Merge pull request #12547 from MrPetovan/bug/12545-plink-zindex

[friendica.git] / src / Model / User.php

diff --git a/src/Model/User.php b/src/Model/User.php
index a05d8a27703454d4574f12237ef37ea86b990163..916844251e5c69710faa69890c52f826d0ef56f4 100644 (file)
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -158,6 +158,7 @@ class User
                $system['publish'] = false;
                $system['net-publish'] = false;
                $system['hide-friends'] = true;
                $system['publish'] = false;
                $system['net-publish'] = false;
                $system['hide-friends'] = true;

+               $system['hidewall'] = true;

                $system['prv_keywords'] = '';
                $system['pub_keywords'] = '';
                $system['address'] = '';
                $system['prv_keywords'] = '';
                $system['pub_keywords'] = '';
                $system['address'] = '';


@@ -212,32 +213,33 @@ class User
                        throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
                }
 
                        throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
                }
 

-               $system = [];
-               $system['uid'] = 0;
-               $system['created'] = DateTimeFormat::utcNow();
-               $system['self'] = true;
-               $system['network'] = Protocol::ACTIVITYPUB;
-               $system['name'] = 'System Account';
-               $system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname();
-               $system['nick'] = $system_actor_name;
-               $system['url'] = DI::baseUrl() . '/friendica';
+               $system = [
+                       'uid'          => 0,
+                       'created'      => DateTimeFormat::utcNow(),
+                       'self'         => true,
+                       'network'      => Protocol::ACTIVITYPUB,
+                       'name'         => 'System Account',
+                       'addr'         => $system_actor_name . '@' . DI::baseUrl()->getHostname(),
+                       'nick'         => $system_actor_name,
+                       'url'          => DI::baseUrl() . '/friendica',
+                       'pubkey'       => $keys['pubkey'],
+                       'prvkey'       => $keys['prvkey'],
+                       'blocked'      => 0,
+                       'pending'      => 0,
+                       'contact-type' => Contact::TYPE_RELAY, // In AP this is translated to 'Application'
+                       'name-date'    => DateTimeFormat::utcNow(),
+                       'uri-date'     => DateTimeFormat::utcNow(),
+                       'avatar-date'  => DateTimeFormat::utcNow(),
+                       'closeness'    => 0,
+                       'baseurl'      => DI::baseUrl(),
+               ];

 
                $system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);
 
                $system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);

-               $system['thumb'] = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
-               $system['micro'] = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
-
-               $system['nurl'] = Strings::normaliseLink($system['url']);
-               $system['pubkey'] = $keys['pubkey'];
-               $system['prvkey'] = $keys['prvkey'];
-               $system['blocked'] = 0;
-               $system['pending'] = 0;
-               $system['contact-type'] = Contact::TYPE_RELAY; // In AP this is translated to 'Application'
-               $system['name-date'] = DateTimeFormat::utcNow();
-               $system['uri-date'] = DateTimeFormat::utcNow();
-               $system['avatar-date'] = DateTimeFormat::utcNow();
-               $system['closeness'] = 0;
-               $system['baseurl'] = DI::baseUrl();
-               $system['gsid'] = GServer::getID($system['baseurl']);
+               $system['thumb']  = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
+               $system['micro']  = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
+               $system['nurl']   = Strings::normaliseLink($system['url']);
+               $system['gsid']   = GServer::getID($system['baseurl']);
+

                Contact::insert($system);
        }
 
                Contact::insert($system);
        }
 


@@ -264,7 +266,7 @@ class User
                // List of possible actor names
                $possible_accounts = ['friendica', 'actor', 'system', 'internal'];
                foreach ($possible_accounts as $name) {
                // List of possible actor names
                $possible_accounts = ['friendica', 'actor', 'system', 'internal'];
                foreach ($possible_accounts as $name) {

-                       if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire' => false]) &&
+                       if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'account_expired' => false]) &&

                                !DBA::exists('userd', ['username' => $name])) {
                                DI::config()->set('system', 'actor_name', $name);
                                return $name;
                                !DBA::exists('userd', ['username' => $name])) {
                                DI::config()->set('system', 'actor_name', $name);
                                return $name;


@@ -380,17 +382,15 @@ class User
         *
         * @param array $fields
         * @return array user
         *
         * @param array $fields
         * @return array user

+        * @throws Exception

         */
        public static function getFirstAdmin(array $fields = []) : array
        {
                if (!empty(DI::config()->get('config', 'admin_nickname'))) {
                        return self::getByNickname(DI::config()->get('config', 'admin_nickname'), $fields);
         */
        public static function getFirstAdmin(array $fields = []) : array
        {
                if (!empty(DI::config()->get('config', 'admin_nickname'))) {
                        return self::getByNickname(DI::config()->get('config', 'admin_nickname'), $fields);

-               } elseif (!empty(DI::config()->get('config', 'admin_email'))) {
-                       $adminList = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
-                       return self::getByEmail($adminList[0], $fields);
-               } else {
-                       return [];

                }
                }

+
+               return self::getAdminList()[0] ?? [];

        }
 
        /**
        }
 
        /**


@@ -666,6 +666,28 @@ class User
                return $user;
        }
 
                return $user;
        }
 

+       /**
+        * Update the day of the last activity of the given user
+        *
+        * @param integer $uid
+        * @return void
+        */
+       public static function updateLastActivity(int $uid)
+       {
+               $user = User::getById($uid, ['last-activity']);
+               if (empty($user)) {
+                       return;
+               }
+
+               $current_day = DateTimeFormat::utcNow('Y-m-d');
+
+               if ($user['last-activity'] != $current_day) {
+                       User::update(['last-activity' => $current_day], $uid);
+                       // Set the last actitivy for all identities of the user
+                       DBA::update('user', ['last-activity' => $current_day], ['parent-uid' => $uid, 'account_removed' => false]);
+               }
+       }
+

        /**
         * Generates a human-readable random password
         *
        /**
         * Generates a human-readable random password
         *


@@ -734,6 +756,29 @@ class User
                return password_hash($password, PASSWORD_DEFAULT);
        }
 
                return password_hash($password, PASSWORD_DEFAULT);
        }
 

+       /**
+        * Allowed characters are a-z, A-Z, 0-9 and special characters except white spaces, accentuated letters and colon (:).
+        *
+        * Password length is limited to 72 characters if the current default password hashing algorithm is Blowfish.
+        * From the manual: "Using the PASSWORD_BCRYPT as the algorithm, will result in the password parameter being
+        * truncated to a maximum length of 72 bytes."
+        *
+        * @see https://www.php.net/manual/en/function.password-hash.php#refsect1-function.password-hash-parameters
+        *
+        * @param string|null $delimiter Whether the regular expression is meant to be wrapper in delimiter characters
+        * @return string
+        */
+       public static function getPasswordRegExp(string $delimiter = null): string
+       {
+               $allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
+
+               if ($delimiter) {
+                       $allowed_characters = preg_quote($allowed_characters, $delimiter);
+               }
+
+               return '^[a-zA-Z0-9' . $allowed_characters . ']' . (PASSWORD_DEFAULT !== PASSWORD_BCRYPT ? '{1,72}' : '+') . '$';
+       }
+

        /**
         * Updates a user row with a new plaintext password
         *
        /**
         * Updates a user row with a new plaintext password
         *


@@ -754,9 +799,11 @@ class User
                        throw new Exception(DI::l10n()->t('The new password has been exposed in a public data dump, please choose another.'));
                }
 
                        throw new Exception(DI::l10n()->t('The new password has been exposed in a public data dump, please choose another.'));
                }
 

-               $allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
+               if (PASSWORD_DEFAULT === PASSWORD_BCRYPT && strlen($password) > 72) {
+                       throw new Exception(DI::l10n()->t('The password length is limited to 72 characters.'));
+               }

 
 

-               if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) {
+               if (!preg_match('/' . self::getPasswordRegExp('/') . '/', $password)) {

                        throw new Exception(DI::l10n()->t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
                }
 
                        throw new Exception(DI::l10n()->t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
                }
 


@@ -783,6 +830,22 @@ class User
                return DBA::update('user', $fields, ['uid' => $uid]);
        }
 
                return DBA::update('user', $fields, ['uid' => $uid]);
        }
 

+       /**
+        * Returns if the given uid is valid and in the admin list
+        *
+        * @param int $uid
+        *
+        * @return bool
+        * @throws Exception
+        */
+       public static function isSiteAdmin(int $uid): bool
+       {
+               return DBA::exists('user', [
+                       'uid'   => $uid,
+                       'email' => self::getAdminEmailList()
+               ]);
+       }
+

        /**
         * Checks if a nickname is in the list of the forbidden nicknames
         *
        /**
         * Checks if a nickname is in the list of the forbidden nicknames
         *


@@ -968,7 +1031,7 @@ class User
                                try {
                                        $authurl = $openid->authUrl();
                                } catch (Exception $e) {
                                try {
                                        $authurl = $openid->authUrl();
                                } catch (Exception $e) {

-                                       throw new Exception(DI::l10n()->t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . DI::l10n()->t('The error message was:') . $e->getMessage(), 0, $e);
+                                       throw new Exception(DI::l10n()->t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '<br />' . DI::l10n()->t('The error message was:') . $e->getMessage(), 0, $e);

                                }
                                System::externalRedirect($authurl);
                                // NOTREACHED
                                }
                                System::externalRedirect($authurl);
                                // NOTREACHED


@@ -1028,11 +1091,8 @@ class User
 
                // Disallow somebody creating an account using openid that uses the admin email address,
                // since openid bypasses email verification. We'll allow it if there is not yet an admin account.
 
                // Disallow somebody creating an account using openid that uses the admin email address,
                // since openid bypasses email verification. We'll allow it if there is not yet an admin account.

-               if (DI::config()->get('config', 'admin_email') && strlen($openid_url)) {
-                       $adminlist = explode(',', str_replace(' ', '', strtolower(DI::config()->get('config', 'admin_email'))));
-                       if (in_array(strtolower($email), $adminlist)) {
-                               throw new Exception(DI::l10n()->t('Cannot use that email.'));
-                       }
+               if (strlen($openid_url) && in_array(strtolower($email), self::getAdminEmailList())) {
+                       throw new Exception(DI::l10n()->t('Cannot use that email.'));

                }
 
                $nickname = $data['nickname'] = strtolower($nickname);
                }
 
                $nickname = $data['nickname'] = strtolower($nickname);


@@ -1291,7 +1351,7 @@ class User
 
                if (DBA::isResult($profile) && $profile['net-publish'] && Search::getGlobalDirectory()) {
                        $url = DI::baseUrl() . '/profile/' . $user['nickname'];
 
                if (DBA::isResult($profile) && $profile['net-publish'] && Search::getGlobalDirectory()) {
                        $url = DI::baseUrl() . '/profile/' . $user['nickname'];

-                       Worker::add(PRIORITY_LOW, "Directory", $url);
+                       Worker::add(Worker::PRIORITY_LOW, "Directory", $url);

                }
 
                $l10n = DI::l10n()->withLang($register['language']);
                }
 
                $l10n = DI::l10n()->withLang($register['language']);


@@ -1392,7 +1452,7 @@ class User
                If you are new and do not know anybody here, they may help
                you to make some new and interesting friends.
 
                If you are new and do not know anybody here, they may help
                you to make some new and interesting friends.
 

-               If you ever want to delete your account, you can do so at %1$s/removeme
+               If you ever want to delete your account, you can do so at %1$s/settings/removeme

 
                Thank you and welcome to %4$s.'));
 
 
                Thank you and welcome to %4$s.'));
 


@@ -1496,7 +1556,7 @@ class User
                        If you are new and do not know anybody here, they may help
                        you to make some new and interesting friends.
 
                        If you are new and do not know anybody here, they may help
                        you to make some new and interesting friends.
 

-                       If you ever want to delete your account, you can do so at %3$s/removeme
+                       If you ever want to delete your account, you can do so at %3$s/settings/removeme

 
                        Thank you and welcome to %2$s.',
                        $user['nickname'],
 
                        Thank you and welcome to %2$s.',
                        $user['nickname'],


@@ -1541,14 +1601,14 @@ class User
 
                // The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
                DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
 
                // The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
                DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);

-               Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
+               Worker::add(Worker::PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);

 
                // Send an update to the directory
                $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);
 
                // Send an update to the directory
                $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);

-               Worker::add(PRIORITY_LOW, 'Directory', $self['url']);
+               Worker::add(Worker::PRIORITY_LOW, 'Directory', $self['url']);

 
                // Remove the user relevant data
 
                // Remove the user relevant data

-               Worker::add(PRIORITY_NEGLIGIBLE, 'RemoveUser', $uid);
+               Worker::add(Worker::PRIORITY_NEGLIGIBLE, 'RemoveUser', $uid);

 
                return true;
        }
 
                return true;
        }


@@ -1688,8 +1748,8 @@ class User
                        'active_users_weekly'   => 0,
                ];
 
                        'active_users_weekly'   => 0,
                ];
 

-               $userStmt = DBA::select('owner-view', ['uid', 'login_date', 'last-item'],
-                       ["`verified` AND `login_date` > ? AND NOT `blocked`
+               $userStmt = DBA::select('owner-view', ['uid', 'last-activity', 'last-item'],
+                       ["`verified` AND `last-activity` > ? AND NOT `blocked`

                        AND NOT `account_removed` AND NOT `account_expired`",
                        DBA::NULL_DATETIME]);
                if (!DBA::isResult($userStmt)) {
                        AND NOT `account_removed` AND NOT `account_expired`",
                        DBA::NULL_DATETIME]);
                if (!DBA::isResult($userStmt)) {


@@ -1703,17 +1763,17 @@ class User
                while ($user = DBA::fetch($userStmt)) {
                        $statistics['total_users']++;
 
                while ($user = DBA::fetch($userStmt)) {
                        $statistics['total_users']++;
 

-                       if ((strtotime($user['login_date']) > $halfyear) || (strtotime($user['last-item']) > $halfyear)
+                       if ((strtotime($user['last-activity']) > $halfyear) || (strtotime($user['last-item']) > $halfyear)

                        ) {
                                $statistics['active_users_halfyear']++;
                        }
 
                        ) {
                                $statistics['active_users_halfyear']++;
                        }
 

-                       if ((strtotime($user['login_date']) > $month) || (strtotime($user['last-item']) > $month)
+                       if ((strtotime($user['last-activity']) > $month) || (strtotime($user['last-item']) > $month)

                        ) {
                                $statistics['active_users_monthly']++;
                        }
 
                        ) {
                                $statistics['active_users_monthly']++;
                        }
 

-                       if ((strtotime($user['login_date']) > $week) || (strtotime($user['last-item']) > $week)
+                       if ((strtotime($user['last-activity']) > $week) || (strtotime($user['last-item']) > $week)

                        ) {
                                $statistics['active_users_weekly']++;
                        }
                        ) {
                                $statistics['active_users_weekly']++;
                        }


@@ -1757,4 +1817,64 @@ class User
 
                return DBA::selectToArray('owner-view', [], $condition, $param);
        }
 
                return DBA::selectToArray('owner-view', [], $condition, $param);
        }

+
+       /**
+        * Returns a list of lowercase admin email addresses from the comma-separated list in the config
+        *
+        * @return array
+        */
+       public static function getAdminEmailList(): array
+       {
+               $adminEmails = strtolower(str_replace(' ', '', DI::config()->get('config', 'admin_email')));
+               if (!$adminEmails) {
+                       return [];
+               }
+
+               return explode(',', $adminEmails);
+       }
+
+       /**
+        * Returns the complete list of admin user accounts
+        *
+        * @param array $fields
+        * @return array
+        * @throws Exception
+        */
+       public static function getAdminList(array $fields = []): array
+       {
+               $condition = [
+                       'email'           => self::getAdminEmailList(),
+                       'parent-uid'      => 0,
+                       'blocked'         => 0,
+                       'verified'        => true,
+                       'account_removed' => false,
+                       'account_expired' => false,
+               ];
+
+               return DBA::selectToArray('user', $fields, $condition, ['order' => ['uid']]);
+       }
+
+       /**
+        * Return a list of admin user accounts where each unique email address appears only once.
+        *
+        * This method is meant for admin notifications that do not need to be sent multiple times to the same email address.
+        *
+        * @param array $fields
+        * @return array
+        * @throws Exception
+        */
+       public static function getAdminListForEmailing(array $fields = []): array
+       {
+               return array_filter(self::getAdminList($fields), function ($user) {
+                       static $emails = [];
+
+                       if (in_array($user['email'], $emails)) {
+                               return false;
+                       }
+
+                       $emails[] = $user['email'];
+
+                       return true;
+               });
+       }

 }
 }