X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=57a3ecb50dfb681fcb425860b841bbe907759a5e;hb=d993c8584c4c2b6023606e727ea3e0db6a6bde51;hp=eacd4ec33c7e936920ab3960465b65c4f9181d18;hpb=bcd896c60431e43a78b29e82d42122e5fe31720e;p=friendica.git diff --git a/src/Model/User.php b/src/Model/User.php index eacd4ec33c..57a3ecb50d 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -5,6 +5,7 @@ */ namespace Friendica\Model; +use DivineOmega\PasswordExposed\PasswordStatus; use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; @@ -22,6 +23,7 @@ use Friendica\Util\Network; use dba; use Exception; use LightOpenID; +use function password_exposed; require_once 'boot.php'; require_once 'include/dba.php'; @@ -63,6 +65,21 @@ class User return $r; } + /** + * @brief Get owner data by nick name + * + * @param int $nick + * @return boolean|array + */ + public static function getOwnerDataByNick($nick) + { + $user = dba::selectFirst('user', ['uid'], ['nickname' => $nick]); + if (!DBM::is_result($user)) { + return false; + } + return self::getOwnerDataById($user['uid']); + } + /** * @brief Returns the default group for a given user and network * @@ -101,7 +118,7 @@ class User * @param string $password * @return int|boolean * @deprecated since version 3.6 - * @see Friendica\Model\User::getIdFromPasswordAuthentication() + * @see User::getIdFromPasswordAuthentication() */ public static function authenticate($user_info, $password) { @@ -125,13 +142,23 @@ class User { $user = self::getAuthenticationInfo($user_info); - if ($user['legacy_password']) { + if (strpos($user['password'], '$') === false) { + //Legacy hash that has not been replaced by a new hash yet + if (self::hashPasswordLegacy($password) === $user['password']) { + self::updatePassword($user['uid'], $password); + + return $user['uid']; + } + } elseif (!empty($user['legacy_password'])) { + //Legacy hash that has been double-hashed and not replaced by a new hash yet + //Warning: `legacy_password` is not necessary in sync with the content of `password` if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { self::updatePassword($user['uid'], $password); return $user['uid']; } } elseif (password_verify($password, $user['password'])) { + //New password hash if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { self::updatePassword($user['uid'], $password); } @@ -184,18 +211,11 @@ class User ] ); } else { - $user = dba::fetch_first('SELECT `uid`, `password`, `legacy_password` - FROM `user` - WHERE (`email` = ? OR `username` = ? OR `nickname` = ?) - AND `blocked` = 0 - AND `account_expired` = 0 - AND `account_removed` = 0 - AND `verified` = 1 - LIMIT 1', - $user_info, - $user_info, - $user_info - ); + $fields = ['uid', 'password', 'legacy_password']; + $condition = ["(`email` = ? OR `username` = ? OR `nickname` = ?) + AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`", + $user_info, $user_info, $user_info]; + $user = dba::selectFirst('user', $fields, $condition); } if (!DBM::is_result($user)) { @@ -216,6 +236,17 @@ class User return autoname(6) . mt_rand(100, 9999); } + /** + * Checks if the provided plaintext password has been exposed or not + * + * @param string $password + * @return bool + */ + public static function isPasswordExposed($password) + { + return password_exposed($password) === PasswordStatus::EXPOSED; + } + /** * Legacy hashing function, kept for password migration purposes * @@ -235,6 +266,10 @@ class User */ public static function hashPassword($password) { + if (!trim($password)) { + throw new Exception(L10n::t('Password can\'t be empty')); + } + return password_hash($password, PASSWORD_DEFAULT); } @@ -269,6 +304,33 @@ class User return dba::update('user', $fields, ['uid' => $uid]); } + /** + * @brief Checks if a nickname is in the list of the forbidden nicknames + * + * Check if a nickname is forbidden from registration on the node by the + * admin. Forbidden nicknames (e.g. role namess) can be configured in the + * admin panel. + * + * @param string $nickname The nickname that should be checked + * @return boolean True is the nickname is blocked on the node + */ + public static function isNicknameBlocked($nickname) + { + $forbidden_nicknames = Config::get('system', 'forbidden_nicknames', ''); + // if the config variable is empty return false + if (!x($forbidden_nicknames)) { + return false; + } + // check if the nickname is in the list of blocked nicknames + $forbidden = explode(',', $forbidden_nicknames); + $forbidden = array_map('trim', $forbidden); + if (in_array(strtolower($nickname), $forbidden)) { + return true; + } + // else return false + return false; + } + /** * @brief Catch-all user creation function * @@ -304,6 +366,7 @@ class User $confirm = x($data, 'confirm') ? trim($data['confirm']) : ''; $blocked = x($data, 'blocked') ? intval($data['blocked']) : 0; $verified = x($data, 'verified') ? intval($data['verified']) : 0; + $language = x($data, 'language') ? notags(trim($data['language'])) : 'en'; $publish = x($data, 'profile_publish_reg') && intval($data['profile_publish_reg']) ? 1 : 0; $netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0; @@ -332,7 +395,7 @@ class User $_SESSION['register'] = 1; $_SESSION['openid'] = $openid_url; - $openid = new LightOpenID; + $openid = new LightOpenID($a->get_hostname()); $openid->identity = $openid_url; $openid->returnUrl = System::baseUrl() . '/openid'; $openid->required = ['namePerson/friendly', 'contact/email', 'namePerson']; @@ -381,15 +444,18 @@ class User if (!valid_email($email) || !Network::isEmailDomainValid($email)) { throw new Exception(L10n::t('Not a valid email address.')); } + if (self::isNicknameBlocked($nickname)) { + throw new Exception(L10n::t('The nickname was blocked from registration by the nodes admin.')); + } - if (dba::exists('user', ['email' => $email])) { + if (Config::get('system', 'block_extended_register', false) && dba::exists('user', ['email' => $email])) { throw new Exception(L10n::t('Cannot use that email.')); } // Disallow somebody creating an account using openid that uses the admin email address, // since openid bypasses email verification. We'll allow it if there is not yet an admin account. - if (x($a->config, 'admin_email') && strlen($openid_url)) { - $adminlist = explode(',', str_replace(' ', '', strtolower($a->config['admin_email']))); + if (Config::get('config', 'admin_email') && strlen($openid_url)) { + $adminlist = explode(',', str_replace(' ', '', strtolower(Config::get('config', 'admin_email')))); if (in_array(strtolower($email), $adminlist)) { throw new Exception(L10n::t('Cannot use that email.')); } @@ -439,6 +505,7 @@ class User 'sprvkey' => $sprvkey, 'verified' => $verified, 'blocked' => $blocked, + 'language' => $language, 'timezone' => 'UTC', 'register_date' => DateTimeFormat::utcNow(), 'default-location' => '' @@ -521,7 +588,7 @@ class User if ($Image->isValid()) { $Image->scaleToSquare(175); - $hash = photo_new_resource(); + $hash = Photo::newResource(); $r = Photo::store($Image, $uid, 0, $hash, $filename, L10n::t('Profile Photos'), 4); @@ -601,11 +668,12 @@ class User ')); $body = deindent(L10n::t(' The login details are as follows: - Site Location: %3$s - Login Name: %1$s - Password: %5$s - You may change your password from your account Settings page after logging + Site Location: %3$s + Login Name: %1$s + Password: %5$s + + You may change your password from your account "Settings" page after logging in. Please take a few moments to review the other account settings on that page. @@ -614,7 +682,7 @@ class User ' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you. We recommend setting your full name, adding a profile photo, - adding some profile keywords ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and + adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and perhaps what country you live in; if you do not wish to be more specific than that. @@ -622,6 +690,7 @@ class User If you are new and do not know anybody here, they may help you to make some new and interesting friends. + If you ever want to delete your account, you can do so at %3$s/removeme Thank you and welcome to %2$s.'));