X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=39c544c3a8786f62053093ec1c4ff734d5eb4c4f;hb=d71281e45b6398119ecb09d47dd8947c9e41d15b;hp=1df7e5ef4e4ffb5426b1405b722aa9509127d664;hpb=9665f4ed415d34cbcf09df8c6ca04882303e9544;p=friendica.git diff --git a/src/Model/User.php b/src/Model/User.php index 1df7e5ef4e..39c544c3a8 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -127,13 +127,23 @@ class User { $user = self::getAuthenticationInfo($user_info); - if ($user['legacy_password']) { + if (strpos($user['password'], '$') === false) { + //Legacy hash that has not been replaced by a new hash yet + if (self::hashPasswordLegacy($password) === $user['password']) { + self::updatePassword($user['uid'], $password); + + return $user['uid']; + } + } elseif (!empty($user['legacy_password'])) { + //Legacy hash that has been double-hashed and not replaced by a new hash yet + //Warning: `legacy_password` is not necessary in sync with the content of `password` if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { self::updatePassword($user['uid'], $password); return $user['uid']; } } elseif (password_verify($password, $user['password'])) { + //New password hash if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { self::updatePassword($user['uid'], $password); } @@ -248,6 +258,10 @@ class User */ public static function hashPassword($password) { + if (!trim($password)) { + throw new Exception(L10n::t('Password can\'t be empty')); + } + return password_hash($password, PASSWORD_DEFAULT); } @@ -317,6 +331,7 @@ class User $confirm = x($data, 'confirm') ? trim($data['confirm']) : ''; $blocked = x($data, 'blocked') ? intval($data['blocked']) : 0; $verified = x($data, 'verified') ? intval($data['verified']) : 0; + $language = x($data, 'language') ? notags(trim($data['language'])) : 'en'; $publish = x($data, 'profile_publish_reg') && intval($data['profile_publish_reg']) ? 1 : 0; $netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0; @@ -345,7 +360,7 @@ class User $_SESSION['register'] = 1; $_SESSION['openid'] = $openid_url; - $openid = new LightOpenID; + $openid = new LightOpenID($a->get_hostname()); $openid->identity = $openid_url; $openid->returnUrl = System::baseUrl() . '/openid'; $openid->required = ['namePerson/friendly', 'contact/email', 'namePerson']; @@ -452,6 +467,7 @@ class User 'sprvkey' => $sprvkey, 'verified' => $verified, 'blocked' => $blocked, + 'language' => $language, 'timezone' => 'UTC', 'register_date' => DateTimeFormat::utcNow(), 'default-location' => '' @@ -614,11 +630,12 @@ class User ')); $body = deindent(L10n::t(' The login details are as follows: - Site Location: %3$s - Login Name: %1$s - Password: %5$s - You may change your password from your account Settings page after logging + Site Location: %3$s + Login Name: %1$s + Password: %5$s + + You may change your password from your account "Settings" page after logging in. Please take a few moments to review the other account settings on that page. @@ -627,7 +644,7 @@ class User ' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you. We recommend setting your full name, adding a profile photo, - adding some profile keywords ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and + adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and perhaps what country you live in; if you do not wish to be more specific than that. @@ -635,6 +652,7 @@ class User If you are new and do not know anybody here, they may help you to make some new and interesting friends. + If you ever want to delete your account, you can do so at %3$s/removeme Thank you and welcome to %2$s.'));