X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=83375115ecef6a61a3847454dc4840cbcae93614;hb=dc065eed42eb179be04f8e7cb5106089b4093a4f;hp=64253946fd71207f0c54b50b58c4ad76ed5ecaf5;hpb=9123361d61258a5a62bd5a2b17964f5b70eddaf1;p=friendica.git diff --git a/src/Model/User.php b/src/Model/User.php index 64253946fd..83375115ec 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -1,8 +1,10 @@ $uid]); } + /** + * Returns a user record based on it's GUID + * + * @param string $guid The guid of the user + * @param array $fields The fields to retrieve + * @param bool $active True, if only active records are searched + * + * @return array|boolean User record if it exists, false otherwise + * @throws Exception + */ + public static function getByGuid(string $guid, array $fields = [], bool $active = true) + { + if ($active) { + $cond = ['guid' => $guid, 'account_expired' => false, 'account_removed' => false]; + } else { + $cond = ['guid' => $guid]; + } + + return DBA::selectFirst('user', $fields, $cond); + } + /** * @param string $nickname * @param array $fields @@ -148,11 +173,14 @@ class User * @brief Get owner data by user id * * @param int $uid + * @param boolean $check_valid Test if data is invalid and correct it * @return boolean|array * @throws Exception */ - public static function getOwnerDataById($uid) { - $r = DBA::fetchFirst("SELECT + public static function getOwnerDataById($uid, $check_valid = true) + { + $r = DBA::fetchFirst( + "SELECT `contact`.*, `user`.`prvkey` AS `uprvkey`, `user`.`timezone`, @@ -162,7 +190,8 @@ class User `user`.`page-flags`, `user`.`account-type`, `user`.`prvnets`, - `user`.`account_removed` + `user`.`account_removed`, + `user`.`hidewall` FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid` @@ -179,12 +208,34 @@ class User return false; } + if (!$check_valid) { + return $r; + } + // Check if the returned data is valid, otherwise fix it. See issue #6122 + + // Check for correct url and normalised nurl $url = System::baseUrl() . '/profile/' . $r['nickname']; - $addr = $r['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3); + $repair = ($r['url'] != $url) || ($r['nurl'] != Strings::normaliseLink($r['url'])); - if (($addr != $r['addr']) || ($r['url'] != $url) || ($r['nurl'] != Strings::normaliseLink($r['url']))) { + if (!$repair) { + // Check if "addr" is present and correct + $addr = $r['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3); + $repair = ($addr != $r['addr']); + } + + if (!$repair) { + // Check if the avatar field is filled and the photo directs to the correct path + $avatar = Photo::selectFirst(['resource-id'], ['uid' => $uid, 'profile' => true]); + if (DBA::isResult($avatar)) { + $repair = empty($r['avatar']) || !strpos($r['photo'], $avatar['resource-id']); + } + } + + if ($repair) { Contact::updateSelfFromUserID($uid); + // Return the corrected data and avoid a loop + $r = self::getOwnerDataById($uid, false); } return $r; @@ -242,17 +293,18 @@ class User /** * Authenticate a user with a clear text password * - * @brief Authenticate a user with a clear text password - * @param mixed $user_info + * @brief Authenticate a user with a clear text password + * @param mixed $user_info * @param string $password + * @param bool $third_party * @return int|boolean * @deprecated since version 3.6 - * @see User::getIdFromPasswordAuthentication() + * @see User::getIdFromPasswordAuthentication() */ - public static function authenticate($user_info, $password) + public static function authenticate($user_info, $password, $third_party = false) { try { - return self::getIdFromPasswordAuthentication($user_info, $password); + return self::getIdFromPasswordAuthentication($user_info, $password, $third_party); } catch (Exception $ex) { return false; } @@ -262,16 +314,22 @@ class User * Returns the user id associated with a successful password authentication * * @brief Authenticate a user with a clear text password - * @param mixed $user_info + * @param mixed $user_info * @param string $password + * @param bool $third_party * @return int User Id if authentication is successful * @throws Exception */ - public static function getIdFromPasswordAuthentication($user_info, $password) + public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false) { $user = self::getAuthenticationInfo($user_info); - if (strpos($user['password'], '$') === false) { + if ($third_party && PConfig::get($user['uid'], '2fa', 'verified')) { + // Third-party apps can't verify two-factor authentication, we use app-specific passwords instead + if (AppSpecificPassword::authenticateUser($user['uid'], $password)) { + return $user['uid']; + } + } elseif (strpos($user['password'], '$') === false) { //Legacy hash that has not been replaced by a new hash yet if (self::hashPasswordLegacy($password) === $user['password']) { self::updatePasswordHashed($user['uid'], self::hashPassword($password)); @@ -322,7 +380,8 @@ class User $user = $user_info; } - if (!isset($user['uid']) + if ( + !isset($user['uid']) || !isset($user['password']) || !isset($user['legacy_password']) ) { @@ -330,7 +389,9 @@ class User } } elseif (is_int($user_info) || is_string($user_info)) { if (is_int($user_info)) { - $user = DBA::selectFirst('user', ['uid', 'password', 'legacy_password'], + $user = DBA::selectFirst( + 'user', + ['uid', 'password', 'legacy_password'], [ 'uid' => $user_info, 'blocked' => 0, @@ -341,9 +402,11 @@ class User ); } else { $fields = ['uid', 'password', 'legacy_password']; - $condition = ["(`email` = ? OR `username` = ? OR `nickname` = ?) + $condition = [ + "(`email` = ? OR `username` = ? OR `nickname` = ?) AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`", - $user_info, $user_info, $user_info]; + $user_info, $user_info, $user_info + ]; $user = DBA::selectFirst('user', $fields, $condition); } @@ -362,7 +425,7 @@ class User */ public static function generateNewPassword() { - return ucfirst(Strings::getRandomName(8)) . mt_rand(1000, 9999); + return ucfirst(Strings::getRandomName(8)) . random_int(1000, 9999); } /** @@ -370,6 +433,7 @@ class User * * @param string $password * @return bool + * @throws Exception */ public static function isPasswordExposed($password) { @@ -378,9 +442,20 @@ class User 'cacheDirectory' => get_temppath() . '/password-exposed-cache/', ]); - $PasswordExposedCHecker = new PasswordExposed\PasswordExposedChecker(null, $cache); + try { + $passwordExposedChecker = new PasswordExposed\PasswordExposedChecker(null, $cache); + + return $passwordExposedChecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED; + } catch (\Exception $e) { + Logger::error('Password Exposed Exception: ' . $e->getMessage(), [ + 'code' => $e->getCode(), + 'file' => $e->getFile(), + 'line' => $e->getLine(), + 'trace' => $e->getTraceAsString() + ]); - return $PasswordExposedCHecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED; + return false; + } } /** @@ -548,6 +623,7 @@ class User } } + /// @todo Check if this part is really needed. We should have fetched all this data in advance if (empty($username) || empty($email) || empty($nickname)) { if ($openid_url) { if (!Network::isUrlValid($openid_url)) { @@ -638,7 +714,8 @@ class User } // Check existing and deleted accounts for this nickname. - if (DBA::exists('user', ['nickname' => $nickname]) + if ( + DBA::exists('user', ['nickname' => $nickname]) || DBA::exists('userd', ['username' => $nickname]) ) { throw new Exception(L10n::t('Nickname is already registered. Please choose another.')); @@ -806,7 +883,8 @@ class User */ public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password) { - $body = Strings::deindent(L10n::t(' + $body = Strings::deindent(L10n::t( + ' Dear %1$s, Thank you for registering at %2$s. Your account is pending for approval by the administrator. @@ -816,7 +894,11 @@ class User Login Name: %4$s Password: %5$s ', - $user['username'], $sitename, $siteurl, $user['nickname'], $password + $user['username'], + $sitename, + $siteurl, + $user['nickname'], + $password )); return notification([ @@ -842,13 +924,16 @@ class User */ public static function sendRegisterOpenEmail($user, $sitename, $siteurl, $password) { - $preamble = Strings::deindent(L10n::t(' - Dear %1$s, + $preamble = Strings::deindent(L10n::t( + ' + Dear %1$s, Thank you for registering at %2$s. Your account has been created. - ', - $user['username'], $sitename + ', + $user['username'], + $sitename )); - $body = Strings::deindent(L10n::t(' + $body = Strings::deindent(L10n::t( + ' The login details are as follows: Site Location: %3$s @@ -875,7 +960,11 @@ class User If you ever want to delete your account, you can do so at %3$s/removeme Thank you and welcome to %2$s.', - $user['nickname'], $sitename, $siteurl, $user['username'], $password + $user['nickname'], + $sitename, + $siteurl, + $user['username'], + $password )); return notification([ @@ -912,7 +1001,7 @@ class User // The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php) DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]); - Worker::add(PRIORITY_HIGH, 'Notifier', 'removeme', $uid); + Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid); // Send an update to the directory $self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]); @@ -956,33 +1045,45 @@ class User if ($user['parent-uid'] == 0) { // First add our own entry - $identities = [['uid' => $user['uid'], + $identities = [[ + 'uid' => $user['uid'], 'username' => $user['username'], - 'nickname' => $user['nickname']]]; + 'nickname' => $user['nickname'] + ]]; // Then add all the children - $r = DBA::select('user', ['uid', 'username', 'nickname'], - ['parent-uid' => $user['uid'], 'account_removed' => false]); + $r = DBA::select( + 'user', + ['uid', 'username', 'nickname'], + ['parent-uid' => $user['uid'], 'account_removed' => false] + ); if (DBA::isResult($r)) { $identities = array_merge($identities, DBA::toArray($r)); } } else { // First entry is our parent - $r = DBA::select('user', ['uid', 'username', 'nickname'], - ['uid' => $user['parent-uid'], 'account_removed' => false]); + $r = DBA::select( + 'user', + ['uid', 'username', 'nickname'], + ['uid' => $user['parent-uid'], 'account_removed' => false] + ); if (DBA::isResult($r)) { $identities = DBA::toArray($r); } // Then add all siblings - $r = DBA::select('user', ['uid', 'username', 'nickname'], - ['parent-uid' => $user['parent-uid'], 'account_removed' => false]); + $r = DBA::select( + 'user', + ['uid', 'username', 'nickname'], + ['parent-uid' => $user['parent-uid'], 'account_removed' => false] + ); if (DBA::isResult($r)) { $identities = array_merge($identities, DBA::toArray($r)); } } - $r = DBA::p("SELECT `user`.`uid`, `user`.`username`, `user`.`nickname` + $r = DBA::p( + "SELECT `user`.`uid`, `user`.`username`, `user`.`nickname` FROM `manage` INNER JOIN `user` ON `manage`.`mid` = `user`.`uid` WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?", @@ -1028,13 +1129,13 @@ class User while ($user = DBA::fetch($userStmt)) { $statistics['total_users']++; - if ((strtotime($user['login_date']) > $halfyear) || - (strtotime($user['last-item']) > $halfyear)) { + if ((strtotime($user['login_date']) > $halfyear) || (strtotime($user['last-item']) > $halfyear) + ) { $statistics['active_users_halfyear']++; } - if ((strtotime($user['login_date']) > $month) || - (strtotime($user['last-item']) > $month)) { + if ((strtotime($user['login_date']) > $month) || (strtotime($user['last-item']) > $month) + ) { $statistics['active_users_monthly']++; } }