', 'username_max_length', 48))));
992
993                 if ($username_min_length > $username_max_length) {
994                         Logger::error(DI::l10n()->t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length));
995                         $tmp = $username_min_length;
996                         $username_min_length = $username_max_length;
997                         $username_max_length = $tmp;
998                 }
999
1000                 if (mb_strlen($username) < $username_min_length) {
1001                         throw new Exception(DI::l10n()->tt('Username should be at least %s character.', 'Username should be at least %s characters.', $username_min_length));
1002                 }
1003
1004                 if (mb_strlen($username) > $username_max_length) {
1005                         throw new Exception(DI::l10n()->tt('Username should be at most %s character.', 'Username should be at most %s characters.', $username_max_length));
1006                 }
1007
1008                 // So now we are just looking for a space in the full name.
1009                 $loose_reg = DI::config()->get('system', 'no_regfullname');
1010                 if (!$loose_reg) {
1011                         $username = mb_convert_case($username, MB_CASE_TITLE, 'UTF-8');
1012                         if (strpos($username, ' ') === false) {
1013                                 throw new Exception(DI::l10n()->t("That doesn't appear to be your full (First Last) name."));
1014                         }
1015                 }
1016
1017                 if (!Network::isEmailDomainAllowed($email)) {
1018                         throw new Exception(DI::l10n()->t('Your email domain is not among those allowed on this site.'));
1019                 }
1020
1021                 if (!filter_var($email, FILTER_VALIDATE_EMAIL) || !Network::isEmailDomainValid($email)) {
1022                         throw new Exception(DI::l10n()->t('Not a valid email address.'));
1023                 }
1024                 if (self::isNicknameBlocked($nickname)) {
1025                         throw new Exception(DI::l10n()->t('The nickname was blocked from registration by the nodes admin.'));
1026                 }
1027
1028                 if (DI::config()->get('system', 'block_extended_register', false) && DBA::exists('user', ['email' => $email])) {
1029                         throw new Exception(DI::l10n()->t('Cannot use that email.'));
1030                 }
1031
1032                 // Disallow somebody creating an account using openid that uses the admin email address,
1033                 // since openid bypasses email verification. We'll allow it if there is not yet an admin account.
1034                 if (DI::config()->get('config', 'admin_email') && strlen($openid_url)) {
1035                         $adminlist = explode(',', str_replace(' ', '', strtolower(DI::config()->get('config', 'admin_email'))));
1036                         if (in_array(strtolower($email), $adminlist)) {
1037                                 throw new Exception(DI::l10n()->t('Cannot use that email.'));
1038                         }
1039                 }
1040
1041                 $nickname = $data['nickname'] = strtolower($nickname);
1042
1043                 if (!preg_match('/^[a-z0-9][a-z0-9_]*$/', $nickname)) {
1044                         throw new Exception(DI::l10n()->t('Your nickname can only contain a-z, 0-9 and _.'));
1045                 }
1046
1047                 // Check existing and deleted accounts for this nickname.
1048                 if (
1049                         DBA::exists('user', ['nickname' => $nickname])
1050                         || DBA::exists('userd', ['username' => $nickname])
1051                 ) {
1052                         throw new Exception(DI::l10n()->t('Nickname is already registered. Please choose another.'));
1053                 }
1054
1055                 $new_password = strlen($password) ? $password : User::generateNewPassword();
1056                 $new_password_encoded = self::hashPassword($new_password);
1057
1058                 $return['password'] = $new_password;
1059
1060                 $keys = Crypto::newKeypair(4096);
1061                 if ($keys === false) {
1062                         throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
1063                 }
1064
1065                 $prvkey = $keys['prvkey'];
1066                 $pubkey = $keys['pubkey'];
1067
1068                 // Create another keypair for signing/verifying salmon protocol messages.
1069                 $sres = Crypto::newKeypair(512);
1070                 $sprvkey = $sres['prvkey'];
1071                 $spubkey = $sres['pubkey'];
1072
1073                 $insert_result = DBA::insert('user', [
1074                         'guid'     => System::createUUID(),
1075                         'username' => $username,
1076                         'password' => $new_password_encoded,
1077                         'email'    => $email,
1078                         'openid'   => $openid_url,
1079                         'nickname' => $nickname,
1080                         'pubkey'   => $pubkey,
1081                         'prvkey'   => $prvkey,
1082                         'spubkey'  => $spubkey,
1083                         'sprvkey'  => $sprvkey,
1084                         'verified' => $verified,
1085                         'blocked'  => $blocked,
1086                         'language' => $language,
1087                         'timezone' => 'UTC',
1088                         'register_date' => DateTimeFormat::utcNow(),
1089                         'default-location' => ''
1090                 ]);
1091
1092                 if ($insert_result) {
1093                         $uid = DBA::lastInsertId();
1094                         $user = DBA::selectFirst('user', [], ['uid' => $uid]);
1095                 } else {
1096                         throw new Exception(DI::l10n()->t('An error occurred during registration. Please try again.'));
1097                 }
1098
1099                 if (!$uid) {
1100                         throw new Exception(DI::l10n()->t('An error occurred during registration. Please try again.'));
1101                 }
1102
1103                 // if somebody clicked submit twice very quickly, they could end up with two accounts
1104                 // due to race condition. Remove this one.
1105                 $user_count = DBA::count('user', ['nickname' => $nickname]);
1106                 if ($user_count > 1) {
1107                         DBA::delete('user', ['uid' => $uid]);
1108
1109                         throw new Exception(DI::l10n()->t('Nickname is already registered. Please choose another.'));
1110                 }
1111
1112                 $insert_result = DBA::insert('profile', [
1113                         'uid' => $uid,
1114                         'name' => $username,
1115                         'photo' => self::getAvatarUrl($user),
1116                         'thumb' => self::getAvatarUrl($user, Proxy::SIZE_THUMB),
1117                         'publish' => $publish,
1118                         'net-publish' => $netpublish,
1119                 ]);
1120                 if (!$insert_result) {
1121                         DBA::delete('user', ['uid' => $uid]);
1122
1123                         throw new Exception(DI::l10n()->t('An error occurred creating your default profile. Please try again.'));
1124                 }
1125
1126                 // Create the self contact
1127                 if (!Contact::createSelfFromUserId($uid)) {
1128                         DBA::delete('user', ['uid' => $uid]);
1129
1130                         throw new Exception(DI::l10n()->t('An error occurred creating your self contact. Please try again.'));
1131                 }
1132
1133                 // Create a group with no members. This allows somebody to use it
1134                 // right away as a default group for new contacts.
1135                 $def_gid = Group::create($uid, DI::l10n()->t('Friends'));
1136                 if (!$def_gid) {
1137                         DBA::delete('user', ['uid' => $uid]);
1138
1139                         throw new Exception(DI::l10n()->t('An error occurred creating your default contact group. Please try again.'));
1140                 }
1141
1142                 $fields = ['def_gid' => $def_gid];
1143                 if (DI::config()->get('system', 'newuser_private') && $def_gid) {
1144                         $fields['allow_gid'] = '<' . $def_gid . '>';
1145                 }
1146
1147                 DBA::update('user', $fields, ['uid' => $uid]);
1148
1149                 // if we have no OpenID photo try to look up an avatar
1150                 if (!strlen($photo)) {
1151                         $photo = Network::lookupAvatarByEmail($email);
1152                 }
1153
1154                 // unless there is no avatar-addon loaded
1155                 if (strlen($photo)) {
1156                         $photo_failure = false;
1157
1158                         $filename = basename($photo);
1159                         $curlResult = DI::httpClient()->get($photo);
1160                         if ($curlResult->isSuccess()) {
1161                                 $img_str = $curlResult->getBody();
1162                                 $type = $curlResult->getContentType();
1163                         } else {
1164                                 $img_str = '';
1165                                 $type = '';
1166                         }
1167
1168                         $type = Images::getMimeTypeByData($img_str, $photo, $type);
1169
1170                         $Image = new Image($img_str, $type);
1171                         if ($Image->isValid()) {
1172                                 $Image->scaleToSquare(300);
1173
1174                                 $resource_id = Photo::newResource();
1175
1176                                 // Not using Photo::PROFILE_PHOTOS here, so that it is discovered as translateble string
1177                                 $profile_album = DI::l10n()->t('Profile Photos');
1178
1179                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 4);
1180
1181                                 if ($r === false) {
1182                                         $photo_failure = true;
1183                                 }
1184
1185                                 $Image->scaleDown(80);
1186
1187                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 5);
1188
1189                                 if ($r === false) {
1190                                         $photo_failure = true;
1191                                 }
1192
1193                                 $Image->scaleDown(48);
1194
1195                                 $r = Photo::store($Image, $uid, 0, $resource_id, $filename, $profile_album, 6);
1196
1197                                 if ($r === false) {
1198                                         $photo_failure = true;
1199                                 }
1200
1201                                 if (!$photo_failure) {
1202                                         Photo::update(['profile' => true, 'photo-type' => Photo::USER_AVATAR], ['resource-id' => $resource_id]);
1203                                 }
1204                         }
1205
1206                         Contact::updateSelfFromUserID($uid, true);
1207                 }
1208
1209                 Hook::callAll('register_account', $uid);
1210
1211                 $return['user'] = $user;
1212                 return $return;
1213         }
1214
1215         /**
1216          * Update a user entry and distribute the changes if needed
1217          *
1218          * @param array $fields
1219          * @param integer $uid
1220          * @return boolean
1221          */
1222         public static function update(array $fields, int $uid): bool
1223         {
1224                 $old_owner = self::getOwnerDataById($uid);
1225                 if (empty($old_owner)) {
1226                         return false;
1227                 }
1228
1229                 if (!DBA::update('user', $fields, ['uid' => $uid])) {
1230                         return false;
1231                 }
1232
1233                 $update = Contact::updateSelfFromUserID($uid);
1234
1235                 $owner = self::getOwnerDataById($uid);
1236                 if (empty($owner)) {
1237                         return false;
1238                 }
1239
1240                 if ($old_owner['name'] != $owner['name']) {
1241                         Profile::update(['name' => $owner['name']], $uid);
1242                 }
1243
1244                 if ($update) {
1245                         Profile::publishUpdate($uid);
1246                 }
1247
1248                 return true;
1249         }
1250
1251         /**
1252          * Sets block state for a given user
1253          *
1254          * @param int  $uid   The user id
1255          * @param bool $block Block state (default is true)
1256          *
1257          * @return bool True, if successfully blocked
1258
1259          * @throws Exception
1260          */
1261         public static function block(int $uid, bool $block = true)
1262         {
1263                 return DBA::update('user', ['blocked' => $block], ['uid' => $uid]);
1264         }
1265
1266         /**
1267          * Allows a registration based on a hash
1268          *
1269          * @param string $hash
1270          *
1271          * @return bool True, if the allow was successful
1272          *
1273          * @throws HTTPException\InternalServerErrorException
1274          * @throws Exception
1275          */
1276         public static function allow(string $hash)
1277         {
1278                 $register = Register::getByHash($hash);
1279                 if (!DBA::isResult($register)) {
1280                         return false;
1281                 }
1282
1283                 $user = User::getById($register['uid']);
1284                 if (!DBA::isResult($user)) {
1285                         return false;
1286                 }
1287
1288                 Register::deleteByHash($hash);
1289
1290                 DBA::update('user', ['blocked' => false, 'verified' => true], ['uid' => $register['uid']]);
1291
1292                 $profile = DBA::selectFirst('profile', ['net-publish'], ['uid' => $register['uid']]);
1293
1294                 if (DBA::isResult($profile) && $profile['net-publish'] && DI::config()->get('system', 'directory')) {
1295                         $url = DI::baseUrl() . '/profile/' . $user['nickname'];
1296                         Worker::add(PRIORITY_LOW, "Directory", $url);
1297                 }
1298
1299                 $l10n = DI::l10n()->withLang($register['language']);
1300
1301                 return User::sendRegisterOpenEmail(
1302                         $l10n,
1303                         $user,
1304                         DI::config()->get('config', 'sitename'),
1305                         DI::baseUrl()->get(),
1306                         ($register['password'] ?? '') ?: 'Sent in a previous email'
1307                 );
1308         }
1309
1310         /**
1311          * Denys a pending registration
1312          *
1313          * @param string $hash The hash of the pending user
1314          *
1315          * This does not have to go through user_remove() and save the nickname
1316          * permanently against re-registration, as the person was not yet
1317          * allowed to have friends on this system
1318          *
1319          * @return bool True, if the deny was successfull
1320          * @throws Exception
1321          */
1322         public static function deny(string $hash)
1323         {
1324                 $register = Register::getByHash($hash);
1325                 if (!DBA::isResult($register)) {
1326                         return false;
1327                 }
1328
1329                 $user = User::getById($register['uid']);
1330                 if (!DBA::isResult($user)) {
1331                         return false;
1332                 }
1333
1334                 // Delete the avatar
1335                 Photo::delete(['uid' => $register['uid']]);
1336
1337                 return DBA::delete('user', ['uid' => $register['uid']]) &&
1338                        Register::deleteByHash($register['hash']);
1339         }
1340
1341         /**
1342          * Creates a new user based on a minimal set and sends an email to this user
1343          *
1344          * @param string $name  The user's name
1345          * @param string $email The user's email address
1346          * @param string $nick  The user's nick name
1347          * @param string $lang  The user's language (default is english)
1348          *
1349          * @return bool True, if the user was created successfully
1350          * @throws HTTPException\InternalServerErrorException
1351          * @throws ErrorException
1352          * @throws ImagickException
1353          */
1354         public static function createMinimal(string $name, string $email, string $nick, string $lang = L10n::DEFAULT)
1355         {
1356                 if (empty($name) ||
1357                     empty($email) ||
1358                     empty($nick)) {
1359                         throw new HTTPException\InternalServerErrorException('Invalid arguments.');
1360                 }
1361
1362                 $result = self::create([
1363                         'username' => $name,
1364                         'email' => $email,
1365                         'nickname' => $nick,
1366                         'verified' => 1,
1367                         'language' => $lang
1368                 ]);
1369
1370                 $user = $result['user'];
1371                 $preamble = Strings::deindent(DI::l10n()->t('
1372                 Dear %1$s,
1373                         the administrator of %2$s has set up an account for you.'));
1374                 $body = Strings::deindent(DI::l10n()->t('
1375                 The login details are as follows:
1376
1377                 Site Location:  %1$s
1378                 Login Name:             %2$s
1379                 Password:               %3$s
1380
1381                 You may change your password from your account "Settings" page after logging
1382                 in.
1383
1384                 Please take a few moments to review the other account settings on that page.
1385
1386                 You may also wish to add some basic information to your default profile
1387                 (on the "Profiles" page) so that other people can easily find you.
1388
1389                 We recommend setting your full name, adding a profile photo,
1390                 adding some profile "keywords" (very useful in making new friends) - and
1391                 perhaps what country you live in; if you do not wish to be more specific
1392                 than that.
1393
1394                 We fully respect your right to privacy, and none of these items are necessary.
1395                 If you are new and do not know anybody here, they may help
1396                 you to make some new and interesting friends.
1397
1398                 If you ever want to delete your account, you can do so at %1$s/removeme
1399
1400                 Thank you and welcome to %4$s.'));
1401
1402                 $preamble = sprintf($preamble, $user['username'], DI::config()->get('config', 'sitename'));
1403                 $body = sprintf($body, DI::baseUrl()->get(), $user['nickname'], $result['password'], DI::config()->get('config', 'sitename'));
1404
1405                 $email = DI::emailer()
1406                         ->newSystemMail()
1407                         ->withMessage(DI::l10n()->t('Registration details for %s', DI::config()->get('config', 'sitename')), $preamble, $body)
1408                         ->forUser($user)
1409                         ->withRecipient($user['email'])
1410                         ->build();
1411                 return DI::emailer()->send($email);
1412         }
1413
1414         /**
1415          * Sends pending registration confirmation email
1416          *
1417          * @param array  $user     User record array
1418          * @param string $sitename
1419          * @param string $siteurl
1420          * @param string $password Plaintext password
1421          * @return NULL|boolean from notification() and email() inherited
1422          * @throws HTTPException\InternalServerErrorException
1423          */
1424         public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password)
1425         {
1426                 $body = Strings::deindent(DI::l10n()->t(
1427                         '
1428                         Dear %1$s,
1429                                 Thank you for registering at %2$s. Your account is pending for approval by the administrator.
1430
1431                         Your login details are as follows:
1432
1433                         Site Location:  %3$s
1434                         Login Name:             %4$s
1435                         Password:               %5$s
1436                 ',
1437                         $user['username'],
1438                         $sitename,
1439                         $siteurl,
1440                         $user['nickname'],
1441                         $password
1442                 ));
1443
1444                 $email = DI::emailer()
1445                         ->newSystemMail()
1446                         ->withMessage(DI::l10n()->t('Registration at %s', $sitename), $body)
1447                         ->forUser($user)
1448                         ->withRecipient($user['email'])
1449                         ->build();
1450                 return DI::emailer()->send($email);
1451         }
1452
1453         /**
1454          * Sends registration confirmation
1455          *
1456          * It's here as a function because the mail is sent from different parts
1457          *
1458          * @param L10n   $l10n     The used language
1459          * @param array  $user     User record array
1460          * @param string $sitename
1461          * @param string $siteurl
1462          * @param string $password Plaintext password
1463          *
1464          * @return NULL|boolean from notification() and email() inherited
1465          * @throws HTTPException\InternalServerErrorException
1466          */
1467         public static function sendRegisterOpenEmail(L10n $l10n, $user, $sitename, $siteurl, $password)
1468         {
1469                 $preamble = Strings::deindent($l10n->t(
1470                         '
1471                                 Dear %1$s,
1472                                 Thank you for registering at %2$s. Your account has been created.
1473                         ',
1474                         $user['username'],
1475                         $sitename
1476                 ));
1477                 $body = Strings::deindent($l10n->t(
1478                         '
1479                         The login details are as follows:
1480
1481                         Site Location:  %3$s
1482                         Login Name:             %1$s
1483                         Password:               %5$s
1484
1485                         You may change your password from your account "Settings" page after logging
1486                         in.
1487
1488                         Please take a few moments to review the other account settings on that page.
1489
1490                         You may also wish to add some basic information to your default profile
1491                         ' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you.
1492
1493                         We recommend setting your full name, adding a profile photo,
1494                         adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and
1495                         perhaps what country you live in; if you do not wish to be more specific
1496                         than that.
1497
1498                         We fully respect your right to privacy, and none of these items are necessary.
1499                         If you are new and do not know anybody here, they may help
1500                         you to make some new and interesting friends.
1501
1502                         If you ever want to delete your account, you can do so at %3$s/removeme
1503
1504                         Thank you and welcome to %2$s.',
1505                         $user['nickname'],
1506                         $sitename,
1507                         $siteurl,
1508                         $user['username'],
1509                         $password
1510                 ));
1511
1512                 $email = DI::emailer()
1513                         ->newSystemMail()
1514                         ->withMessage(DI::l10n()->t('Registration details for %s', $sitename), $preamble, $body)
1515                         ->forUser($user)
1516                         ->withRecipient($user['email'])
1517                         ->build();
1518                 return DI::emailer()->send($email);
1519         }
1520
1521         /**
1522          * @param int $uid user to remove
1523          * @return bool
1524          * @throws HTTPException\InternalServerErrorException
1525          */
1526         public static function remove(int $uid)
1527         {
1528                 if (empty($uid)) {
1529                         return false;
1530                 }
1531
1532                 Logger::notice('Removing user', ['user' => $uid]);
1533
1534                 $user = DBA::selectFirst('user', [], ['uid' => $uid]);
1535
1536                 Hook::callAll('remove_user', $user);
1537
1538                 // save username (actually the nickname as it is guaranteed
1539                 // unique), so it cannot be re-registered in the future.
1540                 DBA::insert('userd', ['username' => $user['nickname']]);
1541
1542                 // Remove all personal settings, especially connector settings
1543                 DBA::delete('pconfig', ['uid' => $uid]);
1544
1545                 // The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
1546                 DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
1547                 Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
1548
1549                 // Send an update to the directory
1550                 $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);
1551                 Worker::add(PRIORITY_LOW, 'Directory', $self['url']);
1552
1553                 // Remove the user relevant data
1554                 Worker::add(PRIORITY_NEGLIGIBLE, 'RemoveUser', $uid);
1555
1556                 return true;
1557         }
1558
1559         /**
1560          * Return all identities to a user
1561          *
1562          * @param int $uid The user id
1563          * @return array All identities for this user
1564          *
1565          * Example for a return:
1566          *    [
1567          *        [
1568          *            'uid' => 1,
1569          *            'username' => 'maxmuster',
1570          *            'nickname' => 'Max Mustermann'
1571          *        ],
1572          *        [
1573          *            'uid' => 2,
1574          *            'username' => 'johndoe',
1575          *            'nickname' => 'John Doe'
1576          *        ]
1577          *    ]
1578          * @throws Exception
1579          */
1580         public static function identities($uid)
1581         {
1582                 if (empty($uid)) {
1583                         return [];
1584                 }
1585
1586                 $identities = [];
1587
1588                 $user = DBA::selectFirst('user', ['uid', 'nickname', 'username', 'parent-uid'], ['uid' => $uid]);
1589                 if (!DBA::isResult($user)) {
1590                         return $identities;
1591                 }
1592
1593                 if ($user['parent-uid'] == 0) {
1594                         // First add our own entry
1595                         $identities = [[
1596                                 'uid' => $user['uid'],
1597                                 'username' => $user['username'],
1598                                 'nickname' => $user['nickname']
1599                         ]];
1600
1601                         // Then add all the children
1602                         $r = DBA::select(
1603                                 'user',
1604                                 ['uid', 'username', 'nickname'],
1605                                 ['parent-uid' => $user['uid'], 'account_removed' => false]
1606                         );
1607                         if (DBA::isResult($r)) {
1608                                 $identities = array_merge($identities, DBA::toArray($r));
1609                         }
1610                 } else {
1611                         // First entry is our parent
1612                         $r = DBA::select(
1613                                 'user',
1614                                 ['uid', 'username', 'nickname'],
1615                                 ['uid' => $user['parent-uid'], 'account_removed' => false]
1616                         );
1617                         if (DBA::isResult($r)) {
1618                                 $identities = DBA::toArray($r);
1619                         }
1620
1621                         // Then add all siblings
1622                         $r = DBA::select(
1623                                 'user',
1624                                 ['uid', 'username', 'nickname'],
1625                                 ['parent-uid' => $user['parent-uid'], 'account_removed' => false]
1626                         );
1627                         if (DBA::isResult($r)) {
1628                                 $identities = array_merge($identities, DBA::toArray($r));
1629                         }
1630                 }
1631
1632                 $r = DBA::p(
1633                         "SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
1634                         FROM `manage`
1635                         INNER JOIN `user` ON `manage`.`mid` = `user`.`uid`
1636                         WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?",
1637                         $user['uid']
1638                 );
1639                 if (DBA::isResult($r)) {
1640                         $identities = array_merge($identities, DBA::toArray($r));
1641                 }
1642
1643                 return $identities;
1644         }
1645
1646         /**
1647          * Check if the given user id has delegations or is delegated
1648          *
1649          * @param int $uid
1650          * @return bool
1651          */
1652         public static function hasIdentities(int $uid):bool
1653         {
1654                 if (empty($uid)) {
1655                         return false;
1656                 }
1657
1658                 $user = DBA::selectFirst('user', ['parent-uid'], ['uid' => $uid, 'account_removed' => false]);
1659                 if (!DBA::isResult($user)) {
1660                         return false;
1661                 }
1662
1663                 if ($user['parent-uid'] != 0) {
1664                         return true;
1665                 }
1666
1667                 if (DBA::exists('user', ['parent-uid' => $uid, 'account_removed' => false])) {
1668                         return true;
1669                 }
1670
1671                 if (DBA::exists('manage', ['uid' => $uid])) {
1672                         return true;
1673                 }
1674
1675                 return false;
1676         }
1677
1678         /**
1679          * Returns statistical information about the current users of this node
1680          *
1681          * @return array
1682          *
1683          * @throws Exception
1684          */
1685         public static function getStatistics()
1686         {
1687                 $statistics = [
1688                         'total_users'           => 0,
1689                         'active_users_halfyear' => 0,
1690                         'active_users_monthly'  => 0,
1691                         'active_users_weekly'   => 0,
1692                 ];
1693
1694                 $userStmt = DBA::select('owner-view', ['uid', 'login_date', 'last-item'],
1695                         ["`verified` AND `login_date` > ? AND NOT `blocked`
1696                         AND NOT `account_removed` AND NOT `account_expired`",
1697                         DBA::NULL_DATETIME]);
1698                 if (!DBA::isResult($userStmt)) {
1699                         return $statistics;
1700                 }
1701
1702                 $halfyear = time() - (180 * 24 * 60 * 60);
1703                 $month = time() - (30 * 24 * 60 * 60);
1704                 $week = time() - (7 * 24 * 60 * 60);
1705
1706                 while ($user = DBA::fetch($userStmt)) {
1707                         $statistics['total_users']++;
1708
1709                         if ((strtotime($user['login_date']) > $halfyear) || (strtotime($user['last-item']) > $halfyear)
1710                         ) {
1711                                 $statistics['active_users_halfyear']++;
1712                         }
1713
1714                         if ((strtotime($user['login_date']) > $month) || (strtotime($user['last-item']) > $month)
1715                         ) {
1716                                 $statistics['active_users_monthly']++;
1717                         }
1718
1719                         if ((strtotime($user['login_date']) > $week) || (strtotime($user['last-item']) > $week)
1720                         ) {
1721                                 $statistics['active_users_weekly']++;
1722                         }
1723                 }
1724                 DBA::close($userStmt);
1725
1726                 return $statistics;
1727         }
1728
1729         /**
1730          * Get all users of the current node
1731          *
1732          * @param int    $start Start count (Default is 0)
1733          * @param int    $count Count of the items per page (Default is @see Pager::ITEMS_PER_PAGE)
1734          * @param string $type  The type of users, which should get (all, bocked, removed)
1735          * @param string $order Order of the user list (Default is 'contact.name')
1736          * @param bool   $descending Order direction (Default is ascending)
1737          *
1738          * @return array The list of the users
1739          * @throws Exception
1740          */
1741         public static function getList($start = 0, $count = Pager::ITEMS_PER_PAGE, $type = 'all', $order = 'name', bool $descending = false)
1742         {
1743                 $param = ['limit' => [$start, $count], 'order' => [$order => $descending]];
1744                 $condition = [];
1745                 switch ($type) {
1746                         case 'active':
1747                                 $condition['account_removed'] = false;
1748                                 $condition['blocked'] = false;
1749                                 break;
1750                         case 'blocked':
1751                                 $condition['account_removed'] = false;
1752                                 $condition['blocked'] = true;
1753                                 $condition['verified'] = true;
1754                                 break;
1755                         case 'removed':
1756                                 $condition['account_removed'] = true;
1757                                 break;
1758                 }
1759
1760                 return DBA::selectToArray('owner-view', [], $condition, $param);
1761         }
1762 }