X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=602ba9b33f545aa230af6aa74d0e01fa22996400;hb=24d7ffa3fee7e3686589f29f005fb2c419c9985a;hp=a6a9fc95253efb6d64abd2eb4a30bf08ca1788dd;hpb=a16e8d97f6c2935d5a5e136362a698580db4c64a;p=friendica.git diff --git a/src/Model/User.php b/src/Model/User.php index a6a9fc9525..602ba9b33f 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -7,7 +7,6 @@ namespace Friendica\Model; use DivineOmega\PasswordExposed; use Exception; -use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\Hook; use Friendica\Core\L10n; @@ -17,6 +16,7 @@ use Friendica\Core\Protocol; use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBA; +use Friendica\Model\Photo; use Friendica\Object\Image; use Friendica\Util\Crypto; use Friendica\Util\DateTimeFormat; @@ -24,10 +24,6 @@ use Friendica\Util\Network; use Friendica\Util\Strings; use LightOpenID; -require_once 'boot.php'; -require_once 'include/dba.php'; -require_once 'include/enotify.php'; -require_once 'include/text.php'; /** * @brief This class handles User related functions */ @@ -196,7 +192,7 @@ class User if (strpos($user['password'], '$') === false) { //Legacy hash that has not been replaced by a new hash yet if (self::hashPasswordLegacy($password) === $user['password']) { - self::updatePassword($user['uid'], $password); + self::updatePasswordHashed($user['uid'], self::hashPassword($password)); return $user['uid']; } @@ -204,14 +200,14 @@ class User //Legacy hash that has been double-hashed and not replaced by a new hash yet //Warning: `legacy_password` is not necessary in sync with the content of `password` if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { - self::updatePassword($user['uid'], $password); + self::updatePasswordHashed($user['uid'], self::hashPassword($password)); return $user['uid']; } } elseif (password_verify($password, $user['password'])) { //New password hash if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { - self::updatePassword($user['uid'], $password); + self::updatePasswordHashed($user['uid'], self::hashPassword($password)); } return $user['uid']; @@ -284,7 +280,7 @@ class User */ public static function generateNewPassword() { - return Strings::getRandomName(6) . mt_rand(100, 9999); + return ucfirst(Strings::getRandomName(8)) . mt_rand(1000, 9999); } /** @@ -321,6 +317,7 @@ class User * * @param string $password * @return string + * @throws Exception */ public static function hashPassword($password) { @@ -337,9 +334,26 @@ class User * @param int $uid * @param string $password * @return bool + * @throws Exception */ public static function updatePassword($uid, $password) { + $password = trim($password); + + if (empty($password)) { + throw new Exception(L10n::t('Empty passwords are not allowed.')); + } + + if (!Config::get('system', 'disable_password_exposed', false) && self::isPasswordExposed($password)) { + throw new Exception(L10n::t('The new password has been exposed in a public data dump, please choose another.')); + } + + $allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~'; + + if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) { + throw new Exception(L10n::t('The password can\'t contain accentuated letters, white spaces or colons (:)')); + } + return self::updatePasswordHashed($uid, self::hashPassword($password)); } @@ -404,13 +418,15 @@ class User * - Create self-contact * - Create profile image * - * @param array $data - * @return string - * @throw Exception + * @param array $data + * @return array + * @throws \ErrorException + * @throws \Friendica\Network\HTTPException\InternalServerErrorException + * @throws Exception */ public static function create(array $data) { - $a = get_app(); + $a = \get_app(); $return = ['user' => null, 'password' => '']; $using_invites = Config::get('system', 'invitation_only'); @@ -685,12 +701,12 @@ class User } if (!$photo_failure) { - DBA::update('photo', ['profile' => 1], ['resource-id' => $hash]); + Photo::update(['profile' => 1], ['resource-id' => $hash]); } } } - Addon::callHooks('register_account', $uid); + Hook::callAll('register_account', $uid); $return['user'] = $user; return $return; @@ -775,7 +791,7 @@ class User If you ever want to delete your account, you can do so at %3$s/removeme Thank you and welcome to %2$s.', - $user['email'], $sitename, $siteurl, $user['username'], $password + $user['nickname'], $sitename, $siteurl, $user['username'], $password )); return notification([ @@ -799,7 +815,7 @@ class User return false; } - $a = get_app(); + $a = \get_app(); Logger::log('Removing user: ' . $uid);