]> git.mxchange.org Git - friendica.git/commitdiff
Use Model\Register methods in modules
authorHypolite Petovan <hypolite@mrpetovan.com>
Sun, 14 Oct 2018 15:57:28 +0000 (11:57 -0400)
committerHypolite Petovan <hypolite@mrpetovan.com>
Sun, 14 Oct 2018 16:26:18 +0000 (12:26 -0400)
- Update registration emails to avoid storing the plaintext password in
the register table
- Remove redundant sprintf() when used with L10n::t()
- Remove redundant Systen::baseUrl() with goaway()

mod/admin.php
mod/invite.php
mod/ping.php
mod/register.php
mod/regmod.php
src/Model/User.php

index 7574e684ec837127acbfdd5b95c6c7a35e1d8cb3..6189c4cb770bfc32eeea2672986abc3bbf5d7636 100644 (file)
@@ -18,13 +18,14 @@ use Friendica\Database\DBA;
 use Friendica\Database\DBStructure;
 use Friendica\Model\Contact;
 use Friendica\Model\Item;
+use Friendica\Model\Register;
 use Friendica\Model\User;
 use Friendica\Module\Login;
 use Friendica\Module\Tos;
 use Friendica\Util\Arrays;
 use Friendica\Util\DateTimeFormat;
-use Friendica\Util\Temporal;
 use Friendica\Util\Network;
+use Friendica\Util\Temporal;
 
 require_once 'include/enotify.php';
 require_once 'include/text.php';
@@ -895,8 +896,7 @@ function admin_page_summary(App $a)
 
        logger('accounts: ' . print_r($accounts, true), LOGGER_DATA);
 
-       $r = q("SELECT COUNT(`id`) AS `count` FROM `register`");
-       $pending = $r[0]['count'];
+       $pending = Register::getPendingCount();
 
        $r = q("SELECT COUNT(*) AS `total` FROM `queue` WHERE 1");
        $queue = (($r) ? $r[0]['total'] : 0);
@@ -912,10 +912,10 @@ function admin_page_summary(App $a)
        $r = q("SHOW variables LIKE 'max_allowed_packet'");
        $max_allowed_packet = (($r) ? $r[0]['Value'] : 0);
 
-       $server_settings = ['label' => L10n::t('Server Settings'), 
-                               'php' => ['upload_max_filesize' => ini_get('upload_max_filesize'), 
-                                                 'post_max_size' => ini_get('post_max_size'), 
-                                                 'memory_limit' => ini_get('memory_limit')], 
+       $server_settings = ['label' => L10n::t('Server Settings'),
+                               'php' => ['upload_max_filesize' => ini_get('upload_max_filesize'),
+                                                 'post_max_size' => ini_get('post_max_size'),
+                                                 'memory_limit' => ini_get('memory_limit')],
                                'mysql' => ['max_allowed_packet' => $max_allowed_packet]];
 
        $t = get_markup_template('admin/summary.tpl');
@@ -1792,11 +1792,7 @@ function admin_page_users(App $a)
        }
 
        /* get pending */
-       $pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email`
-                                FROM `register`
-                                INNER JOIN `contact` ON `register`.`uid` = `contact`.`uid`
-                                INNER JOIN `user` ON `register`.`uid` = `user`.`uid`;");
-
+       $pending = Register::getPending();
 
        /* get users */
        $total = q("SELECT COUNT(*) AS `total` FROM `user` WHERE 1");
index 2a98d19ffcffaf5d3e3c660252e7f304d8d9572b..7318b77ae9f78c6e3318a3fad8ad32fabb12eb21 100644 (file)
@@ -58,14 +58,9 @@ function invite_post(App $a)
                }
 
                if ($invitation_only && ($invites_remaining || is_site_admin())) {
-                       $code = autoname(8) . srand(1000, 9999);
+                       $code = Friendica\Model\Register::createForInvitation();
                        $nmessage = str_replace('$invite_code', $code, $message);
 
-                       $r = q("INSERT INTO `register` (`hash`,`created`) VALUES ('%s', '%s') ",
-                               DBA::escape($code),
-                               DBA::escape(DateTimeFormat::utcNow())
-                       );
-
                        if (! is_site_admin()) {
                                $invites_remaining --;
                                if ($invites_remaining >= 0) {
index ff0139f28f9d3b405f0b148ccf694b8ba03f0171..5ea75727a1152d6d3f12943dcb7b5b9eb684fcbc 100644 (file)
@@ -202,11 +202,7 @@ function ping_init(App $a)
                $mail_count = count($mails);
 
                if (intval(Config::get('config', 'register_policy')) === REGISTER_APPROVE && is_site_admin()) {
-                       $regs = q(
-                               "SELECT `contact`.`name`, `contact`.`url`, `contact`.`micro`, `register`.`created`
-                               FROM `contact` RIGHT JOIN `register` ON `register`.`uid` = `contact`.`uid`
-                               WHERE `contact`.`self` = 1"
-                       );
+                       $regs = Friendica\Model\Register::getPending();
 
                        if (DBA::isResult($regs)) {
                                $register_count = count($regs);
index 2b3522234e84adfb749cbc8865e526b42aea6745..79e9455cd592939abf08f2a0940b357470bf09d7 100644 (file)
@@ -11,10 +11,8 @@ use Friendica\Core\L10n;
 use Friendica\Core\PConfig;
 use Friendica\Core\System;
 use Friendica\Core\Worker;
-use Friendica\Database\DBA;
 use Friendica\Model;
 use Friendica\Module\Tos;
-use Friendica\Util\DateTimeFormat;
 
 require_once 'include/enotify.php';
 
@@ -86,7 +84,7 @@ function register_post(App $a)
 
        if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) {
                if ($using_invites && $invite_id) {
-                       q("delete * from register where hash = '%s' limit 1", DBA::escape($invite_id));
+                       Model\Register::deleteByHash($invite_id);
                        PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
                }
 
@@ -122,19 +120,11 @@ function register_post(App $a)
                        goaway();
                }
 
-               $hash = random_string();
-               $r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language`, `note` ) VALUES ( '%s', '%s', %d, '%s', '%s', '%s' ) ",
-                       DBA::escape($hash),
-                       DBA::escape(DateTimeFormat::utcNow()),
-                       intval($user['uid']),
-                       DBA::escape($result['password']),
-                       DBA::escape(Config::get('system', 'language')),
-                       DBA::escape($_POST['permonlybox'])
-               );
+               Model\Register::createForApproval($user['uid'], Config::get('system', 'language'), $_POST['permonlybox']);
 
                // invite system
                if ($using_invites && $invite_id) {
-                       q("DELETE * FROM `register` WHERE `hash` = '%s' LIMIT 1", DBA::escape($invite_id));
+                       Model\Register::deleteByHash($invite_id);
                        PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
                }
 
@@ -163,6 +153,7 @@ function register_post(App $a)
                }
                // send notification to the user, that the registration is pending
                Model\User::sendRegisterPendingEmail(
+                       $user['uid'],
                        $user['email'],
                        Config::get('config', 'sitename'),
                        $user['username'],
index 11d8eee412eadd013fb2b0197b825803db8baa2c..433a8f5e4e309e9fd7cc86809c5ce6e4d6b5f819 100644 (file)
@@ -9,6 +9,7 @@ use Friendica\Core\L10n;
 use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
+use Friendica\Model\Register;
 use Friendica\Model\User;
 use Friendica\Module\Login;
 
@@ -18,30 +19,24 @@ function user_allow($hash)
 {
        $a = get_app();
 
-       $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
-               DBA::escape($hash)
-       );
-
+       $register = Register::getByHash($hash);
 
        if (!DBA::isResult($register)) {
                return false;
        }
 
        $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
-               intval($register[0]['uid'])
+               intval($register['uid'])
        );
 
        if (!DBA::isResult($user)) {
                killme();
        }
 
-       $r = q("DELETE FROM `register` WHERE `hash` = '%s'",
-               DBA::escape($register[0]['hash'])
-       );
-
+       Register::deleteByHash($hash);
 
        $r = q("UPDATE `user` SET `blocked` = 0, `verified` = 1 WHERE `uid` = %d",
-               intval($register[0]['uid'])
+               intval($register['uid'])
        );
 
        $r = q("SELECT * FROM `profile` WHERE `uid` = %d AND `is-default` = 1",
@@ -54,14 +49,14 @@ function user_allow($hash)
                }
        }
 
-       L10n::pushLang($register[0]['language']);
+       L10n::pushLang($register['language']);
 
        $res = User::sendRegisterOpenEmail(
                $user[0]['email'],
                Config::get('config', 'sitename'),
                System::baseUrl(),
                $user[0]['username'],
-               $register[0]['password'],
+               'Sent in a previous email',
                $user[0]);
 
        L10n::popLang();
@@ -77,20 +72,19 @@ function user_allow($hash)
 // allowed to have friends on this system
 function user_deny($hash)
 {
-       $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
-               DBA::escape($hash)
-       );
+       $register = Register::getByHash($hash);
 
        if (!DBA::isResult($register)) {
                return false;
        }
 
        $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
-               intval($register[0]['uid'])
+               intval($register['uid'])
        );
 
-       DBA::delete('user', ['uid' => $register[0]['uid']]);
-       DBA::delete('register', ['hash' => $register[0]['hash']]);
+       DBA::delete('user', ['uid' => $register['uid']]);
+
+       Register::deleteByHash($register['hash']);
 
        notice(L10n::t('Registration revoked for %s', $user[0]['username']) . EOL);
        return true;
index ddd6ce1ed688585a2fda62504d7b4b5d8271cd25..2888410c7fb047a67a37a07ec55f1ff7f1ea27d4 100644 (file)
@@ -412,7 +412,7 @@ class User
                                throw new Exception(L10n::t('An invitation is required.'));
                        }
 
-                       if (!DBA::exists('register', ['hash' => $invite_id])) {
+                       if (!Register::existsByHash($invite_id)) {
                                throw new Exception(L10n::t('Invitation could not be verified.'));
                        }
                }
@@ -660,22 +660,31 @@ class User
         * @param string $email
         * @param string $sitename
         * @param string $username
+        * @param string $password Plaintext password
         * @return NULL|boolean from notification() and email() inherited
         */
-       public static function sendRegisterPendingEmail($email, $sitename, $username)
+       public static function sendRegisterPendingEmail($uid, $email, $sitename, $username, $siteurl, $nickname, $password)
        {
                $body = deindent(L10n::t('
                        Dear %1$s,
                                Thank you for registering at %2$s. Your account is pending for approval by the administrator.
-               '));
 
-               $body = sprintf($body, $username, $sitename);
+                       Your login details are as follows:
+
+                       Site Location:  %3$s
+                       Login Name:             %4$s
+                       Password:               %5$s
+               ',
+                       $body, $username, $sitename, $siteurl, $nickname, $password
+               ));
 
                return notification([
-                       'type' => SYSTEM_EMAIL,
+                       'type'     => SYSTEM_EMAIL,
+                       'uid'      => $uid,
                        'to_email' => $email,
-                       'subject'=> L10n::t('Registration at %s', $sitename),
-                       'body' => $body]);
+                       'subject'  => L10n::t('Registration at %s', $sitename),
+                       'body'     => $body
+               ]);
        }
 
        /**
@@ -695,7 +704,9 @@ class User
                $preamble = deindent(L10n::t('
                        Dear %1$s,
                                Thank you for registering at %2$s. Your account has been created.
-               '));
+               ',
+                       $preamble, $username, $sitename
+               ));
                $body = deindent(L10n::t('
                        The login details are as follows:
 
@@ -722,19 +733,19 @@ class User
 
                        If you ever want to delete your account, you can do so at %3$s/removeme
 
-                       Thank you and welcome to %2$s.'));
-
-               $preamble = sprintf($preamble, $username, $sitename);
-               $body = sprintf($body, $email, $sitename, $siteurl, $username, $password);
+                       Thank you and welcome to %2$s.',
+                       $body, $email, $sitename, $siteurl, $username, $password
+               ));
 
                return notification([
-                       'uid' => $user['uid'],
+                       'uid'      => $user['uid'],
                        'language' => $user['language'],
-                       'type' => SYSTEM_EMAIL,
+                       'type'     => SYSTEM_EMAIL,
                        'to_email' => $email,
-                       'subject'=> L10n::t('Registration details for %s', $sitename),
-                       'preamble'=> $preamble,
-                       'body' => $body]);
+                       'subject'  => L10n::t('Registration details for %s', $sitename),
+                       'preamble' => $preamble,
+                       'body'     => $body
+               ]);
        }
 
        /**
@@ -771,7 +782,7 @@ class User
                if ($uid == local_user()) {
                        unset($_SESSION['authenticated']);
                        unset($_SESSION['uid']);
-                       goaway(System::baseUrl());
+                       goaway();;
                }
        }
 }