X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=dc5702b6055214cafd68241b196414845b430c73;hb=1e96faca4c9825bf6a8d8a50dc37498b764b9a3d;hp=b4171de9567bb7ee8099a19b0d3ad54f8b47a9a5;hpb=6b44fbbda03af125035c185c964f10ce78f97610;p=friendica.git

diff --git a/src/Model/User.php b/src/Model/User.php
index b4171de956..dc5702b605 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -5,10 +5,11 @@
  */
 namespace Friendica\Model;
 
+use DivineOmega\PasswordExposed\PasswordStatus;
 use Friendica\Core\Addon;
 use Friendica\Core\Config;
-use Friendica\Core\PConfig;
 use Friendica\Core\L10n;
+use Friendica\Core\PConfig;
 use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBM;
@@ -17,14 +18,16 @@ use Friendica\Model\Group;
 use Friendica\Model\Photo;
 use Friendica\Object\Image;
 use Friendica\Util\Crypto;
+use Friendica\Util\DateTimeFormat;
+use Friendica\Util\Network;
 use dba;
 use Exception;
+use LightOpenID;
+use function password_exposed;
 
 require_once 'boot.php';
 require_once 'include/dba.php';
 require_once 'include/enotify.php';
-require_once 'include/network.php';
-require_once 'library/openid.php';
 require_once 'include/text.php';
 /**
  * @brief This class handles User related functions
@@ -62,6 +65,21 @@ class User
 		return $r;
 	}
 
+	/**
+	 * @brief Get owner data by nick name
+	 *
+	 * @param int $nick
+	 * @return boolean|array
+	 */
+	public static function getOwnerDataByNick($nick)
+	{
+		$user = dba::selectFirst('user', ['uid'], ['nickname' => $nick]);
+		if (!DBM::is_result($user)) {
+			return false;
+		}
+		return self::getOwnerDataById($user['uid']);
+	}
+
 	/**
 	 * @brief Returns the default group for a given user and network
 	 *
@@ -93,64 +111,54 @@ class User
 
 
 	/**
-	 * @brief Authenticate a user with a clear text password
-	 *
-	 * User info can be any of the following:
-	 * - User DB object
-	 * - User Id
-	 * - User email or username or nickname
-	 * - User array with at least the uid and the hashed password
+	 * Authenticate a user with a clear text password
 	 *
+	 * @brief Authenticate a user with a clear text password
 	 * @param mixed $user_info
 	 * @param string $password
-	 * @return boolean
+	 * @return int|boolean
+	 * @deprecated since version 3.6
+	 * @see User::getIdFromPasswordAuthentication()
 	 */
 	public static function authenticate($user_info, $password)
 	{
-		if (is_object($user_info)) {
-			$user = (array) $user_info;
-		} elseif (is_int($user_info)) {
-			$user = dba::selectFirst('user', ['uid', 'password', 'legacy_password'],
-				[
-					'uid' => $user_info,
-					'blocked' => 0,
-					'account_expired' => 0,
-					'account_removed' => 0,
-					'verified' => 1
-				]
-			);
-		} elseif (is_string($user_info)) {
-			$user = dba::fetch_first('SELECT `uid`, `password`, `legacy_password`
-				FROM `user`
-				WHERE (`email` = ? OR `username` = ? OR `nickname` = ?)
-				AND `blocked` = 0
-				AND `account_expired` = 0
-				AND `account_removed` = 0
-				AND `verified` = 1
-				LIMIT 1',
-				$user_info,
-				$user_info,
-				$user_info
-			);
-		} else {
-			$user = $user_info;
+		try {
+			return self::getIdFromPasswordAuthentication($user_info, $password);
+		} catch (Exception $ex) {
+			return false;
 		}
+	}
 
-		if (!DBM::is_result($user)
-			|| !isset($user['uid'])
-			|| !isset($user['password'])
-			|| !isset($user['legacy_password'])
-		) {
-			throw new Exception('Not enough information to authenticate');
-		}
+	/**
+	 * Returns the user id associated with a successful password authentication
+	 *
+	 * @brief Authenticate a user with a clear text password
+	 * @param mixed $user_info
+	 * @param string $password
+	 * @return int User Id if authentication is successful
+	 * @throws Exception
+	 */
+	public static function getIdFromPasswordAuthentication($user_info, $password)
+	{
+		$user = self::getAuthenticationInfo($user_info);
 
-		if ($user['legacy_password']) {
+		if (strpos($user['password'], '$') === false) {
+			//Legacy hash that has not been replaced by a new hash yet
+			if (self::hashPasswordLegacy($password) === $user['password']) {
+				self::updatePassword($user['uid'], $password);
+
+				return $user['uid'];
+			}
+		} elseif (!empty($user['legacy_password'])) {
+			//Legacy hash that has been double-hashed and not replaced by a new hash yet
+			//Warning: `legacy_password` is not necessary in sync with the content of `password`
 			if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
 				self::updatePassword($user['uid'], $password);
 
 				return $user['uid'];
 			}
 		} elseif (password_verify($password, $user['password'])) {
+			//New password hash
 			if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
 				self::updatePassword($user['uid'], $password);
 			}
@@ -158,7 +166,64 @@ class User
 			return $user['uid'];
 		}
 
-		return false;
+		throw new Exception(L10n::t('Login failed'));
+	}
+
+	/**
+	 * Returns authentication info from various parameters types
+	 *
+	 * User info can be any of the following:
+	 * - User DB object
+	 * - User Id
+	 * - User email or username or nickname
+	 * - User array with at least the uid and the hashed password
+	 *
+	 * @param mixed $user_info
+	 * @return array
+	 * @throws Exception
+	 */
+	private static function getAuthenticationInfo($user_info)
+	{
+		$user = null;
+
+		if (is_object($user_info) || is_array($user_info)) {
+			if (is_object($user_info)) {
+				$user = (array) $user_info;
+			} else {
+				$user = $user_info;
+			}
+
+			if (!isset($user['uid'])
+				|| !isset($user['password'])
+				|| !isset($user['legacy_password'])
+			) {
+				throw new Exception(L10n::t('Not enough information to authenticate'));
+			}
+		} elseif (is_int($user_info) || is_string($user_info)) {
+			if (is_int($user_info)) {
+				$user = dba::selectFirst('user', ['uid', 'password', 'legacy_password'],
+					[
+						'uid' => $user_info,
+						'blocked' => 0,
+						'account_expired' => 0,
+						'account_removed' => 0,
+						'verified' => 1
+					]
+				);
+			} else {
+				$fields = ['uid', 'password', 'legacy_password'];
+				$condition = ["(`email` = ? OR `username` = ? OR `nickname` = ?)
+					AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
+					$user_info, $user_info, $user_info];
+				$user = dba::selectFirst('user', $fields, $condition);
+			}
+
+			if (!DBM::is_result($user)) {
+				throw new Exception(L10n::t('User not found'));
+			}
+		}
+
+		return $user;
 	}
 
 	/**
@@ -171,6 +236,17 @@ class User
 		return autoname(6) . mt_rand(100, 9999);
 	}
 
+	/**
+	 * Checks if the provided plaintext password has been exposed or not
+	 *
+	 * @param string $password
+	 * @return bool
+	 */
+	public static function isPasswordExposed($password)
+	{
+		return password_exposed($password) === PasswordStatus::EXPOSED;
+	}
+
 	/**
 	 * Legacy hashing function, kept for password migration purposes
 	 *
@@ -190,6 +266,10 @@ class User
 	 */
 	public static function hashPassword($password)
 	{
+		if (!trim($password)) {
+			throw new Exception(L10n::t('Password can\'t be empty'));
+		}
+
 		return password_hash($password, PASSWORD_DEFAULT);
 	}
 
@@ -224,6 +304,33 @@ class User
 		return dba::update('user', $fields, ['uid' => $uid]);
 	}
 
+	/**
+	 * @brief Checks if a nickname is in the list of the forbidden nicknames
+	 *
+	 * Check if a nickname is forbidden from registration on the node by the
+	 * admin. Forbidden nicknames (e.g. role namess) can be configured in the
+	 * admin panel.
+	 *
+	 * @param string $nickname The nickname that should be checked
+	 * @return boolean True is the nickname is blocked on the node
+	 */
+	public static function isNicknameBlocked($nickname)
+	{
+		$forbidden_nicknames = Config::get('system', 'forbidden_nicknames', '');
+		// if the config variable is empty return false
+		if (!x($forbidden_nicknames)) {
+			return false;
+		}
+		// check if the nickname is in the list of blocked nicknames
+		$forbidden = explode(',', $forbidden_nicknames);
+		$forbidden = array_map('trim', $forbidden);
+		if (in_array(strtolower($nickname), $forbidden)) {
+			return true;
+		}
+		// else return false
+		return false;
+	}
+
 	/**
 	 * @brief Catch-all user creation function
 	 *
@@ -259,6 +366,7 @@ class User
 		$confirm    = x($data, 'confirm')    ? trim($data['confirm'])            : '';
 		$blocked    = x($data, 'blocked')    ? intval($data['blocked'])          : 0;
 		$verified   = x($data, 'verified')   ? intval($data['verified'])         : 0;
+		$language   = x($data, 'language')   ? notags(trim($data['language'])) : 'en';
 
 		$publish = x($data, 'profile_publish_reg') && intval($data['profile_publish_reg']) ? 1 : 0;
 		$netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0;
@@ -281,13 +389,13 @@ class User
 
 		if (!x($username) || !x($email) || !x($nickname)) {
 			if ($openid_url) {
-				if (!validate_url($openid_url)) {
+				if (!Network::isUrlValid($openid_url)) {
 					throw new Exception(L10n::t('Invalid OpenID url'));
 				}
 				$_SESSION['register'] = 1;
 				$_SESSION['openid'] = $openid_url;
 
-				$openid = new \LightOpenID;
+				$openid = new LightOpenID($a->get_hostname());
 				$openid->identity = $openid_url;
 				$openid->returnUrl = System::baseUrl() . '/openid';
 				$openid->required = ['namePerson/friendly', 'contact/email', 'namePerson'];
@@ -304,7 +412,7 @@ class User
 			throw new Exception(L10n::t('Please enter the required information.'));
 		}
 
-		if (!validate_url($openid_url)) {
+		if (!Network::isUrlValid($openid_url)) {
 			$openid_url = '';
 		}
 
@@ -329,15 +437,18 @@ class User
 			}
 		}
 
-		if (!allowed_email($email)) {
+		if (!Network::isEmailDomainAllowed($email)) {
 			throw new Exception(L10n::t('Your email domain is not among those allowed on this site.'));
 		}
 
-		if (!valid_email($email) || !validate_email($email)) {
+		if (!valid_email($email) || !Network::isEmailDomainValid($email)) {
 			throw new Exception(L10n::t('Not a valid email address.'));
 		}
+		if (self::isNicknameBlocked($nickname)) {
+			throw new Exception(L10n::t('The nickname was blocked from registration by the nodes admin.'));
+		}
 
-		if (dba::exists('user', ['email' => $email])) {
+		if (Config::get('system', 'block_extended_register', false) && dba::exists('user', ['email' => $email])) {
 			throw new Exception(L10n::t('Cannot use that email.'));
 		}
 
@@ -353,7 +464,7 @@ class User
 		$nickname = $data['nickname'] = strtolower($nickname);
 
 		if (!preg_match('/^[a-z0-9][a-z0-9\_]*$/', $nickname)) {
-			throw new Exception(L10n::t('Your "nickname" can only contain "a-z", "0-9" and "_".'));
+			throw new Exception(L10n::t('Your nickname can only contain a-z, 0-9 and _.'));
 		}
 
 		// Check existing and deleted accounts for this nickname.
@@ -394,8 +505,9 @@ class User
 			'sprvkey'  => $sprvkey,
 			'verified' => $verified,
 			'blocked'  => $blocked,
+			'language' => $language,
 			'timezone' => 'UTC',
-			'register_date' => datetime_convert(),
+			'register_date' => DateTimeFormat::utcNow(),
 			'default-location' => ''
 		]);
 
@@ -460,7 +572,7 @@ class User
 
 		// if we have no OpenID photo try to look up an avatar
 		if (!strlen($photo)) {
-			$photo = avatar_img($email);
+			$photo = Network::lookupAvatarByEmail($email);
 		}
 
 		// unless there is no avatar-addon loaded
@@ -468,7 +580,7 @@ class User
 			$photo_failure = false;
 
 			$filename = basename($photo);
-			$img_str = fetch_url($photo, true);
+			$img_str = Network::fetchUrl($photo, true);
 			// guess mimetype from headers or filename
 			$type = Image::guessType($photo, true);
 
@@ -476,7 +588,7 @@ class User
 			if ($Image->isValid()) {
 				$Image->scaleToSquare(175);
 
-				$hash = photo_new_resource();
+				$hash = Photo::newResource();
 
 				$r = Photo::store($Image, $uid, 0, $hash, $filename, L10n::t('Profile Photos'), 4);
 
@@ -556,9 +668,10 @@ class User
 		'));
 		$body = deindent(L10n::t('
 			The login details are as follows:
-				Site Location:	%3$s
-				Login Name:	%1$s
-				Password:	%5$s
+
+			Site Location:	%3$s
+			Login Name:		%1$s
+			Password:		%5$s
 
 			You may change your password from your account "Settings" page after logging
 			in.
@@ -566,10 +679,10 @@ class User
 			Please take a few moments to review the other account settings on that page.
 
 			You may also wish to add some basic information to your default profile
-			(on the "Profiles" page) so that other people can easily find you.
+			' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you.
 
 			We recommend setting your full name, adding a profile photo,
-			adding some profile "keywords" (very useful in making new friends) - and
+			adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and
 			perhaps what country you live in; if you do not wish to be more specific
 			than that.
 
@@ -577,6 +690,7 @@ class User
 			If you are new and do not know anybody here, they may help
 			you to make some new and interesting friends.
 
+			If you ever want to delete your account, you can do so at %3$s/removeme
 
 			Thank you and welcome to %2$s.'));
 
@@ -612,7 +726,7 @@ class User
 		dba::insert('userd', ['username' => $user['nickname']]);
 
 		// The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php)
-		dba::update('user', ['account_removed' => true, 'account_expires_on' => datetime_convert()], ['uid' => $uid]);
+		dba::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utcNow()], ['uid' => $uid]);
 		Worker::add(PRIORITY_HIGH, "Notifier", "removeme", $uid);
 
 		// Send an update to the directory