src/Module/Login.php

   1 <?php
   2
   3 /**
   4  * @file src/Module/Login.php
   5  */
   6
   7 namespace Friendica\Module;
   8
   9 use Friendica\BaseModule;
  10 use Friendica\App\Authentication;
  11 use Friendica\Core\Config;
  12 use Friendica\Core\Hook;
  13 use Friendica\Core\L10n;
  14 use Friendica\Core\Renderer;
  15 use Friendica\Core\Session;
  16 use Friendica\Util\Strings;
  17
  18 /**
  19  * Login module
  20  *
  21  * @author Hypolite Petovan <hypolite@mrpetovan.com>
  22  */
  23 class Login extends BaseModule
  24 {
  25         public static function content(array $parameters = [])
  26         {
  27                 $a = self::getApp();
  28
  29                 if (local_user()) {
  30                         $a->internalRedirect();
  31                 }
  32
  33                 return self::form(Session::get('return_path'), intval(Config::get('config', 'register_policy')) !== \Friendica\Module\Register::CLOSED);
  34         }
  35
  36         public static function post(array $parameters = [])
  37         {
  38                 $return_path = Session::get('return_path');
  39                 Session::clear();
  40                 Session::set('return_path', $return_path);
  41
  42                 // OpenId Login
  43                 if (
  44                         empty($_POST['password'])
  45                         && (!empty($_POST['openid_url'])
  46                                 || !empty($_POST['username']))
  47                 ) {
  48                         $openid_url = trim(($_POST['openid_url'] ?? '') ?: $_POST['username']);
  49
  50                         /** @var Authentication $authentication */
  51                         $authentication = self::getClass(Authentication::class);
  52                         $authentication->withOpenId($openid_url, !empty($_POST['remember']));
  53                 }
  54
  55                 if (!empty($_POST['auth-params']) && $_POST['auth-params'] === 'login') {
  56                         /** @var Authentication $authentication */
  57                         $authentication = self::getClass(Authentication::class);
  58                         $authentication->withPassword(
  59                                 self::getApp(),
  60                                 trim($_POST['username']),
  61                                 trim($_POST['password']),
  62                                 !empty($_POST['remember'])
  63                         );
  64                 }
  65         }
  66
  67         /**
  68          * @brief Wrapper for adding a login box.
  69          *
  70          * @param string $return_path  The path relative to the base the user should be sent
  71          *                             back to after login completes
  72          * @param bool   $register     If $register == true provide a registration link.
  73          *                             This will most always depend on the value of config.register_policy.
  74          * @param array  $hiddens      optional
  75          *
  76          * @return string Returns the complete html for inserting into the page
  77          *
  78          * @throws \Friendica\Network\HTTPException\InternalServerErrorException
  79          * @hooks 'login_hook' string $o
  80          */
  81         public static function form($return_path = null, $register = false, $hiddens = [])
  82         {
  83                 $a = self::getApp();
  84                 $o = '';
  85
  86                 $noid = Config::get('system', 'no_openid');
  87
  88                 if ($noid) {
  89                         Session::remove('openid_identity');
  90                         Session::remove('openid_attributes');
  91                 }
  92
  93                 $reg = false;
  94                 if ($register && intval($a->getConfig()->get('config', 'register_policy')) !== Register::CLOSED) {
  95                         $reg = [
  96                                 'title' => L10n::t('Create a New Account'),
  97                                 'desc' => L10n::t('Register'),
  98                                 'url' => self::getRegisterURL()
  99                         ];
 100                 }
 101
 102                 if (is_null($return_path)) {
 103                         $return_path = $a->query_string;
 104                 }
 105
 106                 if (local_user()) {
 107                         $tpl = Renderer::getMarkupTemplate('logout.tpl');
 108                 } else {
 109                         $a->page['htmlhead'] .= Renderer::replaceMacros(
 110                                 Renderer::getMarkupTemplate('login_head.tpl'),
 111                                 [
 112                                         '$baseurl' => $a->getBaseURL(true)
 113                                 ]
 114                         );
 115
 116                         $tpl = Renderer::getMarkupTemplate('login.tpl');
 117                         $_SESSION['return_path'] = $return_path;
 118                 }
 119
 120                 if (!empty(Session::get('openid_identity'))) {
 121                         $openid_title = L10n::t('Your OpenID: ');
 122                         $openid_readonly = true;
 123                         $identity = Session::get('openid_identity');
 124                         $username_desc = L10n::t('Please enter your username and password to add the OpenID to your existing account.');
 125                 } else {
 126                         $openid_title = L10n::t('Or login using OpenID: ');
 127                         $openid_readonly = false;
 128                         $identity = '';
 129                         $username_desc = '';
 130                 }
 131
 132                 $o .= Renderer::replaceMacros(
 133                         $tpl,
 134                         [
 135                                 '$dest_url'     => self::getApp()->getBaseURL(true) . '/login',
 136                                 '$logout'       => L10n::t('Logout'),
 137                                 '$login'        => L10n::t('Login'),
 138
 139                                 '$lname'        => ['username', L10n::t('Nickname or Email: '), '', $username_desc],
 140                                 '$lpassword'    => ['password', L10n::t('Password: '), '', ''],
 141                                 '$lremember'    => ['remember', L10n::t('Remember me'), 0,  ''],
 142
 143                                 '$openid'       => !$noid,
 144                                 '$lopenid'      => ['openid_url', $openid_title, $identity, '', $openid_readonly],
 145
 146                                 '$hiddens'      => $hiddens,
 147
 148                                 '$register'     => $reg,
 149
 150                                 '$lostpass'     => L10n::t('Forgot your password?'),
 151                                 '$lostlink'     => L10n::t('Password Reset'),
 152
 153                                 '$tostitle'     => L10n::t('Website Terms of Service'),
 154                                 '$toslink'      => L10n::t('terms of service'),
 155
 156                                 '$privacytitle' => L10n::t('Website Privacy Policy'),
 157                                 '$privacylink'  => L10n::t('privacy policy'),
 158                         ]
 159                 );
 160
 161                 Hook::callAll('login_hook', $o);
 162
 163                 return $o;
 164         }
 165
 166         /**
 167          * Get the URL to the register page and add OpenID parameters to it
 168          */
 169         private static function getRegisterURL()
 170         {
 171                 if (empty(Session::get('openid_identity'))) {
 172                         return 'register';
 173                 }
 174
 175                 $args = [];
 176                 $attr = Session::get('openid_attributes', []);
 177
 178                 if (is_array($attr) && count($attr)) {
 179                         foreach ($attr as $k => $v) {
 180                                 if ($k === 'namePerson/friendly') {
 181                                         $nick = Strings::escapeTags(trim($v));
 182                                 }
 183                                 if ($k === 'namePerson/first') {
 184                                         $first = Strings::escapeTags(trim($v));
 185                                 }
 186                                 if ($k === 'namePerson') {
 187                                         $args['username'] = Strings::escapeTags(trim($v));
 188                                 }
 189                                 if ($k === 'contact/email') {
 190                                         $args['email'] = Strings::escapeTags(trim($v));
 191                                 }
 192                                 if ($k === 'media/image/aspect11') {
 193                                         $photosq = bin2hex(trim($v));
 194                                 }
 195                                 if ($k === 'media/image/default') {
 196                                         $photo = bin2hex(trim($v));
 197                                 }
 198                         }
 199                 }
 200
 201                 if (!empty($nick)) {
 202                         $args['nickname'] = $nick;
 203                 } elseif (!empty($first)) {
 204                         $args['nickname'] = $first;
 205                 }
 206
 207                 if (!empty($photosq)) {
 208                         $args['photo'] = $photosq;
 209                 } elseif (!empty($photo)) {
 210                         $args['photo'] = $photo;
 211                 }
 212
 213                 $args['openid_url'] = Strings::escapeTags(trim(Session::get('openid_identity')));
 214
 215                 return 'register?' . http_build_query($args);
 216         }
 217 }