X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=83375115ecef6a61a3847454dc4840cbcae93614;hb=dc065eed42eb179be04f8e7cb5106089b4093a4f;hp=a1a722f4cc024edd3d7f8426ff58bc3c58cda5b7;hpb=1f7ffce07a686e668f213cf0e6d8adbbc2e1bbe9;p=friendica.git

diff --git a/src/Model/User.php b/src/Model/User.php
index a1a722f4cc..83375115ec 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -1,13 +1,14 @@
 <?php
+
 /**
  * @file src/Model/User.php
  * @brief This file includes the User class with user related database functions
  */
+
 namespace Friendica\Model;
 
 use DivineOmega\PasswordExposed;
 use Exception;
-use Friendica\Core\Addon;
 use Friendica\Core\Config;
 use Friendica\Core\Hook;
 use Friendica\Core\L10n;
@@ -17,11 +18,13 @@ use Friendica\Core\Protocol;
 use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
+use Friendica\Model\TwoFactor\AppSpecificPassword;
 use Friendica\Object\Image;
 use Friendica\Util\Crypto;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Network;
 use Friendica\Util\Strings;
+use Friendica\Worker\Delivery;
 use LightOpenID;
 
 /**
@@ -29,11 +32,61 @@ use LightOpenID;
  */
 class User
 {
+	/**
+	 * Page/profile types
+	 *
+	 * PAGE_FLAGS_NORMAL is a typical personal profile account
+	 * PAGE_FLAGS_SOAPBOX automatically approves all friend requests as Contact::SHARING, (readonly)
+	 * PAGE_FLAGS_COMMUNITY automatically approves all friend requests as Contact::SHARING, but with
+	 *      write access to wall and comments (no email and not included in page owner's ACL lists)
+	 * PAGE_FLAGS_FREELOVE automatically approves all friend requests as full friends (Contact::FRIEND).
+	 *
+	 * @{
+	 */
+	const PAGE_FLAGS_NORMAL    = 0;
+	const PAGE_FLAGS_SOAPBOX   = 1;
+	const PAGE_FLAGS_COMMUNITY = 2;
+	const PAGE_FLAGS_FREELOVE  = 3;
+	const PAGE_FLAGS_BLOG      = 4;
+	const PAGE_FLAGS_PRVGROUP  = 5;
+	/**
+	 * @}
+	 */
+
+	/**
+	 * Account types
+	 *
+	 * ACCOUNT_TYPE_PERSON - the account belongs to a person
+	 *	Associated page types: PAGE_FLAGS_NORMAL, PAGE_FLAGS_SOAPBOX, PAGE_FLAGS_FREELOVE
+	 *
+	 * ACCOUNT_TYPE_ORGANISATION - the account belongs to an organisation
+	 *	Associated page type: PAGE_FLAGS_SOAPBOX
+	 *
+	 * ACCOUNT_TYPE_NEWS - the account is a news reflector
+	 *	Associated page type: PAGE_FLAGS_SOAPBOX
+	 *
+	 * ACCOUNT_TYPE_COMMUNITY - the account is community forum
+	 *	Associated page types: PAGE_COMMUNITY, PAGE_FLAGS_PRVGROUP
+	 *
+	 * ACCOUNT_TYPE_RELAY - the account is a relay
+	 *      This will only be assigned to contacts, not to user accounts
+	 * @{
+	 */
+	const ACCOUNT_TYPE_PERSON =       0;
+	const ACCOUNT_TYPE_ORGANISATION = 1;
+	const ACCOUNT_TYPE_NEWS =         2;
+	const ACCOUNT_TYPE_COMMUNITY =    3;
+	const ACCOUNT_TYPE_RELAY =        4;
+	/**
+	 * @}
+	 */
+
 	/**
 	 * Returns true if a user record exists with the provided id
 	 *
 	 * @param  integer $uid
 	 * @return boolean
+	 * @throws Exception
 	 */
 	public static function exists($uid)
 	{
@@ -42,11 +95,45 @@ class User
 
 	/**
 	 * @param  integer       $uid
+	 * @param array          $fields
+	 * @return array|boolean User record if it exists, false otherwise
+	 * @throws Exception
+	 */
+	public static function getById($uid, array $fields = [])
+	{
+		return DBA::selectFirst('user', $fields, ['uid' => $uid]);
+	}
+
+	/**
+	 * Returns a user record based on it's GUID
+	 *
+	 * @param string $guid   The guid of the user
+	 * @param array  $fields The fields to retrieve
+	 * @param bool   $active True, if only active records are searched
+	 *
 	 * @return array|boolean User record if it exists, false otherwise
+	 * @throws Exception
 	 */
-	public static function getById($uid)
+	public static function getByGuid(string $guid, array $fields = [], bool $active = true)
 	{
-		return DBA::selectFirst('user', [], ['uid' => $uid]);
+		if ($active) {
+			$cond = ['guid' => $guid, 'account_expired' => false, 'account_removed' => false];
+		} else {
+			$cond = ['guid' => $guid];
+		}
+
+		return DBA::selectFirst('user', $fields, $cond);
+	}
+
+	/**
+	 * @param  string        $nickname
+	 * @param array          $fields
+	 * @return array|boolean User record if it exists, false otherwise
+	 * @throws Exception
+	 */
+	public static function getByNickname($nickname, array $fields = [])
+	{
+		return DBA::selectFirst('user', $fields, ['nickname' => $nickname]);
 	}
 
 	/**
@@ -55,6 +142,7 @@ class User
 	 * @param string $url
 	 *
 	 * @return integer user id
+	 * @throws Exception
 	 */
 	public static function getIdForURL($url)
 	{
@@ -66,14 +154,33 @@ class User
 		}
 	}
 
+	/**
+	 * Get a user based on its email
+	 *
+	 * @param string        $email
+	 * @param array          $fields
+	 *
+	 * @return array|boolean User record if it exists, false otherwise
+	 *
+	 * @throws Exception
+	 */
+	public static function getByEmail($email, array $fields = [])
+	{
+		return DBA::selectFirst('user', $fields, ['email' => $email]);
+	}
+
 	/**
 	 * @brief Get owner data by user id
 	 *
 	 * @param int $uid
+	 * @param boolean $check_valid Test if data is invalid and correct it
 	 * @return boolean|array
+	 * @throws Exception
 	 */
-	public static function getOwnerDataById($uid) {
-		$r = DBA::fetchFirst("SELECT
+	public static function getOwnerDataById($uid, $check_valid = true)
+	{
+		$r = DBA::fetchFirst(
+			"SELECT
 			`contact`.*,
 			`user`.`prvkey` AS `uprvkey`,
 			`user`.`timezone`,
@@ -82,7 +189,9 @@ class User
 			`user`.`spubkey`,
 			`user`.`page-flags`,
 			`user`.`account-type`,
-			`user`.`prvnets`
+			`user`.`prvnets`,
+			`user`.`account_removed`,
+			`user`.`hidewall`
 			FROM `contact`
 			INNER JOIN `user`
 				ON `user`.`uid` = `contact`.`uid`
@@ -99,12 +208,34 @@ class User
 			return false;
 		}
 
+		if (!$check_valid) {
+			return $r;
+		}
+
 		// Check if the returned data is valid, otherwise fix it. See issue #6122
+
+		// Check for correct url and normalised nurl
 		$url = System::baseUrl() . '/profile/' . $r['nickname'];
-		$addr = $r['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3);
+		$repair = ($r['url'] != $url) || ($r['nurl'] != Strings::normaliseLink($r['url']));
+
+		if (!$repair) {
+			// Check if "addr" is present and correct
+			$addr = $r['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3);
+			$repair = ($addr != $r['addr']);
+		}
 
-		if (($addr != $r['addr']) || ($r['url'] != $url) || ($r['nurl'] != Strings::normaliseLink($r['url']))) {
+		if (!$repair) {
+			// Check if the avatar field is filled and the photo directs to the correct path
+			$avatar = Photo::selectFirst(['resource-id'], ['uid' => $uid, 'profile' => true]);
+			if (DBA::isResult($avatar)) {
+				$repair = empty($r['avatar']) || !strpos($r['photo'], $avatar['resource-id']);
+			}
+		}
+
+		if ($repair) {
 			Contact::updateSelfFromUserID($uid);
+			// Return the corrected data and avoid a loop
+			$r = self::getOwnerDataById($uid, false);
 		}
 
 		return $r;
@@ -115,6 +246,7 @@ class User
 	 *
 	 * @param int $nick
 	 * @return boolean|array
+	 * @throws Exception
 	 */
 	public static function getOwnerDataByNick($nick)
 	{
@@ -134,6 +266,7 @@ class User
 	 * @param string $network network name
 	 *
 	 * @return int group id
+	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 	 */
 	public static function getDefaultGroup($uid, $network = '')
 	{
@@ -160,17 +293,18 @@ class User
 	/**
 	 * Authenticate a user with a clear text password
 	 *
-	 * @brief Authenticate a user with a clear text password
-	 * @param mixed $user_info
+	 * @brief      Authenticate a user with a clear text password
+	 * @param mixed  $user_info
 	 * @param string $password
+	 * @param bool   $third_party
 	 * @return int|boolean
 	 * @deprecated since version 3.6
-	 * @see User::getIdFromPasswordAuthentication()
+	 * @see        User::getIdFromPasswordAuthentication()
 	 */
-	public static function authenticate($user_info, $password)
+	public static function authenticate($user_info, $password, $third_party = false)
 	{
 		try {
-			return self::getIdFromPasswordAuthentication($user_info, $password);
+			return self::getIdFromPasswordAuthentication($user_info, $password, $third_party);
 		} catch (Exception $ex) {
 			return false;
 		}
@@ -180,19 +314,25 @@ class User
 	 * Returns the user id associated with a successful password authentication
 	 *
 	 * @brief Authenticate a user with a clear text password
-	 * @param mixed $user_info
+	 * @param mixed  $user_info
 	 * @param string $password
+	 * @param bool   $third_party
 	 * @return int User Id if authentication is successful
 	 * @throws Exception
 	 */
-	public static function getIdFromPasswordAuthentication($user_info, $password)
+	public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
 	{
 		$user = self::getAuthenticationInfo($user_info);
 
-		if (strpos($user['password'], '$') === false) {
+		if ($third_party && PConfig::get($user['uid'], '2fa', 'verified')) {
+			// Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
+			if (AppSpecificPassword::authenticateUser($user['uid'], $password)) {
+				return $user['uid'];
+			}
+		} elseif (strpos($user['password'], '$') === false) {
 			//Legacy hash that has not been replaced by a new hash yet
 			if (self::hashPasswordLegacy($password) === $user['password']) {
-				self::updatePassword($user['uid'], $password);
+				self::updatePasswordHashed($user['uid'], self::hashPassword($password));
 
 				return $user['uid'];
 			}
@@ -200,14 +340,14 @@ class User
 			//Legacy hash that has been double-hashed and not replaced by a new hash yet
 			//Warning: `legacy_password` is not necessary in sync with the content of `password`
 			if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
-				self::updatePassword($user['uid'], $password);
+				self::updatePasswordHashed($user['uid'], self::hashPassword($password));
 
 				return $user['uid'];
 			}
 		} elseif (password_verify($password, $user['password'])) {
 			//New password hash
 			if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
-				self::updatePassword($user['uid'], $password);
+				self::updatePasswordHashed($user['uid'], self::hashPassword($password));
 			}
 
 			return $user['uid'];
@@ -240,7 +380,8 @@ class User
 				$user = $user_info;
 			}
 
-			if (!isset($user['uid'])
+			if (
+				!isset($user['uid'])
 				|| !isset($user['password'])
 				|| !isset($user['legacy_password'])
 			) {
@@ -248,7 +389,9 @@ class User
 			}
 		} elseif (is_int($user_info) || is_string($user_info)) {
 			if (is_int($user_info)) {
-				$user = DBA::selectFirst('user', ['uid', 'password', 'legacy_password'],
+				$user = DBA::selectFirst(
+					'user',
+					['uid', 'password', 'legacy_password'],
 					[
 						'uid' => $user_info,
 						'blocked' => 0,
@@ -259,9 +402,11 @@ class User
 				);
 			} else {
 				$fields = ['uid', 'password', 'legacy_password'];
-				$condition = ["(`email` = ? OR `username` = ? OR `nickname` = ?)
+				$condition = [
+					"(`email` = ? OR `username` = ? OR `nickname` = ?)
 					AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
-					$user_info, $user_info, $user_info];
+					$user_info, $user_info, $user_info
+				];
 				$user = DBA::selectFirst('user', $fields, $condition);
 			}
 
@@ -280,7 +425,7 @@ class User
 	 */
 	public static function generateNewPassword()
 	{
-		return Strings::getRandomName(6) . mt_rand(100, 9999);
+		return ucfirst(Strings::getRandomName(8)) . random_int(1000, 9999);
 	}
 
 	/**
@@ -288,6 +433,7 @@ class User
 	 *
 	 * @param string $password
 	 * @return bool
+	 * @throws Exception
 	 */
 	public static function isPasswordExposed($password)
 	{
@@ -296,9 +442,20 @@ class User
 			'cacheDirectory' => get_temppath() . '/password-exposed-cache/',
 		]);
 
-		$PasswordExposedCHecker = new PasswordExposed\PasswordExposedChecker(null, $cache);
+		try {
+			$passwordExposedChecker = new PasswordExposed\PasswordExposedChecker(null, $cache);
+
+			return $passwordExposedChecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED;
+		} catch (\Exception $e) {
+			Logger::error('Password Exposed Exception: ' . $e->getMessage(), [
+				'code' => $e->getCode(),
+				'file' => $e->getFile(),
+				'line' => $e->getLine(),
+				'trace' => $e->getTraceAsString()
+			]);
 
-		return $PasswordExposedCHecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED;
+			return false;
+		}
 	}
 
 	/**
@@ -317,6 +474,7 @@ class User
 	 *
 	 * @param string $password
 	 * @return string
+	 * @throws Exception
 	 */
 	public static function hashPassword($password)
 	{
@@ -333,9 +491,26 @@ class User
 	 * @param int    $uid
 	 * @param string $password
 	 * @return bool
+	 * @throws Exception
 	 */
 	public static function updatePassword($uid, $password)
 	{
+		$password = trim($password);
+
+		if (empty($password)) {
+			throw new Exception(L10n::t('Empty passwords are not allowed.'));
+		}
+
+		if (!Config::get('system', 'disable_password_exposed', false) && self::isPasswordExposed($password)) {
+			throw new Exception(L10n::t('The new password has been exposed in a public data dump, please choose another.'));
+		}
+
+		$allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
+
+		if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) {
+			throw new Exception(L10n::t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
+		}
+
 		return self::updatePasswordHashed($uid, self::hashPassword($password));
 	}
 
@@ -346,6 +521,7 @@ class User
 	 * @param int    $uid
 	 * @param string $pasword_hashed
 	 * @return bool
+	 * @throws Exception
 	 */
 	private static function updatePasswordHashed($uid, $pasword_hashed)
 	{
@@ -367,6 +543,7 @@ class User
 	 *
 	 * @param string $nickname The nickname that should be checked
 	 * @return boolean True is the nickname is blocked on the node
+	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 	 */
 	public static function isNicknameBlocked($nickname)
 	{
@@ -400,17 +577,19 @@ class User
 	 * - Create self-contact
 	 * - Create profile image
 	 *
-	 * @param array $data
-	 * @return string
-	 * @throw Exception
+	 * @param  array $data
+	 * @return array
+	 * @throws \ErrorException
+	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
+	 * @throws \ImagickException
+	 * @throws Exception
 	 */
 	public static function create(array $data)
 	{
-		$a = get_app();
+		$a = \get_app();
 		$return = ['user' => null, 'password' => ''];
 
 		$using_invites = Config::get('system', 'invitation_only');
-		$num_invites   = Config::get('system', 'number_invites');
 
 		$invite_id  = !empty($data['invite_id'])  ? Strings::escapeTags(trim($data['invite_id']))  : '';
 		$username   = !empty($data['username'])   ? Strings::escapeTags(trim($data['username']))   : '';
@@ -444,6 +623,7 @@ class User
 			}
 		}
 
+		/// @todo Check if this part is really needed. We should have fetched all this data in advance
 		if (empty($username) || empty($email) || empty($nickname)) {
 			if ($openid_url) {
 				if (!Network::isUrlValid($openid_url)) {
@@ -473,8 +653,6 @@ class User
 			$openid_url = '';
 		}
 
-		$err = '';
-
 		// collapse multiple spaces in name
 		$username = preg_replace('/ +/', ' ', $username);
 
@@ -536,7 +714,8 @@ class User
 		}
 
 		// Check existing and deleted accounts for this nickname.
-		if (DBA::exists('user', ['nickname' => $nickname])
+		if (
+			DBA::exists('user', ['nickname' => $nickname])
 			|| DBA::exists('userd', ['username' => $nickname])
 		) {
 			throw new Exception(L10n::t('Nickname is already registered. Please choose another.'));
@@ -681,12 +860,12 @@ class User
 				}
 
 				if (!$photo_failure) {
-					DBA::update('photo', ['profile' => 1], ['resource-id' => $hash]);
+					Photo::update(['profile' => 1], ['resource-id' => $hash]);
 				}
 			}
 		}
 
-		Addon::callHooks('register_account', $uid);
+		Hook::callAll('register_account', $uid);
 
 		$return['user'] = $user;
 		return $return;
@@ -700,10 +879,12 @@ class User
 	 * @param string $siteurl
 	 * @param string $password Plaintext password
 	 * @return NULL|boolean from notification() and email() inherited
+	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 	 */
 	public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password)
 	{
-		$body = Strings::deindent(L10n::t('
+		$body = Strings::deindent(L10n::t(
+			'
 			Dear %1$s,
 				Thank you for registering at %2$s. Your account is pending for approval by the administrator.
 
@@ -713,7 +894,11 @@ class User
 			Login Name:		%4$s
 			Password:		%5$s
 		',
-			$user['username'], $sitename, $siteurl, $user['nickname'], $password
+			$user['username'],
+			$sitename,
+			$siteurl,
+			$user['nickname'],
+			$password
 		));
 
 		return notification([
@@ -735,16 +920,20 @@ class User
 	 * @param string $siteurl
 	 * @param string $password Plaintext password
 	 * @return NULL|boolean from notification() and email() inherited
+	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 	 */
 	public static function sendRegisterOpenEmail($user, $sitename, $siteurl, $password)
 	{
-		$preamble = Strings::deindent(L10n::t('
-			Dear %1$s,
+		$preamble = Strings::deindent(L10n::t(
+			'
+				Dear %1$s,
 				Thank you for registering at %2$s. Your account has been created.
-		',
-			$user['username'], $sitename
+			',
+			$user['username'],
+			$sitename
 		));
-		$body = Strings::deindent(L10n::t('
+		$body = Strings::deindent(L10n::t(
+			'
 			The login details are as follows:
 
 			Site Location:	%3$s
@@ -771,7 +960,11 @@ class User
 			If you ever want to delete your account, you can do so at %3$s/removeme
 
 			Thank you and welcome to %2$s.',
-			$user['nickname'], $sitename, $siteurl, $user['username'], $password
+			$user['nickname'],
+			$sitename,
+			$siteurl,
+			$user['username'],
+			$password
 		));
 
 		return notification([
@@ -787,7 +980,8 @@ class User
 
 	/**
 	 * @param object $uid user to remove
-	 * @return void
+	 * @return bool
+	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 	 */
 	public static function remove($uid)
 	{
@@ -795,8 +989,6 @@ class User
 			return false;
 		}
 
-		$a = get_app();
-
 		Logger::log('Removing user: ' . $uid);
 
 		$user = DBA::selectFirst('user', [], ['uid' => $uid]);
@@ -809,14 +1001,14 @@ class User
 
 		// The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php)
 		DBA::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utc('now + 7 day')], ['uid' => $uid]);
-		Worker::add(PRIORITY_HIGH, 'Notifier', 'removeme', $uid);
+		Worker::add(PRIORITY_HIGH, 'Notifier', Delivery::REMOVAL, $uid);
 
 		// Send an update to the directory
 		$self = DBA::selectFirst('contact', ['url'], ['uid' => $uid, 'self' => true]);
 		Worker::add(PRIORITY_LOW, 'Directory', $self['url']);
 
 		// Remove the user relevant data
-		Worker::add(PRIORITY_LOW, 'RemoveUser', $uid);
+		Worker::add(PRIORITY_NEGLIGIBLE, 'RemoveUser', $uid);
 
 		return true;
 	}
@@ -828,18 +1020,19 @@ class User
 	 * @return array All identities for this user
 	 *
 	 * Example for a return:
-	 * 	[
-	 * 		[
-	 * 			'uid' => 1,
-	 * 			'username' => 'maxmuster',
-	 * 			'nickname' => 'Max Mustermann'
-	 * 		],
-	 * 		[
-	 * 			'uid' => 2,
-	 * 			'username' => 'johndoe',
-	 * 			'nickname' => 'John Doe'
-	 * 		]
-	 * 	]
+	 *    [
+	 *        [
+	 *            'uid' => 1,
+	 *            'username' => 'maxmuster',
+	 *            'nickname' => 'Max Mustermann'
+	 *        ],
+	 *        [
+	 *            'uid' => 2,
+	 *            'username' => 'johndoe',
+	 *            'nickname' => 'John Doe'
+	 *        ]
+	 *    ]
+	 * @throws Exception
 	 */
 	public static function identities($uid)
 	{
@@ -852,33 +1045,45 @@ class User
 
 		if ($user['parent-uid'] == 0) {
 			// First add our own entry
-			$identities = [['uid' => $user['uid'],
+			$identities = [[
+				'uid' => $user['uid'],
 				'username' => $user['username'],
-				'nickname' => $user['nickname']]];
+				'nickname' => $user['nickname']
+			]];
 
 			// Then add all the children
-			$r = DBA::select('user', ['uid', 'username', 'nickname'],
-				['parent-uid' => $user['uid'], 'account_removed' => false]);
+			$r = DBA::select(
+				'user',
+				['uid', 'username', 'nickname'],
+				['parent-uid' => $user['uid'], 'account_removed' => false]
+			);
 			if (DBA::isResult($r)) {
 				$identities = array_merge($identities, DBA::toArray($r));
 			}
 		} else {
 			// First entry is our parent
-			$r = DBA::select('user', ['uid', 'username', 'nickname'],
-				['uid' => $user['parent-uid'], 'account_removed' => false]);
+			$r = DBA::select(
+				'user',
+				['uid', 'username', 'nickname'],
+				['uid' => $user['parent-uid'], 'account_removed' => false]
+			);
 			if (DBA::isResult($r)) {
 				$identities = DBA::toArray($r);
 			}
 
 			// Then add all siblings
-			$r = DBA::select('user', ['uid', 'username', 'nickname'],
-				['parent-uid' => $user['parent-uid'], 'account_removed' => false]);
+			$r = DBA::select(
+				'user',
+				['uid', 'username', 'nickname'],
+				['parent-uid' => $user['parent-uid'], 'account_removed' => false]
+			);
 			if (DBA::isResult($r)) {
 				$identities = array_merge($identities, DBA::toArray($r));
 			}
 		}
 
-		$r = DBA::p("SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
+		$r = DBA::p(
+			"SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
 			FROM `manage`
 			INNER JOIN `user` ON `manage`.`mid` = `user`.`uid`
 			WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?",
@@ -890,4 +1095,51 @@ class User
 
 		return $identities;
 	}
+
+	/**
+	 * Returns statistical information about the current users of this node
+	 *
+	 * @return array
+	 *
+	 * @throws Exception
+	 */
+	public static function getStatistics()
+	{
+		$statistics = [
+			'total_users'           => 0,
+			'active_users_halfyear' => 0,
+			'active_users_monthly'  => 0,
+		];
+
+		$userStmt = DBA::p("SELECT `user`.`uid`, `user`.`login_date`, `contact`.`last-item`
+			FROM `user`
+			INNER JOIN `profile` ON `profile`.`uid` = `user`.`uid` AND `profile`.`is-default`
+			INNER JOIN `contact` ON `contact`.`uid` = `user`.`uid` AND `contact`.`self`
+			WHERE (`profile`.`publish` OR `profile`.`net-publish`) AND `user`.`verified`
+				AND NOT `user`.`blocked` AND NOT `user`.`account_removed`
+				AND NOT `user`.`account_expired`");
+
+		if (!DBA::isResult($userStmt)) {
+			return $statistics;
+		}
+
+		$halfyear = time() - (180 * 24 * 60 * 60);
+		$month = time() - (30 * 24 * 60 * 60);
+
+		while ($user = DBA::fetch($userStmt)) {
+			$statistics['total_users']++;
+
+			if ((strtotime($user['login_date']) > $halfyear) || (strtotime($user['last-item']) > $halfyear)
+			) {
+				$statistics['active_users_halfyear']++;
+			}
+
+			if ((strtotime($user['login_date']) > $month) || (strtotime($user['last-item']) > $month)
+			) {
+				$statistics['active_users_monthly']++;
+			}
+		}
+
+		return $statistics;
+	}
 }