X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModel%2FUser.php;h=dc5702b6055214cafd68241b196414845b430c73;hb=1ffe0cfd818ad48f7c227915d3abf68d26d8a06c;hp=f487de7661821b72af445d27b676935d342cf652;hpb=7a6706b0f72cb4a1c1e370e8363aec7faaf6703c;p=friendica.git diff --git a/src/Model/User.php b/src/Model/User.php index f487de7661..dc5702b605 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -1,13 +1,14 @@ $nick]); + if (!DBM::is_result($user)) { + return false; + } + return self::getOwnerDataById($user['uid']); + } + /** * @brief Returns the default group for a given user and network * @@ -84,7 +100,7 @@ class User return $default_group; } - $user = dba::select('user', ['def_gid'], ['uid' => $uid], ['limit' => 1]); + $user = dba::selectFirst('user', ['def_gid'], ['uid' => $uid]); if (DBM::is_result($user)) { $default_group = $user["def_gid"]; @@ -95,7 +111,66 @@ class User /** + * Authenticate a user with a clear text password + * * @brief Authenticate a user with a clear text password + * @param mixed $user_info + * @param string $password + * @return int|boolean + * @deprecated since version 3.6 + * @see User::getIdFromPasswordAuthentication() + */ + public static function authenticate($user_info, $password) + { + try { + return self::getIdFromPasswordAuthentication($user_info, $password); + } catch (Exception $ex) { + return false; + } + } + + /** + * Returns the user id associated with a successful password authentication + * + * @brief Authenticate a user with a clear text password + * @param mixed $user_info + * @param string $password + * @return int User Id if authentication is successful + * @throws Exception + */ + public static function getIdFromPasswordAuthentication($user_info, $password) + { + $user = self::getAuthenticationInfo($user_info); + + if (strpos($user['password'], '$') === false) { + //Legacy hash that has not been replaced by a new hash yet + if (self::hashPasswordLegacy($password) === $user['password']) { + self::updatePassword($user['uid'], $password); + + return $user['uid']; + } + } elseif (!empty($user['legacy_password'])) { + //Legacy hash that has been double-hashed and not replaced by a new hash yet + //Warning: `legacy_password` is not necessary in sync with the content of `password` + if (password_verify(self::hashPasswordLegacy($password), $user['password'])) { + self::updatePassword($user['uid'], $password); + + return $user['uid']; + } + } elseif (password_verify($password, $user['password'])) { + //New password hash + if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) { + self::updatePassword($user['uid'], $password); + } + + return $user['uid']; + } + + throw new Exception(L10n::t('Login failed')); + } + + /** + * Returns authentication info from various parameters types * * User info can be any of the following: * - User DB object @@ -104,53 +179,156 @@ class User * - User array with at least the uid and the hashed password * * @param mixed $user_info - * @param string $password - * @return boolean + * @return array + * @throws Exception */ - public static function authenticate($user_info, $password) + private static function getAuthenticationInfo($user_info) { - if (is_object($user_info)) { - $user = (array) $user_info; - } elseif (is_int($user_info)) { - $user = dba::select('user', - ['uid', 'password'], - [ - 'uid' => $user_info, - 'blocked' => 0, - 'account_expired' => 0, - 'account_removed' => 0, - 'verified' => 1 - ], - ['limit' => 1] - ); - } elseif (is_string($user_info)) { - $user = dba::fetch_first('SELECT `uid`, `password` - FROM `user` - WHERE (`email` = ? OR `username` = ? OR `nickname` = ?) - AND `blocked` = 0 - AND `account_expired` = 0 - AND `account_removed` = 0 - AND `verified` = 1 - LIMIT 1', - $user_info, - $user_info, - $user_info - ); - } else { - $user = $user_info; + $user = null; + + if (is_object($user_info) || is_array($user_info)) { + if (is_object($user_info)) { + $user = (array) $user_info; + } else { + $user = $user_info; + } + + if (!isset($user['uid']) + || !isset($user['password']) + || !isset($user['legacy_password']) + ) { + throw new Exception(L10n::t('Not enough information to authenticate')); + } + } elseif (is_int($user_info) || is_string($user_info)) { + if (is_int($user_info)) { + $user = dba::selectFirst('user', ['uid', 'password', 'legacy_password'], + [ + 'uid' => $user_info, + 'blocked' => 0, + 'account_expired' => 0, + 'account_removed' => 0, + 'verified' => 1 + ] + ); + } else { + $fields = ['uid', 'password', 'legacy_password']; + $condition = ["(`email` = ? OR `username` = ? OR `nickname` = ?) + AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`", + $user_info, $user_info, $user_info]; + $user = dba::selectFirst('user', $fields, $condition); + } + + if (!DBM::is_result($user)) { + throw new Exception(L10n::t('User not found')); + } } - if (!DBM::is_result($user) || !isset($user['uid']) || !isset($user['password'])) { - return false; + return $user; + } + + /** + * Generates a human-readable random password + * + * @return string + */ + public static function generateNewPassword() + { + return autoname(6) . mt_rand(100, 9999); + } + + /** + * Checks if the provided plaintext password has been exposed or not + * + * @param string $password + * @return bool + */ + public static function isPasswordExposed($password) + { + return password_exposed($password) === PasswordStatus::EXPOSED; + } + + /** + * Legacy hashing function, kept for password migration purposes + * + * @param string $password + * @return string + */ + private static function hashPasswordLegacy($password) + { + return hash('whirlpool', $password); + } + + /** + * Global user password hashing function + * + * @param string $password + * @return string + */ + public static function hashPassword($password) + { + if (!trim($password)) { + throw new Exception(L10n::t('Password can\'t be empty')); } - $password_hashed = hash('whirlpool', $password); + return password_hash($password, PASSWORD_DEFAULT); + } + + /** + * Updates a user row with a new plaintext password + * + * @param int $uid + * @param string $password + * @return bool + */ + public static function updatePassword($uid, $password) + { + return self::updatePasswordHashed($uid, self::hashPassword($password)); + } + + /** + * Updates a user row with a new hashed password. + * Empties the password reset token field just in case. + * + * @param int $uid + * @param string $pasword_hashed + * @return bool + */ + private static function updatePasswordHashed($uid, $pasword_hashed) + { + $fields = [ + 'password' => $pasword_hashed, + 'pwdreset' => null, + 'pwdreset_time' => null, + 'legacy_password' => false + ]; + return dba::update('user', $fields, ['uid' => $uid]); + } - if ($password_hashed !== $user['password']) { + /** + * @brief Checks if a nickname is in the list of the forbidden nicknames + * + * Check if a nickname is forbidden from registration on the node by the + * admin. Forbidden nicknames (e.g. role namess) can be configured in the + * admin panel. + * + * @param string $nickname The nickname that should be checked + * @return boolean True is the nickname is blocked on the node + */ + public static function isNicknameBlocked($nickname) + { + $forbidden_nicknames = Config::get('system', 'forbidden_nicknames', ''); + // if the config variable is empty return false + if (!x($forbidden_nicknames)) { return false; } - - return $user['uid']; + // check if the nickname is in the list of blocked nicknames + $forbidden = explode(',', $forbidden_nicknames); + $forbidden = array_map('trim', $forbidden); + if (in_array(strtolower($nickname), $forbidden)) { + return true; + } + // else return false + return false; } /** @@ -188,54 +366,53 @@ class User $confirm = x($data, 'confirm') ? trim($data['confirm']) : ''; $blocked = x($data, 'blocked') ? intval($data['blocked']) : 0; $verified = x($data, 'verified') ? intval($data['verified']) : 0; + $language = x($data, 'language') ? notags(trim($data['language'])) : 'en'; $publish = x($data, 'profile_publish_reg') && intval($data['profile_publish_reg']) ? 1 : 0; $netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0; if ($password1 != $confirm) { - throw new Exception(t('Passwords do not match. Password unchanged.')); + throw new Exception(L10n::t('Passwords do not match. Password unchanged.')); } elseif ($password1 != '') { $password = $password1; } - $tmp_str = $openid_url; - if ($using_invites) { if (!$invite_id) { - throw new Exception(t('An invitation is required.')); + throw new Exception(L10n::t('An invitation is required.')); } if (!dba::exists('register', ['hash' => $invite_id])) { - throw new Exception(t('Invitation could not be verified.')); + throw new Exception(L10n::t('Invitation could not be verified.')); } } if (!x($username) || !x($email) || !x($nickname)) { if ($openid_url) { - if (!validate_url($tmp_str)) { - throw new Exception(t('Invalid OpenID url')); + if (!Network::isUrlValid($openid_url)) { + throw new Exception(L10n::t('Invalid OpenID url')); } $_SESSION['register'] = 1; $_SESSION['openid'] = $openid_url; - $openid = new \LightOpenID; + $openid = new LightOpenID($a->get_hostname()); $openid->identity = $openid_url; $openid->returnUrl = System::baseUrl() . '/openid'; - $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); - $openid->optional = array('namePerson/first', 'media/image/aspect11', 'media/image/default'); + $openid->required = ['namePerson/friendly', 'contact/email', 'namePerson']; + $openid->optional = ['namePerson/first', 'media/image/aspect11', 'media/image/default']; try { $authurl = $openid->authUrl(); } catch (Exception $e) { - throw new Exception(t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . t('The error message was:') . $e->getMessage(), 0, $e); + throw new Exception(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . L10n::t('The error message was:') . $e->getMessage(), 0, $e); } goaway($authurl); // NOTREACHED } - throw new Exception(t('Please enter the required information.')); + throw new Exception(L10n::t('Please enter the required information.')); } - if (!validate_url($tmp_str)) { + if (!Network::isUrlValid($openid_url)) { $openid_url = ''; } @@ -245,10 +422,10 @@ class User $username = preg_replace('/ +/', ' ', $username); if (mb_strlen($username) > 48) { - throw new Exception(t('Please use a shorter name.')); + throw new Exception(L10n::t('Please use a shorter name.')); } if (mb_strlen($username) < 3) { - throw new Exception(t('Name too short.')); + throw new Exception(L10n::t('Name too short.')); } // So now we are just looking for a space in the full name. @@ -256,20 +433,23 @@ class User if (!$loose_reg) { $username = mb_convert_case($username, MB_CASE_TITLE, 'UTF-8'); if (!strpos($username, ' ')) { - throw new Exception(t("That doesn't appear to be your full \x28First Last\x29 name.")); + throw new Exception(L10n::t("That doesn't appear to be your full \x28First Last\x29 name.")); } } - if (!allowed_email($email)) { - throw new Exception(t('Your email domain is not among those allowed on this site.')); + if (!Network::isEmailDomainAllowed($email)) { + throw new Exception(L10n::t('Your email domain is not among those allowed on this site.')); } - if (!valid_email($email) || !validate_email($email)) { - throw new Exception(t('Not a valid email address.')); + if (!valid_email($email) || !Network::isEmailDomainValid($email)) { + throw new Exception(L10n::t('Not a valid email address.')); + } + if (self::isNicknameBlocked($nickname)) { + throw new Exception(L10n::t('The nickname was blocked from registration by the nodes admin.')); } - if (dba::exists('user', ['email' => $email])) { - throw new Exception(t('Cannot use that email.')); + if (Config::get('system', 'block_extended_register', false) && dba::exists('user', ['email' => $email])) { + throw new Exception(L10n::t('Cannot use that email.')); } // Disallow somebody creating an account using openid that uses the admin email address, @@ -277,38 +457,38 @@ class User if (x($a->config, 'admin_email') && strlen($openid_url)) { $adminlist = explode(',', str_replace(' ', '', strtolower($a->config['admin_email']))); if (in_array(strtolower($email), $adminlist)) { - throw new Exception(t('Cannot use that email.')); + throw new Exception(L10n::t('Cannot use that email.')); } } $nickname = $data['nickname'] = strtolower($nickname); if (!preg_match('/^[a-z0-9][a-z0-9\_]*$/', $nickname)) { - throw new Exception(t('Your "nickname" can only contain "a-z", "0-9" and "_".')); + throw new Exception(L10n::t('Your nickname can only contain a-z, 0-9 and _.')); } // Check existing and deleted accounts for this nickname. if (dba::exists('user', ['nickname' => $nickname]) || dba::exists('userd', ['username' => $nickname]) ) { - throw new Exception(t('Nickname is already registered. Please choose another.')); + throw new Exception(L10n::t('Nickname is already registered. Please choose another.')); } - $new_password = strlen($password) ? $password : autoname(6) . mt_rand(100, 9999); - $new_password_encoded = hash('whirlpool', $new_password); + $new_password = strlen($password) ? $password : User::generateNewPassword(); + $new_password_encoded = self::hashPassword($new_password); $return['password'] = $new_password; - $keys = new_keypair(4096); + $keys = Crypto::newKeypair(4096); if ($keys === false) { - throw new Exception(t('SERIOUS ERROR: Generation of security keys failed.')); + throw new Exception(L10n::t('SERIOUS ERROR: Generation of security keys failed.')); } $prvkey = $keys['prvkey']; $pubkey = $keys['pubkey']; // Create another keypair for signing/verifying salmon protocol messages. - $sres = new_keypair(512); + $sres = Crypto::newKeypair(512); $sprvkey = $sres['prvkey']; $spubkey = $sres['pubkey']; @@ -325,20 +505,21 @@ class User 'sprvkey' => $sprvkey, 'verified' => $verified, 'blocked' => $blocked, + 'language' => $language, 'timezone' => 'UTC', - 'register_date' => datetime_convert(), + 'register_date' => DateTimeFormat::utcNow(), 'default-location' => '' ]); if ($insert_result) { $uid = dba::lastInsertId(); - $user = dba::select('user', [], ['uid' => $uid], ['limit' => 1]); + $user = dba::selectFirst('user', [], ['uid' => $uid]); } else { - throw new Exception(t('An error occurred during registration. Please try again.')); + throw new Exception(L10n::t('An error occurred during registration. Please try again.')); } if (!$uid) { - throw new Exception(t('An error occurred during registration. Please try again.')); + throw new Exception(L10n::t('An error occurred during registration. Please try again.')); } // if somebody clicked submit twice very quickly, they could end up with two accounts @@ -347,7 +528,7 @@ class User if ($user_count > 1) { dba::delete('user', ['uid' => $uid]); - throw new Exception(t('Nickname is already registered. Please choose another.')); + throw new Exception(L10n::t('Nickname is already registered. Please choose another.')); } $insert_result = dba::insert('profile', [ @@ -358,28 +539,28 @@ class User 'publish' => $publish, 'is-default' => 1, 'net-publish' => $netpublish, - 'profile-name' => t('default') + 'profile-name' => L10n::t('default') ]); if (!$insert_result) { dba::delete('user', ['uid' => $uid]); - throw new Exception(t('An error occurred creating your default profile. Please try again.')); + throw new Exception(L10n::t('An error occurred creating your default profile. Please try again.')); } // Create the self contact if (!Contact::createSelfFromUserId($uid)) { dba::delete('user', ['uid' => $uid]); - throw new Exception(t('An error occurred creating your self contact. Please try again.')); + throw new Exception(L10n::t('An error occurred creating your self contact. Please try again.')); } // Create a group with no members. This allows somebody to use it // right away as a default group for new contacts. - $def_gid = Group::create($uid, t('Friends')); + $def_gid = Group::create($uid, L10n::t('Friends')); if (!$def_gid) { dba::delete('user', ['uid' => $uid]); - throw new Exception(t('An error occurred creating your default contact group. Please try again.')); + throw new Exception(L10n::t('An error occurred creating your default contact group. Please try again.')); } $fields = ['def_gid' => $def_gid]; @@ -391,15 +572,15 @@ class User // if we have no OpenID photo try to look up an avatar if (!strlen($photo)) { - $photo = avatar_img($email); + $photo = Network::lookupAvatarByEmail($email); } - // unless there is no avatar-plugin loaded + // unless there is no avatar-addon loaded if (strlen($photo)) { $photo_failure = false; $filename = basename($photo); - $img_str = fetch_url($photo, true); + $img_str = Network::fetchUrl($photo, true); // guess mimetype from headers or filename $type = Image::guessType($photo, true); @@ -407,9 +588,9 @@ class User if ($Image->isValid()) { $Image->scaleToSquare(175); - $hash = photo_new_resource(); + $hash = Photo::newResource(); - $r = Photo::store($Image, $uid, 0, $hash, $filename, t('Profile Photos'), 4); + $r = Photo::store($Image, $uid, 0, $hash, $filename, L10n::t('Profile Photos'), 4); if ($r === false) { $photo_failure = true; @@ -417,7 +598,7 @@ class User $Image->scaleDown(80); - $r = Photo::store($Image, $uid, 0, $hash, $filename, t('Profile Photos'), 5); + $r = Photo::store($Image, $uid, 0, $hash, $filename, L10n::t('Profile Photos'), 5); if ($r === false) { $photo_failure = true; @@ -425,7 +606,7 @@ class User $Image->scaleDown(48); - $r = Photo::store($Image, $uid, 0, $hash, $filename, t('Profile Photos'), 6); + $r = Photo::store($Image, $uid, 0, $hash, $filename, L10n::t('Profile Photos'), 6); if ($r === false) { $photo_failure = true; @@ -437,7 +618,7 @@ class User } } - call_hooks('register_account', $uid); + Addon::callHooks('register_account', $uid); $return['user'] = $user; return $return; @@ -453,18 +634,18 @@ class User */ public static function sendRegisterPendingEmail($email, $sitename, $username) { - $body = deindent(t(' + $body = deindent(L10n::t(' Dear %1$s, Thank you for registering at %2$s. Your account is pending for approval by the administrator. ')); $body = sprintf($body, $username, $sitename); - return notification(array( + return notification([ 'type' => SYSTEM_EMAIL, 'to_email' => $email, - 'subject'=> sprintf( t('Registration at %s'), $sitename), - 'body' => $body)); + 'subject'=> L10n::t('Registration at %s', $sitename), + 'body' => $body]); } /** @@ -481,15 +662,16 @@ class User */ public static function sendRegisterOpenEmail($email, $sitename, $siteurl, $username, $password) { - $preamble = deindent(t(' + $preamble = deindent(L10n::t(' Dear %1$s, Thank you for registering at %2$s. Your account has been created. ')); - $body = deindent(t(' + $body = deindent(L10n::t(' The login details are as follows: - Site Location: %3$s - Login Name: %1$s - Password: %5$s + + Site Location: %3$s + Login Name: %1$s + Password: %5$s You may change your password from your account "Settings" page after logging in. @@ -497,10 +679,10 @@ class User Please take a few moments to review the other account settings on that page. You may also wish to add some basic information to your default profile - (on the "Profiles" page) so that other people can easily find you. + ' . "\x28" . 'on the "Profiles" page' . "\x29" . ' so that other people can easily find you. We recommend setting your full name, adding a profile photo, - adding some profile "keywords" (very useful in making new friends) - and + adding some profile "keywords" ' . "\x28" . 'very useful in making new friends' . "\x29" . ' - and perhaps what country you live in; if you do not wish to be more specific than that. @@ -508,18 +690,19 @@ class User If you are new and do not know anybody here, they may help you to make some new and interesting friends. + If you ever want to delete your account, you can do so at %3$s/removeme Thank you and welcome to %2$s.')); $preamble = sprintf($preamble, $username, $sitename); $body = sprintf($body, $email, $sitename, $siteurl, $username, $password); - return notification(array( + return notification([ 'type' => SYSTEM_EMAIL, 'to_email' => $email, - 'subject'=> sprintf( t('Registration details for %s'), $sitename), + 'subject'=> L10n::t('Registration details for %s', $sitename), 'preamble'=> $preamble, - 'body' => $body)); + 'body' => $body]); } /** @@ -534,16 +717,16 @@ class User logger('Removing user: ' . $uid); - $user = dba::select('user', [], ['uid' => $uid], ['limit' => 1]); + $user = dba::selectFirst('user', [], ['uid' => $uid]); - call_hooks('remove_user', $user); + Addon::callHooks('remove_user', $user); // save username (actually the nickname as it is guaranteed // unique), so it cannot be re-registered in the future. dba::insert('userd', ['username' => $user['nickname']]); // The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php) - dba::update('user', ['account_removed' => true, 'account_expires_on' => datetime_convert()], ['uid' => $uid]); + dba::update('user', ['account_removed' => true, 'account_expires_on' => DateTimeFormat::utcNow()], ['uid' => $uid]); Worker::add(PRIORITY_HIGH, "Notifier", "removeme", $uid); // Send an update to the directory