<?php
/**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2021, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
return false;
}
- if (!$repairMissing) {
+ if (!$repairMissing || $owner['account_expired']) {
return $owner;
}
}
return $user['uid'];
+ } else {
+ $addon_auth = [
+ 'username' => $user['nickname'],
+ 'password' => $password,
+ 'authenticated' => 0,
+ 'user_record' => null
+ ];
+
+ /*
+ * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
+ * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
+ * and later addons should not interfere with an earlier one that succeeded.
+ */
+ Hook::callAll('authenticate', $addon_auth);
+
+ if ($addon_auth['authenticated'] && $addon_auth['user_record']) {
+ return $user['uid'];
+ }
}
throw new HTTPException\ForbiddenException(DI::l10n()->t('Login failed'));
if (is_int($user_info)) {
$user = DBA::selectFirst(
'user',
- ['uid', 'password', 'legacy_password'],
+ ['uid', 'nickname', 'password', 'legacy_password'],
[
'uid' => $user_info,
'blocked' => 0,
]
);
} else {
- $fields = ['uid', 'password', 'legacy_password'];
+ $fields = ['uid', 'nickname', 'password', 'legacy_password'];
$condition = [
"(`email` = ? OR `username` = ? OR `nickname` = ?)
AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
// unique), so it cannot be re-registered in the future.
DBA::insert('userd', ['username' => $user['nickname']]);
+ // Remove all personal settings, especially connector settings
+ DBA::delete('pconfig', ['uid' => $uid]);
+
// The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
projects / friendica.git / blobdiff