use DivineOmega\PasswordExposed;
use Exception;
-use Friendica\Core\Addon;
use Friendica\Core\Config;
+use Friendica\Core\Hook;
use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\PConfig;
use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
+use Friendica\Model\Photo;
use Friendica\Object\Image;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
+use Friendica\Util\Strings;
use LightOpenID;
-require_once 'boot.php';
-require_once 'include/dba.php';
-require_once 'include/enotify.php';
-require_once 'include/text.php';
/**
* @brief This class handles User related functions
*/
*/
public static function getIdForURL($url)
{
- $self = DBA::selectFirst('contact', ['uid'], ['nurl' => normalise_link($url), 'self' => true]);
+ $self = DBA::selectFirst('contact', ['uid'], ['nurl' => Strings::normaliseLink($url), 'self' => true]);
if (!DBA::isResult($self)) {
return false;
} else {
if (!DBA::isResult($r)) {
return false;
}
+
+ if (empty($r['nickname'])) {
+ return false;
+ }
+
+ // Check if the returned data is valid, otherwise fix it. See issue #6122
+ $url = System::baseUrl() . '/profile/' . $r['nickname'];
+ $addr = $r['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3);
+
+ if (($addr != $r['addr']) || ($r['url'] != $url) || ($r['nurl'] != Strings::normaliseLink($r['url']))) {
+ Contact::updateSelfFromUserID($uid);
+ }
+
return $r;
}
if (strpos($user['password'], '$') === false) {
//Legacy hash that has not been replaced by a new hash yet
if (self::hashPasswordLegacy($password) === $user['password']) {
- self::updatePassword($user['uid'], $password);
+ self::updatePasswordHashed($user['uid'], self::hashPassword($password));
return $user['uid'];
}
//Legacy hash that has been double-hashed and not replaced by a new hash yet
//Warning: `legacy_password` is not necessary in sync with the content of `password`
if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
- self::updatePassword($user['uid'], $password);
+ self::updatePasswordHashed($user['uid'], self::hashPassword($password));
return $user['uid'];
}
} elseif (password_verify($password, $user['password'])) {
//New password hash
if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
- self::updatePassword($user['uid'], $password);
+ self::updatePasswordHashed($user['uid'], self::hashPassword($password));
}
return $user['uid'];
*/
public static function generateNewPassword()
{
- return autoname(6) . mt_rand(100, 9999);
+ return ucfirst(Strings::getRandomName(8)) . mt_rand(1000, 9999);
}
/**
*
* @param string $password
* @return string
+ * @throws Exception
*/
public static function hashPassword($password)
{
* @param int $uid
* @param string $password
* @return bool
+ * @throws Exception
*/
public static function updatePassword($uid, $password)
{
+ $password = trim($password);
+
+ if (empty($password)) {
+ throw new Exception(L10n::t('Empty passwords are not allowed.'));
+ }
+
+ if (!Config::get('system', 'disable_password_exposed', false) && self::isPasswordExposed($password)) {
+ throw new Exception(L10n::t('The new password has been exposed in a public data dump, please choose another.'));
+ }
+
+ $allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
+
+ if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) {
+ throw new Exception(L10n::t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
+ }
+
return self::updatePasswordHashed($uid, self::hashPassword($password));
}
* - Create self-contact
* - Create profile image
*
- * @param array $data
- * @return string
- * @throw Exception
+ * @param array $data
+ * @return array
+ * @throws \ErrorException
+ * @throws \Friendica\Network\HTTPException\InternalServerErrorException
+ * @throws Exception
*/
public static function create(array $data)
{
- $a = get_app();
+ $a = \get_app();
$return = ['user' => null, 'password' => ''];
$using_invites = Config::get('system', 'invitation_only');
$num_invites = Config::get('system', 'number_invites');
- $invite_id = !empty($data['invite_id']) ? notags(trim($data['invite_id'])) : '';
- $username = !empty($data['username']) ? notags(trim($data['username'])) : '';
- $nickname = !empty($data['nickname']) ? notags(trim($data['nickname'])) : '';
- $email = !empty($data['email']) ? notags(trim($data['email'])) : '';
- $openid_url = !empty($data['openid_url']) ? notags(trim($data['openid_url'])) : '';
- $photo = !empty($data['photo']) ? notags(trim($data['photo'])) : '';
+ $invite_id = !empty($data['invite_id']) ? Strings::escapeTags(trim($data['invite_id'])) : '';
+ $username = !empty($data['username']) ? Strings::escapeTags(trim($data['username'])) : '';
+ $nickname = !empty($data['nickname']) ? Strings::escapeTags(trim($data['nickname'])) : '';
+ $email = !empty($data['email']) ? Strings::escapeTags(trim($data['email'])) : '';
+ $openid_url = !empty($data['openid_url']) ? Strings::escapeTags(trim($data['openid_url'])) : '';
+ $photo = !empty($data['photo']) ? Strings::escapeTags(trim($data['photo'])) : '';
$password = !empty($data['password']) ? trim($data['password']) : '';
$password1 = !empty($data['password1']) ? trim($data['password1']) : '';
$confirm = !empty($data['confirm']) ? trim($data['confirm']) : '';
- $blocked = !empty($data['blocked']) ? intval($data['blocked']) : 0;
- $verified = !empty($data['verified']) ? intval($data['verified']) : 0;
- $language = !empty($data['language']) ? notags(trim($data['language'])) : 'en';
+ $blocked = !empty($data['blocked']);
+ $verified = !empty($data['verified']);
+ $language = !empty($data['language']) ? Strings::escapeTags(trim($data['language'])) : 'en';
- $publish = !empty($data['profile_publish_reg']) && intval($data['profile_publish_reg']) ? 1 : 0;
- $netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0;
+ $publish = !empty($data['profile_publish_reg']);
+ $netpublish = $publish && Config::get('system', 'directory');
if ($password1 != $confirm) {
throw new Exception(L10n::t('Passwords do not match. Password unchanged.'));
throw new Exception(L10n::t('Your email domain is not among those allowed on this site.'));
}
- if (!valid_email($email) || !Network::isEmailDomainValid($email)) {
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL) || !Network::isEmailDomainValid($email)) {
throw new Exception(L10n::t('Not a valid email address.'));
}
if (self::isNicknameBlocked($nickname)) {
}
if (!$photo_failure) {
- DBA::update('photo', ['profile' => 1], ['resource-id' => $hash]);
+ Photo::update(['profile' => 1], ['resource-id' => $hash]);
}
}
}
- Addon::callHooks('register_account', $uid);
+ Hook::callAll('register_account', $uid);
$return['user'] = $user;
return $return;
*/
public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password)
{
- $body = deindent(L10n::t('
+ $body = Strings::deindent(L10n::t('
Dear %1$s,
Thank you for registering at %2$s. Your account is pending for approval by the administrator.
*/
public static function sendRegisterOpenEmail($user, $sitename, $siteurl, $password)
{
- $preamble = deindent(L10n::t('
+ $preamble = Strings::deindent(L10n::t('
Dear %1$s,
Thank you for registering at %2$s. Your account has been created.
',
- $preamble, $user['username'], $sitename
+ $user['username'], $sitename
));
- $body = deindent(L10n::t('
+ $body = Strings::deindent(L10n::t('
The login details are as follows:
Site Location: %3$s
If you ever want to delete your account, you can do so at %3$s/removeme
Thank you and welcome to %2$s.',
- $user['email'], $sitename, $siteurl, $user['username'], $password
+ $user['nickname'], $sitename, $siteurl, $user['username'], $password
));
return notification([
public static function remove($uid)
{
if (!$uid) {
- return;
+ return false;
}
- $a = get_app();
+ $a = \get_app();
Logger::log('Removing user: ' . $uid);
$user = DBA::selectFirst('user', [], ['uid' => $uid]);
- Addon::callHooks('remove_user', $user);
+ Hook::callAll('remove_user', $user);
// save username (actually the nickname as it is guaranteed
// unique), so it cannot be re-registered in the future.
DBA::insert('userd', ['username' => $user['nickname']]);
// The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php)
- DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc(DateTimeFormat::utcNow() . " + 7 day")], ['uid' => $uid]);
- Worker::add(PRIORITY_HIGH, "Notifier", "removeme", $uid);
+ DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
+ Worker::add(PRIORITY_HIGH, 'Notifier', 'removeme', $uid);
// Send an update to the directory
$self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);
- Worker::add(PRIORITY_LOW, "Directory", $self['url']);
+ Worker::add(PRIORITY_LOW, 'Directory', $self['url']);
// Remove the user relevant data
- Worker::add(PRIORITY_LOW, "RemoveUser", $uid);
+ Worker::add(PRIORITY_LOW, 'RemoveUser', $uid);
- if ($uid == local_user()) {
- unset($_SESSION['authenticated']);
- unset($_SESSION['uid']);
- $a->internalRedirect();
+ return true;
+ }
+
+ /**
+ * Return all identities to a user
+ *
+ * @param int $uid The user id
+ * @return array All identities for this user
+ *
+ * Example for a return:
+ * [
+ * [
+ * 'uid' => 1,
+ * 'username' => 'maxmuster',
+ * 'nickname' => 'Max Mustermann'
+ * ],
+ * [
+ * 'uid' => 2,
+ * 'username' => 'johndoe',
+ * 'nickname' => 'John Doe'
+ * ]
+ * ]
+ */
+ public static function identities($uid)
+ {
+ $identities = [];
+
+ $user = DBA::selectFirst('user', ['uid', 'nickname', 'username', 'parent-uid'], ['uid' => $uid]);
+ if (!DBA::isResult($user)) {
+ return $identities;
}
+
+ if ($user['parent-uid'] == 0) {
+ // First add our own entry
+ $identities = [['uid' => $user['uid'],
+ 'username' => $user['username'],
+ 'nickname' => $user['nickname']]];
+
+ // Then add all the children
+ $r = DBA::select('user', ['uid', 'username', 'nickname'],
+ ['parent-uid' => $user['uid'], 'account_removed' => false]);
+ if (DBA::isResult($r)) {
+ $identities = array_merge($identities, DBA::toArray($r));
+ }
+ } else {
+ // First entry is our parent
+ $r = DBA::select('user', ['uid', 'username', 'nickname'],
+ ['uid' => $user['parent-uid'], 'account_removed' => false]);
+ if (DBA::isResult($r)) {
+ $identities = DBA::toArray($r);
+ }
+
+ // Then add all siblings
+ $r = DBA::select('user', ['uid', 'username', 'nickname'],
+ ['parent-uid' => $user['parent-uid'], 'account_removed' => false]);
+ if (DBA::isResult($r)) {
+ $identities = array_merge($identities, DBA::toArray($r));
+ }
+ }
+
+ $r = DBA::p("SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
+ FROM `manage`
+ INNER JOIN `user` ON `manage`.`mid` = `user`.`uid`
+ WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?",
+ $user['uid']
+ );
+ if (DBA::isResult($r)) {
+ $identities = array_merge($identities, DBA::toArray($r));
+ }
+
+ return $identities;
}
}