X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=src%2FModel%2FUser.php;h=916844251e5c69710faa69890c52f826d0ef56f4;hb=60551e6277a4e3a0901481e2a23b3963db6a1c2c;hp=a05d8a27703454d4574f12237ef37ea86b990163;hpb=08e9b2cc12acb3ac293a1dba4a03efb71c20b39d;p=friendica.git

diff --git a/src/Model/User.php b/src/Model/User.php
index a05d8a2770..916844251e 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -158,6 +158,7 @@ class User
 		$system['publish'] = false;
 		$system['net-publish'] = false;
 		$system['hide-friends'] = true;
+		$system['hidewall'] = true;
 		$system['prv_keywords'] = '';
 		$system['pub_keywords'] = '';
 		$system['address'] = '';
@@ -212,32 +213,33 @@ class User
 			throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.'));
 		}
 
-		$system = [];
-		$system['uid'] = 0;
-		$system['created'] = DateTimeFormat::utcNow();
-		$system['self'] = true;
-		$system['network'] = Protocol::ACTIVITYPUB;
-		$system['name'] = 'System Account';
-		$system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname();
-		$system['nick'] = $system_actor_name;
-		$system['url'] = DI::baseUrl() . '/friendica';
+		$system = [
+			'uid'          => 0,
+			'created'      => DateTimeFormat::utcNow(),
+			'self'         => true,
+			'network'      => Protocol::ACTIVITYPUB,
+			'name'         => 'System Account',
+			'addr'         => $system_actor_name . '@' . DI::baseUrl()->getHostname(),
+			'nick'         => $system_actor_name,
+			'url'          => DI::baseUrl() . '/friendica',
+			'pubkey'       => $keys['pubkey'],
+			'prvkey'       => $keys['prvkey'],
+			'blocked'      => 0,
+			'pending'      => 0,
+			'contact-type' => Contact::TYPE_RELAY, // In AP this is translated to 'Application'
+			'name-date'    => DateTimeFormat::utcNow(),
+			'uri-date'     => DateTimeFormat::utcNow(),
+			'avatar-date'  => DateTimeFormat::utcNow(),
+			'closeness'    => 0,
+			'baseurl'      => DI::baseUrl(),
+		];
 
 		$system['avatar'] = $system['photo'] = Contact::getDefaultAvatar($system, Proxy::SIZE_SMALL);
-		$system['thumb'] = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
-		$system['micro'] = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
-
-		$system['nurl'] = Strings::normaliseLink($system['url']);
-		$system['pubkey'] = $keys['pubkey'];
-		$system['prvkey'] = $keys['prvkey'];
-		$system['blocked'] = 0;
-		$system['pending'] = 0;
-		$system['contact-type'] = Contact::TYPE_RELAY; // In AP this is translated to 'Application'
-		$system['name-date'] = DateTimeFormat::utcNow();
-		$system['uri-date'] = DateTimeFormat::utcNow();
-		$system['avatar-date'] = DateTimeFormat::utcNow();
-		$system['closeness'] = 0;
-		$system['baseurl'] = DI::baseUrl();
-		$system['gsid'] = GServer::getID($system['baseurl']);
+		$system['thumb']  = Contact::getDefaultAvatar($system, Proxy::SIZE_THUMB);
+		$system['micro']  = Contact::getDefaultAvatar($system, Proxy::SIZE_MICRO);
+		$system['nurl']   = Strings::normaliseLink($system['url']);
+		$system['gsid']   = GServer::getID($system['baseurl']);
+
 		Contact::insert($system);
 	}
 
@@ -264,7 +266,7 @@ class User
 		// List of possible actor names
 		$possible_accounts = ['friendica', 'actor', 'system', 'internal'];
 		foreach ($possible_accounts as $name) {
-			if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire' => false]) &&
+			if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'account_expired' => false]) &&
 				!DBA::exists('userd', ['username' => $name])) {
 				DI::config()->set('system', 'actor_name', $name);
 				return $name;
@@ -380,17 +382,15 @@ class User
 	 *
 	 * @param array $fields
 	 * @return array user
+	 * @throws Exception
 	 */
 	public static function getFirstAdmin(array $fields = []) : array
 	{
 		if (!empty(DI::config()->get('config', 'admin_nickname'))) {
 			return self::getByNickname(DI::config()->get('config', 'admin_nickname'), $fields);
-		} elseif (!empty(DI::config()->get('config', 'admin_email'))) {
-			$adminList = explode(',', str_replace(' ', '', DI::config()->get('config', 'admin_email')));
-			return self::getByEmail($adminList[0], $fields);
-		} else {
-			return [];
 		}
+
+		return self::getAdminList()[0] ?? [];
 	}
 
 	/**
@@ -666,6 +666,28 @@ class User
 		return $user;
 	}
 
+	/**
+	 * Update the day of the last activity of the given user
+	 *
+	 * @param integer $uid
+	 * @return void
+	 */
+	public static function updateLastActivity(int $uid)
+	{
+		$user = User::getById($uid, ['last-activity']);
+		if (empty($user)) {
+			return;
+		}
+
+		$current_day = DateTimeFormat::utcNow('Y-m-d');
+
+		if ($user['last-activity'] != $current_day) {
+			User::update(['last-activity' => $current_day], $uid);
+			// Set the last actitivy for all identities of the user
+			DBA::update('user', ['last-activity' => $current_day], ['parent-uid' => $uid, 'account_removed' => false]);
+		}
+	}
+
 	/**
 	 * Generates a human-readable random password
 	 *
@@ -734,6 +756,29 @@ class User
 		return password_hash($password, PASSWORD_DEFAULT);
 	}
 
+	/**
+	 * Allowed characters are a-z, A-Z, 0-9 and special characters except white spaces, accentuated letters and colon (:).
+	 *
+	 * Password length is limited to 72 characters if the current default password hashing algorithm is Blowfish.
+	 * From the manual: "Using the PASSWORD_BCRYPT as the algorithm, will result in the password parameter being
+	 * truncated to a maximum length of 72 bytes."
+	 *
+	 * @see https://www.php.net/manual/en/function.password-hash.php#refsect1-function.password-hash-parameters
+	 *
+	 * @param string|null $delimiter Whether the regular expression is meant to be wrapper in delimiter characters
+	 * @return string
+	 */
+	public static function getPasswordRegExp(string $delimiter = null): string
+	{
+		$allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
+
+		if ($delimiter) {
+			$allowed_characters = preg_quote($allowed_characters, $delimiter);
+		}
+
+		return '^[a-zA-Z0-9' . $allowed_characters . ']' . (PASSWORD_DEFAULT !== PASSWORD_BCRYPT ? '{1,72}' : '+') . '$';
+	}
+
 	/**
 	 * Updates a user row with a new plaintext password
 	 *
@@ -754,9 +799,11 @@ class User
 			throw new Exception(DI::l10n()->t('The new password has been exposed in a public data dump, please choose another.'));
 		}
 
-		$allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
+		if (PASSWORD_DEFAULT === PASSWORD_BCRYPT && strlen($password) > 72) {
+			throw new Exception(DI::l10n()->t('The password length is limited to 72 characters.'));
+		}
 
-		if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) {
+		if (!preg_match('/' . self::getPasswordRegExp('/') . '/', $password)) {
 			throw new Exception(DI::l10n()->t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
 		}
 
@@ -783,6 +830,22 @@ class User
 		return DBA::update('user', $fields, ['uid' => $uid]);
 	}
 
+	/**
+	 * Returns if the given uid is valid and in the admin list
+	 *
+	 * @param int $uid
+	 *
+	 * @return bool
+	 * @throws Exception
+	 */
+	public static function isSiteAdmin(int $uid): bool
+	{
+		return DBA::exists('user', [
+			'uid'   => $uid,
+			'email' => self::getAdminEmailList()
+		]);
+	}
+
 	/**
 	 * Checks if a nickname is in the list of the forbidden nicknames
 	 *
@@ -968,7 +1031,7 @@ class User
 				try {
 					$authurl = $openid->authUrl();
 				} catch (Exception $e) {
-					throw new Exception(DI::l10n()->t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . DI::l10n()->t('The error message was:') . $e->getMessage(), 0, $e);
+					throw new Exception(DI::l10n()->t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '<br />' . DI::l10n()->t('The error message was:') . $e->getMessage(), 0, $e);
 				}
 				System::externalRedirect($authurl);
 				// NOTREACHED
@@ -1028,11 +1091,8 @@ class User
 
 		// Disallow somebody creating an account using openid that uses the admin email address,
 		// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
-		if (DI::config()->get('config', 'admin_email') && strlen($openid_url)) {
-			$adminlist = explode(',', str_replace(' ', '', strtolower(DI::config()->get('config', 'admin_email'))));
-			if (in_array(strtolower($email), $adminlist)) {
-				throw new Exception(DI::l10n()->t('Cannot use that email.'));
-			}
+		if (strlen($openid_url) && in_array(strtolower($email), self::getAdminEmailList())) {
+			throw new Exception(DI::l10n()->t('Cannot use that email.'));
 		}
 
 		$nickname = $data['nickname'] = strtolower($nickname);
@@ -1291,7 +1351,7 @@ class User
 
 		if (DBA::isResult($profile) && $profile['net-publish'] && Search::getGlobalDirectory()) {
 			$url = DI::baseUrl() . '/profile/' . $user['nickname'];
-			Worker::add(PRIORITY_LOW, "Directory", $url);
+			Worker::add(Worker::PRIORITY_LOW, "Directory", $url);
 		}
 
 		$l10n = DI::l10n()->withLang($register['language']);
@@ -1392,7 +1452,7 @@ class User
 		If you are new and do not know anybody here, they may help
 		you to make some new and interesting friends.
 
-		If you ever want to delete your account, you can do so at %1$s/removeme
+		If you ever want to delete your account, you can do so at %1$s/settings/removeme
 
 		Thank you and welcome to %4$s.'));
 
@@ -1496,7 +1556,7 @@ class User
 			If you are new and do not know anybody here, they may help
 			you to make some new and interesting friends.
 
-			If you ever want to delete your account, you can do so at %3$s/removeme
+			If you ever want to delete your account, you can do so at %3$s/settings/removeme
 
 			Thank you and welcome to %2$s.',
 			$user['nickname'],
@@ -1541,14 +1601,14 @@ class User
 
 		// The user and related data will be deleted in Friendica\Worker\ExpireAndRemoveUsers
 		DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
-		Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
+		Worker::add(Worker::PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
 
 		// Send an update to the directory
 		$self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);
-		Worker::add(PRIORITY_LOW, 'Directory', $self['url']);
+		Worker::add(Worker::PRIORITY_LOW, 'Directory', $self['url']);
 
 		// Remove the user relevant data
-		Worker::add(PRIORITY_NEGLIGIBLE, 'RemoveUser', $uid);
+		Worker::add(Worker::PRIORITY_NEGLIGIBLE, 'RemoveUser', $uid);
 
 		return true;
 	}
@@ -1688,8 +1748,8 @@ class User
 			'active_users_weekly'   => 0,
 		];
 
-		$userStmt = DBA::select('owner-view', ['uid', 'login_date', 'last-item'],
-			["`verified` AND `login_date` > ? AND NOT `blocked`
+		$userStmt = DBA::select('owner-view', ['uid', 'last-activity', 'last-item'],
+			["`verified` AND `last-activity` > ? AND NOT `blocked`
 			AND NOT `account_removed` AND NOT `account_expired`",
 			DBA::NULL_DATETIME]);
 		if (!DBA::isResult($userStmt)) {
@@ -1703,17 +1763,17 @@ class User
 		while ($user = DBA::fetch($userStmt)) {
 			$statistics['total_users']++;
 
-			if ((strtotime($user['login_date']) > $halfyear) || (strtotime($user['last-item']) > $halfyear)
+			if ((strtotime($user['last-activity']) > $halfyear) || (strtotime($user['last-item']) > $halfyear)
 			) {
 				$statistics['active_users_halfyear']++;
 			}
 
-			if ((strtotime($user['login_date']) > $month) || (strtotime($user['last-item']) > $month)
+			if ((strtotime($user['last-activity']) > $month) || (strtotime($user['last-item']) > $month)
 			) {
 				$statistics['active_users_monthly']++;
 			}
 
-			if ((strtotime($user['login_date']) > $week) || (strtotime($user['last-item']) > $week)
+			if ((strtotime($user['last-activity']) > $week) || (strtotime($user['last-item']) > $week)
 			) {
 				$statistics['active_users_weekly']++;
 			}
@@ -1757,4 +1817,64 @@ class User
 
 		return DBA::selectToArray('owner-view', [], $condition, $param);
 	}
+
+	/**
+	 * Returns a list of lowercase admin email addresses from the comma-separated list in the config
+	 *
+	 * @return array
+	 */
+	public static function getAdminEmailList(): array
+	{
+		$adminEmails = strtolower(str_replace(' ', '', DI::config()->get('config', 'admin_email')));
+		if (!$adminEmails) {
+			return [];
+		}
+
+		return explode(',', $adminEmails);
+	}
+
+	/**
+	 * Returns the complete list of admin user accounts
+	 *
+	 * @param array $fields
+	 * @return array
+	 * @throws Exception
+	 */
+	public static function getAdminList(array $fields = []): array
+	{
+		$condition = [
+			'email'           => self::getAdminEmailList(),
+			'parent-uid'      => 0,
+			'blocked'         => 0,
+			'verified'        => true,
+			'account_removed' => false,
+			'account_expired' => false,
+		];
+
+		return DBA::selectToArray('user', $fields, $condition, ['order' => ['uid']]);
+	}
+
+	/**
+	 * Return a list of admin user accounts where each unique email address appears only once.
+	 *
+	 * This method is meant for admin notifications that do not need to be sent multiple times to the same email address.
+	 *
+	 * @param array $fields
+	 * @return array
+	 * @throws Exception
+	 */
+	public static function getAdminListForEmailing(array $fields = []): array
+	{
+		return array_filter(self::getAdminList($fields), function ($user) {
+			static $emails = [];
+
+			if (in_array($user['email'], $emails)) {
+				return false;
+			}
+
+			$emails[] = $user['email'];
+
+			return true;
+		});
+	}
 }