X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=39c544c3a8786f62053093ec1c4ff734d5eb4c4f;hb=9ea6d4b26d4375502c567276705dff2ff678122e;hp=eacd4ec33c7e936920ab3960465b65c4f9181d18;hpb=79696a19e505ecded7b257f511ad1691ccb311f4;p=friendica.git

diff --git a/src/Model/User.php b/src/Model/User.php
index eacd4ec33c..39c544c3a8 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -5,6 +5,7 @@
  */
 namespace Friendica\Model;
 
+use DivineOmega\PasswordExposed\PasswordStatus;
 use Friendica\Core\Addon;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
@@ -22,6 +23,7 @@ use Friendica\Util\Network;
 use dba;
 use Exception;
 use LightOpenID;
+use function password_exposed;
 
 require_once 'boot.php';
 require_once 'include/dba.php';
@@ -101,7 +103,7 @@ class User
 	 * @param string $password
 	 * @return int|boolean
 	 * @deprecated since version 3.6
-	 * @see Friendica\Model\User::getIdFromPasswordAuthentication()
+	 * @see User::getIdFromPasswordAuthentication()
 	 */
 	public static function authenticate($user_info, $password)
 	{
@@ -125,13 +127,23 @@ class User
 	{
 		$user = self::getAuthenticationInfo($user_info);
 
-		if ($user['legacy_password']) {
+		if (strpos($user['password'], '$') === false) {
+			//Legacy hash that has not been replaced by a new hash yet
+			if (self::hashPasswordLegacy($password) === $user['password']) {
+				self::updatePassword($user['uid'], $password);
+
+				return $user['uid'];
+			}
+		} elseif (!empty($user['legacy_password'])) {
+			//Legacy hash that has been double-hashed and not replaced by a new hash yet
+			//Warning: `legacy_password` is not necessary in sync with the content of `password`
 			if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
 				self::updatePassword($user['uid'], $password);
 
 				return $user['uid'];
 			}
 		} elseif (password_verify($password, $user['password'])) {
+			//New password hash
 			if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
 				self::updatePassword($user['uid'], $password);
 			}
@@ -216,6 +228,17 @@ class User
 		return autoname(6) . mt_rand(100, 9999);
 	}
 
+	/**
+	 * Checks if the provided plaintext password has been exposed or not
+	 *
+	 * @param string $password
+	 * @return bool
+	 */
+	public static function isPasswordExposed($password)
+	{
+		return password_exposed($password) === PasswordStatus::EXPOSED;
+	}
+
 	/**
 	 * Legacy hashing function, kept for password migration purposes
 	 *
@@ -235,6 +258,10 @@ class User
 	 */
 	public static function hashPassword($password)
 	{
+		if (!trim($password)) {
+			throw new Exception(L10n::t('Password can\'t be empty'));
+		}
+
 		return password_hash($password, PASSWORD_DEFAULT);
 	}
 
@@ -304,6 +331,7 @@ class User
 		$confirm    = x($data, 'confirm')    ? trim($data['confirm'])            : '';
 		$blocked    = x($data, 'blocked')    ? intval($data['blocked'])          : 0;
 		$verified   = x($data, 'verified')   ? intval($data['verified'])         : 0;
+		$language   = x($data, 'language')   ? notags(trim($data['language'])) : 'en';
 
 		$publish = x($data, 'profile_publish_reg') && intval($data['profile_publish_reg']) ? 1 : 0;
 		$netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0;
@@ -332,7 +360,7 @@ class User
 				$_SESSION['register'] = 1;
 				$_SESSION['openid'] = $openid_url;
 
-				$openid = new LightOpenID;
+				$openid = new LightOpenID($a->get_hostname());
 				$openid->identity = $openid_url;
 				$openid->returnUrl = System::baseUrl() . '/openid';
 				$openid->required = ['namePerson/friendly', 'contact/email', 'namePerson'];
@@ -382,7 +410,7 @@ class User
 			throw new Exception(L10n::t('Not a valid email address.'));
 		}
 
-		if (dba::exists('user', ['email' => $email])) {
+		if (Config::get('system', 'block_extended_register', false) && dba::exists('user', ['email' => $email])) {
 			throw new Exception(L10n::t('Cannot use that email.'));
 		}
 
@@ -439,6 +467,7 @@ class User
 			'sprvkey'  => $sprvkey,
 			'verified' => $verified,
 			'blocked'  => $blocked,
+			'language' => $language,
 			'timezone' => 'UTC',
 			'register_date' => DateTimeFormat::utcNow(),
 			'default-location' => ''
@@ -521,7 +550,7 @@ class User
 			if ($Image->isValid()) {
 				$Image->scaleToSquare(175);
 
-				$hash = photo_new_resource();
+				$hash = Photo::newResource();
 
 				$r = Photo::store($Image, $uid, 0, $hash, $filename, L10n::t('Profile Photos'), 4);
 
@@ -601,11 +630,12 @@ class User
 		'));
 		$body = deindent(L10n::t('
 			The login details are as follows:
-				Site Location:	%3$s
-				Login Name:	%1$s
-				Password:	%5$s
 
-			You may change your password from your account Settings page after logging
+			Site Location:	%3$s
+			Login Name:		%1$s
+			Password:		%5$s
+
+			You may change your password from your account "Settings" page after logging
 			in.
 
 			Please take a few moments to review the other account settings on that page.
@@ -614,7 +644,7 @@ class User
 			' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you.
 
 			We recommend setting your full name, adding a profile photo,
-			adding some profile keywords ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and
+			adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and
 			perhaps what country you live in; if you do not wish to be more specific
 			than that.
 
@@ -622,6 +652,7 @@ class User
 			If you are new and do not know anybody here, they may help
 			you to make some new and interesting friends.
 
+			If you ever want to delete your account, you can do so at %3$s/removeme
 
 			Thank you and welcome to %2$s.'));