X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=4dca908b61fdf93cdac24878df78d6f6dcb92b69;hb=daa1177e3a1e42b4c95e0a8759f1610942b952c7;hp=f92611cb236fd966137e721836e834cdab90da15;hpb=8a9917857e027159f97ea873ac88d25cd0e9328f;p=friendica.git diff --git a/src/Model/User.php b/src/Model/User.php index f92611cb23..4dca908b61 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -5,23 +5,22 @@ */ namespace Friendica\Model; +use DivineOmega\PasswordExposed\PasswordStatus; +use Exception; use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\PConfig; use Friendica\Core\System; use Friendica\Core\Worker; +use Friendica\Database\dba; use Friendica\Database\DBM; -use Friendica\Model\Contact; -use Friendica\Model\Group; -use Friendica\Model\Photo; use Friendica\Object\Image; use Friendica\Util\Crypto; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; -use dba; -use Exception; use LightOpenID; +use function password_exposed; require_once 'boot.php'; require_once 'include/dba.php'; @@ -63,6 +62,21 @@ class User return $r; } + /** + * @brief Get owner data by nick name + * + * @param int $nick + * @return boolean|array + */ + public static function getOwnerDataByNick($nick) + { + $user = dba::selectFirst('user', ['uid'], ['nickname' => $nick]); + if (!DBM::is_result($user)) { + return false; + } + return self::getOwnerDataById($user['uid']); + } + /** * @brief Returns the default group for a given user and network * @@ -101,7 +115,7 @@ class User * @param string $password * @return int|boolean * @deprecated since version 3.6 - * @see Friendica\Model\User::getIdFromPasswordAuthentication() + * @see User::getIdFromPasswordAuthentication() */ public static function authenticate($user_info, $password) { @@ -125,13 +139,23 @@ class User { $user = self::getAuthenticationInfo($user_info); - if ($user['legacy_password']) { + if (strpos($user['password'], '$') === false) { + //Legacy hash that has not been replaced by a new hash yet + if (self::hashPasswordLegacy($password) === $user['password']) { + self::updatePassword($user['uid'], $password); + + return $user['uid']; + } + } elseif (!empty($user['legacy_password'])) { + //Legacy hash that has been double-hashed and not replaced by a new hash yet + //Warning: `legacy_password` is not necessary in sync with the content of `password` if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { self::updatePassword($user['uid'], $password); return $user['uid']; } } elseif (password_verify($password, $user['password'])) { + //New password hash if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { self::updatePassword($user['uid'], $password); } @@ -157,6 +181,8 @@ class User */ private static function getAuthenticationInfo($user_info) { + $user = null; + if (is_object($user_info) || is_array($user_info)) { if (is_object($user_info)) { $user = (array) $user_info; @@ -182,18 +208,11 @@ class User ] ); } else { - $user = dba::fetch_first('SELECT `uid`, `password`, `legacy_password` - FROM `user` - WHERE (`email` = ? OR `username` = ? OR `nickname` = ?) - AND `blocked` = 0 - AND `account_expired` = 0 - AND `account_removed` = 0 - AND `verified` = 1 - LIMIT 1', - $user_info, - $user_info, - $user_info - ); + $fields = ['uid', 'password', 'legacy_password']; + $condition = ["(`email` = ? OR `username` = ? OR `nickname` = ?) + AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`", + $user_info, $user_info, $user_info]; + $user = dba::selectFirst('user', $fields, $condition); } if (!DBM::is_result($user)) { @@ -214,6 +233,17 @@ class User return autoname(6) . mt_rand(100, 9999); } + /** + * Checks if the provided plaintext password has been exposed or not + * + * @param string $password + * @return bool + */ + public static function isPasswordExposed($password) + { + return password_exposed($password) === PasswordStatus::EXPOSED; + } + /** * Legacy hashing function, kept for password migration purposes * @@ -233,6 +263,10 @@ class User */ public static function hashPassword($password) { + if (!trim($password)) { + throw new Exception(L10n::t('Password can\'t be empty')); + } + return password_hash($password, PASSWORD_DEFAULT); } @@ -267,6 +301,33 @@ class User return dba::update('user', $fields, ['uid' => $uid]); } + /** + * @brief Checks if a nickname is in the list of the forbidden nicknames + * + * Check if a nickname is forbidden from registration on the node by the + * admin. Forbidden nicknames (e.g. role namess) can be configured in the + * admin panel. + * + * @param string $nickname The nickname that should be checked + * @return boolean True is the nickname is blocked on the node + */ + public static function isNicknameBlocked($nickname) + { + $forbidden_nicknames = Config::get('system', 'forbidden_nicknames', ''); + // if the config variable is empty return false + if (!x($forbidden_nicknames)) { + return false; + } + // check if the nickname is in the list of blocked nicknames + $forbidden = explode(',', $forbidden_nicknames); + $forbidden = array_map('trim', $forbidden); + if (in_array(strtolower($nickname), $forbidden)) { + return true; + } + // else return false + return false; + } + /** * @brief Catch-all user creation function * @@ -302,6 +363,7 @@ class User $confirm = x($data, 'confirm') ? trim($data['confirm']) : ''; $blocked = x($data, 'blocked') ? intval($data['blocked']) : 0; $verified = x($data, 'verified') ? intval($data['verified']) : 0; + $language = x($data, 'language') ? notags(trim($data['language'])) : 'en'; $publish = x($data, 'profile_publish_reg') && intval($data['profile_publish_reg']) ? 1 : 0; $netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0; @@ -330,7 +392,7 @@ class User $_SESSION['register'] = 1; $_SESSION['openid'] = $openid_url; - $openid = new LightOpenID; + $openid = new LightOpenID($a->get_hostname()); $openid->identity = $openid_url; $openid->returnUrl = System::baseUrl() . '/openid'; $openid->required = ['namePerson/friendly', 'contact/email', 'namePerson']; @@ -379,15 +441,18 @@ class User if (!valid_email($email) || !Network::isEmailDomainValid($email)) { throw new Exception(L10n::t('Not a valid email address.')); } + if (self::isNicknameBlocked($nickname)) { + throw new Exception(L10n::t('The nickname was blocked from registration by the nodes admin.')); + } - if (dba::exists('user', ['email' => $email])) { + if (Config::get('system', 'block_extended_register', false) && dba::exists('user', ['email' => $email])) { throw new Exception(L10n::t('Cannot use that email.')); } // Disallow somebody creating an account using openid that uses the admin email address, // since openid bypasses email verification. We'll allow it if there is not yet an admin account. - if (x($a->config, 'admin_email') && strlen($openid_url)) { - $adminlist = explode(',', str_replace(' ', '', strtolower($a->config['admin_email']))); + if (Config::get('config', 'admin_email') && strlen($openid_url)) { + $adminlist = explode(',', str_replace(' ', '', strtolower(Config::get('config', 'admin_email')))); if (in_array(strtolower($email), $adminlist)) { throw new Exception(L10n::t('Cannot use that email.')); } @@ -437,6 +502,7 @@ class User 'sprvkey' => $sprvkey, 'verified' => $verified, 'blocked' => $blocked, + 'language' => $language, 'timezone' => 'UTC', 'register_date' => DateTimeFormat::utcNow(), 'default-location' => '' @@ -519,7 +585,7 @@ class User if ($Image->isValid()) { $Image->scaleToSquare(175); - $hash = photo_new_resource(); + $hash = Photo::newResource(); $r = Photo::store($Image, $uid, 0, $hash, $filename, L10n::t('Profile Photos'), 4); @@ -599,11 +665,12 @@ class User ')); $body = deindent(L10n::t(' The login details are as follows: - Site Location: %3$s - Login Name: %1$s - Password: %5$s - You may change your password from your account Settings page after logging + Site Location: %3$s + Login Name: %1$s + Password: %5$s + + You may change your password from your account "Settings" page after logging in. Please take a few moments to review the other account settings on that page. @@ -612,7 +679,7 @@ class User ' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you. We recommend setting your full name, adding a profile photo, - adding some profile keywords ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and + adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and perhaps what country you live in; if you do not wish to be more specific than that. @@ -620,6 +687,7 @@ class User If you are new and do not know anybody here, they may help you to make some new and interesting friends. + If you ever want to delete your account, you can do so at %3$s/removeme Thank you and welcome to %2$s.'));