Merge pull request #5920 from MrPetovan/bug/remove-password-from-register
Avoid storing plaintext password in register table
This commit is contained in:
commit
389685e099
10 changed files with 259 additions and 132 deletions
2
boot.php
2
boot.php
|
@ -647,7 +647,7 @@ function killme()
|
||||||
/**
|
/**
|
||||||
* @brief Redirect to another URL and terminate this process.
|
* @brief Redirect to another URL and terminate this process.
|
||||||
*/
|
*/
|
||||||
function goaway($path)
|
function goaway($path = '')
|
||||||
{
|
{
|
||||||
if (strstr(normalise_link($path), 'http://')) {
|
if (strstr(normalise_link($path), 'http://')) {
|
||||||
$url = $path;
|
$url = $path;
|
||||||
|
|
|
@ -84,7 +84,7 @@ function notification($params)
|
||||||
// with $params['show_in_notification_page'] == false, the notification isn't inserted into
|
// with $params['show_in_notification_page'] == false, the notification isn't inserted into
|
||||||
// the database, and an email is sent if applicable.
|
// the database, and an email is sent if applicable.
|
||||||
// default, if not specified: true
|
// default, if not specified: true
|
||||||
$show_in_notification_page = ((x($params, 'show_in_notification_page')) ? $params['show_in_notification_page']:true);
|
$show_in_notification_page = isset($params['show_in_notification_page']) ? $params['show_in_notification_page'] : true;
|
||||||
|
|
||||||
$additional_mail_header = "";
|
$additional_mail_header = "";
|
||||||
$additional_mail_header .= "Precedence: list\n";
|
$additional_mail_header .= "Precedence: list\n";
|
||||||
|
|
|
@ -18,13 +18,14 @@ use Friendica\Database\DBA;
|
||||||
use Friendica\Database\DBStructure;
|
use Friendica\Database\DBStructure;
|
||||||
use Friendica\Model\Contact;
|
use Friendica\Model\Contact;
|
||||||
use Friendica\Model\Item;
|
use Friendica\Model\Item;
|
||||||
|
use Friendica\Model\Register;
|
||||||
use Friendica\Model\User;
|
use Friendica\Model\User;
|
||||||
use Friendica\Module\Login;
|
use Friendica\Module\Login;
|
||||||
use Friendica\Module\Tos;
|
use Friendica\Module\Tos;
|
||||||
use Friendica\Util\Arrays;
|
use Friendica\Util\Arrays;
|
||||||
use Friendica\Util\DateTimeFormat;
|
use Friendica\Util\DateTimeFormat;
|
||||||
use Friendica\Util\Temporal;
|
|
||||||
use Friendica\Util\Network;
|
use Friendica\Util\Network;
|
||||||
|
use Friendica\Util\Temporal;
|
||||||
|
|
||||||
require_once 'include/enotify.php';
|
require_once 'include/enotify.php';
|
||||||
require_once 'include/text.php';
|
require_once 'include/text.php';
|
||||||
|
@ -33,11 +34,11 @@ require_once 'include/items.php';
|
||||||
/**
|
/**
|
||||||
* @brief Process send data from the admin panels subpages
|
* @brief Process send data from the admin panels subpages
|
||||||
*
|
*
|
||||||
* This function acts as relais for processing the data send from the subpages
|
* This function acts as relay for processing the data send from the subpages
|
||||||
* of the admin panel. Depending on the 1st parameter of the url (argv[1])
|
* of the admin panel. Depending on the 1st parameter of the url (argv[1])
|
||||||
* specialized functions are called to process the data from the subpages.
|
* specialized functions are called to process the data from the subpages.
|
||||||
*
|
*
|
||||||
* The function itself does not return anything, but the subsequencely function
|
* The function itself does not return anything, but the subsequently function
|
||||||
* return the HTML for the pages of the admin panel.
|
* return the HTML for the pages of the admin panel.
|
||||||
*
|
*
|
||||||
* @param App $a
|
* @param App $a
|
||||||
|
@ -895,8 +896,7 @@ function admin_page_summary(App $a)
|
||||||
|
|
||||||
logger('accounts: ' . print_r($accounts, true), LOGGER_DATA);
|
logger('accounts: ' . print_r($accounts, true), LOGGER_DATA);
|
||||||
|
|
||||||
$r = q("SELECT COUNT(`id`) AS `count` FROM `register`");
|
$pending = Register::getPendingCount();
|
||||||
$pending = $r[0]['count'];
|
|
||||||
|
|
||||||
$r = q("SELECT COUNT(*) AS `total` FROM `queue` WHERE 1");
|
$r = q("SELECT COUNT(*) AS `total` FROM `queue` WHERE 1");
|
||||||
$queue = (($r) ? $r[0]['total'] : 0);
|
$queue = (($r) ? $r[0]['total'] : 0);
|
||||||
|
@ -912,10 +912,10 @@ function admin_page_summary(App $a)
|
||||||
$r = q("SHOW variables LIKE 'max_allowed_packet'");
|
$r = q("SHOW variables LIKE 'max_allowed_packet'");
|
||||||
$max_allowed_packet = (($r) ? $r[0]['Value'] : 0);
|
$max_allowed_packet = (($r) ? $r[0]['Value'] : 0);
|
||||||
|
|
||||||
$server_settings = ['label' => L10n::t('Server Settings'),
|
$server_settings = ['label' => L10n::t('Server Settings'),
|
||||||
'php' => ['upload_max_filesize' => ini_get('upload_max_filesize'),
|
'php' => ['upload_max_filesize' => ini_get('upload_max_filesize'),
|
||||||
'post_max_size' => ini_get('post_max_size'),
|
'post_max_size' => ini_get('post_max_size'),
|
||||||
'memory_limit' => ini_get('memory_limit')],
|
'memory_limit' => ini_get('memory_limit')],
|
||||||
'mysql' => ['max_allowed_packet' => $max_allowed_packet]];
|
'mysql' => ['max_allowed_packet' => $max_allowed_packet]];
|
||||||
|
|
||||||
$t = get_markup_template('admin/summary.tpl');
|
$t = get_markup_template('admin/summary.tpl');
|
||||||
|
@ -1792,11 +1792,7 @@ function admin_page_users(App $a)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* get pending */
|
/* get pending */
|
||||||
$pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email`
|
$pending = Register::getPending();
|
||||||
FROM `register`
|
|
||||||
INNER JOIN `contact` ON `register`.`uid` = `contact`.`uid`
|
|
||||||
INNER JOIN `user` ON `register`.`uid` = `user`.`uid`;");
|
|
||||||
|
|
||||||
|
|
||||||
/* get users */
|
/* get users */
|
||||||
$total = q("SELECT COUNT(*) AS `total` FROM `user` WHERE 1");
|
$total = q("SELECT COUNT(*) AS `total` FROM `user` WHERE 1");
|
||||||
|
|
|
@ -58,14 +58,9 @@ function invite_post(App $a)
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($invitation_only && ($invites_remaining || is_site_admin())) {
|
if ($invitation_only && ($invites_remaining || is_site_admin())) {
|
||||||
$code = autoname(8) . srand(1000, 9999);
|
$code = Friendica\Model\Register::createForInvitation();
|
||||||
$nmessage = str_replace('$invite_code', $code, $message);
|
$nmessage = str_replace('$invite_code', $code, $message);
|
||||||
|
|
||||||
$r = q("INSERT INTO `register` (`hash`,`created`) VALUES ('%s', '%s') ",
|
|
||||||
DBA::escape($code),
|
|
||||||
DBA::escape(DateTimeFormat::utcNow())
|
|
||||||
);
|
|
||||||
|
|
||||||
if (! is_site_admin()) {
|
if (! is_site_admin()) {
|
||||||
$invites_remaining --;
|
$invites_remaining --;
|
||||||
if ($invites_remaining >= 0) {
|
if ($invites_remaining >= 0) {
|
||||||
|
|
|
@ -202,11 +202,7 @@ function ping_init(App $a)
|
||||||
$mail_count = count($mails);
|
$mail_count = count($mails);
|
||||||
|
|
||||||
if (intval(Config::get('config', 'register_policy')) === REGISTER_APPROVE && is_site_admin()) {
|
if (intval(Config::get('config', 'register_policy')) === REGISTER_APPROVE && is_site_admin()) {
|
||||||
$regs = q(
|
$regs = Friendica\Model\Register::getPending();
|
||||||
"SELECT `contact`.`name`, `contact`.`url`, `contact`.`micro`, `register`.`created`
|
|
||||||
FROM `contact` RIGHT JOIN `register` ON `register`.`uid` = `contact`.`uid`
|
|
||||||
WHERE `contact`.`self` = 1"
|
|
||||||
);
|
|
||||||
|
|
||||||
if (DBA::isResult($regs)) {
|
if (DBA::isResult($regs)) {
|
||||||
$register_count = count($regs);
|
$register_count = count($regs);
|
||||||
|
|
|
@ -11,10 +11,8 @@ use Friendica\Core\L10n;
|
||||||
use Friendica\Core\PConfig;
|
use Friendica\Core\PConfig;
|
||||||
use Friendica\Core\System;
|
use Friendica\Core\System;
|
||||||
use Friendica\Core\Worker;
|
use Friendica\Core\Worker;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Model;
|
||||||
use Friendica\Model\User;
|
|
||||||
use Friendica\Module\Tos;
|
use Friendica\Module\Tos;
|
||||||
use Friendica\Util\DateTimeFormat;
|
|
||||||
|
|
||||||
require_once 'include/enotify.php';
|
require_once 'include/enotify.php';
|
||||||
|
|
||||||
|
@ -67,7 +65,7 @@ function register_post(App $a)
|
||||||
$arr['language'] = L10n::getBrowserLanguage();
|
$arr['language'] = L10n::getBrowserLanguage();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$result = User::create($arr);
|
$result = Model\User::create($arr);
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
notice($e->getMessage());
|
notice($e->getMessage());
|
||||||
return;
|
return;
|
||||||
|
@ -76,7 +74,7 @@ function register_post(App $a)
|
||||||
$user = $result['user'];
|
$user = $result['user'];
|
||||||
|
|
||||||
if ($netpublish && intval(Config::get('config', 'register_policy')) !== REGISTER_APPROVE) {
|
if ($netpublish && intval(Config::get('config', 'register_policy')) !== REGISTER_APPROVE) {
|
||||||
$url = System::baseUrl() . '/profile/' . $user['nickname'];
|
$url = $a->getBaseUrl() . '/profile/' . $user['nickname'];
|
||||||
Worker::add(PRIORITY_LOW, "Directory", $url);
|
Worker::add(PRIORITY_LOW, "Directory", $url);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -86,18 +84,22 @@ function register_post(App $a)
|
||||||
|
|
||||||
if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) {
|
if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) {
|
||||||
if ($using_invites && $invite_id) {
|
if ($using_invites && $invite_id) {
|
||||||
q("delete * from register where hash = '%s' limit 1", DBA::escape($invite_id));
|
Model\Register::deleteByHash($invite_id);
|
||||||
PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
|
PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only send a password mail when the password wasn't manually provided
|
// Only send a password mail when the password wasn't manually provided
|
||||||
if (!x($_POST, 'password1') || !x($_POST, 'confirm')) {
|
if (!x($_POST, 'password1') || !x($_POST, 'confirm')) {
|
||||||
$res = User::sendRegisterOpenEmail(
|
$res = Model\User::sendRegisterOpenEmail(
|
||||||
$user['email'], Config::get('config', 'sitename'), System::baseUrl(), $user['username'], $result['password'], $user);
|
$user,
|
||||||
|
Config::get('config', 'sitename'),
|
||||||
|
$a->getBaseUrl(),
|
||||||
|
$result['password']
|
||||||
|
);
|
||||||
|
|
||||||
if ($res) {
|
if ($res) {
|
||||||
info(L10n::t('Registration successful. Please check your email for further instructions.') . EOL);
|
info(L10n::t('Registration successful. Please check your email for further instructions.') . EOL);
|
||||||
goaway(System::baseUrl());
|
goaway();
|
||||||
} else {
|
} else {
|
||||||
notice(
|
notice(
|
||||||
L10n::t('Failed to send email message. Here your accout details:<br> login: %s<br> password: %s<br><br>You can change your password after login.',
|
L10n::t('Failed to send email message. Here your accout details:<br> login: %s<br> password: %s<br><br>You can change your password after login.',
|
||||||
|
@ -108,27 +110,19 @@ function register_post(App $a)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
info(L10n::t('Registration successful.') . EOL);
|
info(L10n::t('Registration successful.') . EOL);
|
||||||
goaway(System::baseUrl());
|
goaway();
|
||||||
}
|
}
|
||||||
} elseif (intval(Config::get('config', 'register_policy')) === REGISTER_APPROVE) {
|
} elseif (intval(Config::get('config', 'register_policy')) === REGISTER_APPROVE) {
|
||||||
if (!strlen(Config::get('config', 'admin_email'))) {
|
if (!strlen(Config::get('config', 'admin_email'))) {
|
||||||
notice(L10n::t('Your registration can not be processed.') . EOL);
|
notice(L10n::t('Your registration can not be processed.') . EOL);
|
||||||
goaway(System::baseUrl());
|
goaway();
|
||||||
}
|
}
|
||||||
|
|
||||||
$hash = random_string();
|
Model\Register::createForApproval($user['uid'], Config::get('system', 'language'), $_POST['permonlybox']);
|
||||||
$r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language`, `note` ) VALUES ( '%s', '%s', %d, '%s', '%s', '%s' ) ",
|
|
||||||
DBA::escape($hash),
|
|
||||||
DBA::escape(DateTimeFormat::utcNow()),
|
|
||||||
intval($user['uid']),
|
|
||||||
DBA::escape($result['password']),
|
|
||||||
DBA::escape(Config::get('system', 'language')),
|
|
||||||
DBA::escape($_POST['permonlybox'])
|
|
||||||
);
|
|
||||||
|
|
||||||
// invite system
|
// invite system
|
||||||
if ($using_invites && $invite_id) {
|
if ($using_invites && $invite_id) {
|
||||||
q("DELETE * FROM `register` WHERE `hash` = '%s' LIMIT 1", DBA::escape($invite_id));
|
Model\Register::deleteByHash($invite_id);
|
||||||
PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
|
PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -146,9 +140,9 @@ function register_post(App $a)
|
||||||
'source_name' => $user['username'],
|
'source_name' => $user['username'],
|
||||||
'source_mail' => $user['email'],
|
'source_mail' => $user['email'],
|
||||||
'source_nick' => $user['nickname'],
|
'source_nick' => $user['nickname'],
|
||||||
'source_link' => System::baseUrl() . "/admin/users/",
|
'source_link' => $a->getBaseUrl() . "/admin/users/",
|
||||||
'link' => System::baseUrl() . "/admin/users/",
|
'link' => $a->getBaseUrl() . "/admin/users/",
|
||||||
'source_photo' => System::baseUrl() . "/photo/avatar/" . $user['uid'] . ".jpg",
|
'source_photo' => $a->getBaseUrl() . "/photo/avatar/" . $user['uid'] . ".jpg",
|
||||||
'to_email' => $admin['email'],
|
'to_email' => $admin['email'],
|
||||||
'uid' => $admin['uid'],
|
'uid' => $admin['uid'],
|
||||||
'language' => $admin['language'] ? $admin['language'] : 'en',
|
'language' => $admin['language'] ? $admin['language'] : 'en',
|
||||||
|
@ -156,11 +150,15 @@ function register_post(App $a)
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
// send notification to the user, that the registration is pending
|
// send notification to the user, that the registration is pending
|
||||||
User::sendRegisterPendingEmail(
|
Model\User::sendRegisterPendingEmail(
|
||||||
$user['email'], Config::get('config', 'sitename'), $user['username']);
|
$user,
|
||||||
|
Config::get('config', 'sitename'),
|
||||||
|
$a->getBaseURL(),
|
||||||
|
$result['password']
|
||||||
|
);
|
||||||
|
|
||||||
info(L10n::t('Your registration is pending approval by the site owner.') . EOL);
|
info(L10n::t('Your registration is pending approval by the site owner.') . EOL);
|
||||||
goaway(System::baseUrl());
|
goaway();
|
||||||
}
|
}
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -9,6 +9,7 @@ use Friendica\Core\L10n;
|
||||||
use Friendica\Core\System;
|
use Friendica\Core\System;
|
||||||
use Friendica\Core\Worker;
|
use Friendica\Core\Worker;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
|
use Friendica\Model\Register;
|
||||||
use Friendica\Model\User;
|
use Friendica\Model\User;
|
||||||
use Friendica\Module\Login;
|
use Friendica\Module\Login;
|
||||||
|
|
||||||
|
@ -18,51 +19,35 @@ function user_allow($hash)
|
||||||
{
|
{
|
||||||
$a = get_app();
|
$a = get_app();
|
||||||
|
|
||||||
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
|
$register = Register::getByHash($hash);
|
||||||
DBA::escape($hash)
|
|
||||||
);
|
|
||||||
|
|
||||||
|
|
||||||
if (!DBA::isResult($register)) {
|
if (!DBA::isResult($register)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
|
$user = User::getById($register['uid']);
|
||||||
intval($register[0]['uid'])
|
|
||||||
);
|
|
||||||
|
|
||||||
if (!DBA::isResult($user)) {
|
if (!DBA::isResult($user)) {
|
||||||
killme();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
$r = q("DELETE FROM `register` WHERE `hash` = '%s'",
|
Register::deleteByHash($hash);
|
||||||
DBA::escape($register[0]['hash'])
|
|
||||||
);
|
|
||||||
|
|
||||||
|
DBA::update('user', ['blocked' => false, 'verified' => true], ['uid' => $register['uid']]);
|
||||||
|
|
||||||
$r = q("UPDATE `user` SET `blocked` = 0, `verified` = 1 WHERE `uid` = %d",
|
$profile = DBA::selectFirst('profile', ['net-publish'], ['uid' => $register['uid'], 'is-default' => true]);
|
||||||
intval($register[0]['uid'])
|
|
||||||
);
|
|
||||||
|
|
||||||
$r = q("SELECT * FROM `profile` WHERE `uid` = %d AND `is-default` = 1",
|
if (DBA::isResult($profile) && $profile['net-publish'] && Config::get('system', 'directory')) {
|
||||||
intval($user[0]['uid'])
|
$url = System::baseUrl() . '/profile/' . $user['nickname'];
|
||||||
);
|
Worker::add(PRIORITY_LOW, "Directory", $url);
|
||||||
if (DBA::isResult($r) && $r[0]['net-publish']) {
|
|
||||||
$url = System::baseUrl() . '/profile/' . $user[0]['nickname'];
|
|
||||||
if ($url && strlen(Config::get('system', 'directory'))) {
|
|
||||||
Worker::add(PRIORITY_LOW, "Directory", $url);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
L10n::pushLang($register[0]['language']);
|
L10n::pushLang($register['language']);
|
||||||
|
|
||||||
$res = User::sendRegisterOpenEmail(
|
$res = User::sendRegisterOpenEmail(
|
||||||
$user[0]['email'],
|
$user,
|
||||||
Config::get('config', 'sitename'),
|
Config::get('config', 'sitename'),
|
||||||
System::baseUrl(),
|
$a->getBaseUrl(),
|
||||||
$user[0]['username'],
|
defaults($register, 'password', 'Sent in a previous email')
|
||||||
$register[0]['password'],
|
);
|
||||||
$user[0]);
|
|
||||||
|
|
||||||
L10n::popLang();
|
L10n::popLang();
|
||||||
|
|
||||||
|
@ -77,22 +62,21 @@ function user_allow($hash)
|
||||||
// allowed to have friends on this system
|
// allowed to have friends on this system
|
||||||
function user_deny($hash)
|
function user_deny($hash)
|
||||||
{
|
{
|
||||||
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
|
$register = Register::getByHash($hash);
|
||||||
DBA::escape($hash)
|
|
||||||
);
|
|
||||||
|
|
||||||
if (!DBA::isResult($register)) {
|
if (!DBA::isResult($register)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
|
$user = User::getById($register['uid']);
|
||||||
intval($register[0]['uid'])
|
if (!DBA::isResult($user)) {
|
||||||
);
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
DBA::delete('user', ['uid' => $register[0]['uid']]);
|
DBA::delete('user', ['uid' => $register['uid']]);
|
||||||
DBA::delete('register', ['hash' => $register[0]['hash']]);
|
|
||||||
|
|
||||||
notice(L10n::t('Registration revoked for %s', $user[0]['username']) . EOL);
|
Register::deleteByHash($register['hash']);
|
||||||
|
|
||||||
|
notice(L10n::t('Registration revoked for %s', $user['username']) . EOL);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -100,17 +84,16 @@ function regmod_content(App $a)
|
||||||
{
|
{
|
||||||
if (!local_user()) {
|
if (!local_user()) {
|
||||||
info(L10n::t('Please login.') . EOL);
|
info(L10n::t('Please login.') . EOL);
|
||||||
$o = '<br /><br />' . Login::form($a->query_string, intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED ? 0 : 1);
|
return Login::form($a->query_string, intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED ? 0 : 1);
|
||||||
return $o;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((!is_site_admin()) || (x($_SESSION, 'submanage') && intval($_SESSION['submanage']))) {
|
if (!is_site_admin() || !empty($_SESSION['submanage'])) {
|
||||||
notice(L10n::t('Permission denied.') . EOL);
|
notice(L10n::t('Permission denied.') . EOL);
|
||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($a->argc != 3) {
|
if ($a->argc != 3) {
|
||||||
killme();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
$cmd = $a->argv[1];
|
$cmd = $a->argv[1];
|
||||||
|
@ -118,13 +101,11 @@ function regmod_content(App $a)
|
||||||
|
|
||||||
if ($cmd === 'deny') {
|
if ($cmd === 'deny') {
|
||||||
user_deny($hash);
|
user_deny($hash);
|
||||||
goaway(System::baseUrl() . "/admin/users/");
|
goaway('admin/users/');
|
||||||
killme();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($cmd === 'allow') {
|
if ($cmd === 'allow') {
|
||||||
user_allow($hash);
|
user_allow($hash);
|
||||||
goaway(System::baseUrl() . "/admin/users/");
|
goaway('admin/users/');
|
||||||
killme();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -821,7 +821,7 @@ class DBA
|
||||||
* @param array $param parameter array
|
* @param array $param parameter array
|
||||||
* @param bool $on_duplicate_update Do an update on a duplicate entry
|
* @param bool $on_duplicate_update Do an update on a duplicate entry
|
||||||
*
|
*
|
||||||
* @return boolean was the insert successfull?
|
* @return boolean was the insert successful?
|
||||||
*/
|
*/
|
||||||
public static function insert($table, $param, $on_duplicate_update = false) {
|
public static function insert($table, $param, $on_duplicate_update = false) {
|
||||||
|
|
||||||
|
|
131
src/Model/Register.php
Normal file
131
src/Model/Register.php
Normal file
|
@ -0,0 +1,131 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @file src/Model/Register.php
|
||||||
|
*/
|
||||||
|
namespace Friendica\Model;
|
||||||
|
|
||||||
|
use Friendica\Database\DBA;
|
||||||
|
use Friendica\Util\DateTimeFormat;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class interacting with the register database table
|
||||||
|
*
|
||||||
|
* @author Hypolite Petovan <mrpetovan@gmail.com>
|
||||||
|
*/
|
||||||
|
class Register
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Return the list of pending registrations
|
||||||
|
*
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public static function getPending()
|
||||||
|
{
|
||||||
|
$stmt = DBA::p(
|
||||||
|
"SELECT `register`.*, `contact`.`name`, `user`.`email`
|
||||||
|
FROM `register`
|
||||||
|
INNER JOIN `contact` ON `register`.`uid` = `contact`.`uid`
|
||||||
|
INNER JOIN `user` ON `register`.`uid` = `user`.`uid`"
|
||||||
|
);
|
||||||
|
|
||||||
|
return DBA::toArray($stmt);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the pending registration count
|
||||||
|
*
|
||||||
|
* @return int
|
||||||
|
*/
|
||||||
|
public static function getPendingCount()
|
||||||
|
{
|
||||||
|
$register = DBA::fetchFirst(
|
||||||
|
"SELECT COUNT(*) AS `count`
|
||||||
|
FROM `register`
|
||||||
|
INNER JOIN `contact` ON `register`.`uid` = `contact`.`uid` AND `contact`.`self`"
|
||||||
|
);
|
||||||
|
|
||||||
|
return $register['count'];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the register record associated with the provided hash
|
||||||
|
*
|
||||||
|
* @param string $hash
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public static function getByHash($hash)
|
||||||
|
{
|
||||||
|
return DBA::selectFirst('register', [], ['hash' => $hash]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if a register record exists with the provided hash
|
||||||
|
*
|
||||||
|
* @param string $hash
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public static function existsByHash($hash)
|
||||||
|
{
|
||||||
|
return DBA::exists('register', ['hash' => $hash]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a register record for an invitation and returns the auto-generated code for it
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public static function createForInvitation()
|
||||||
|
{
|
||||||
|
$code = autoname(8) . srand(1000, 9999);
|
||||||
|
|
||||||
|
$fields = [
|
||||||
|
'hash' => $code,
|
||||||
|
'created' => DateTimeFormat::utcNow()
|
||||||
|
];
|
||||||
|
|
||||||
|
DBA::insert('register', $fields);
|
||||||
|
|
||||||
|
return $code;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a register record for approval and returns the success of the database insert
|
||||||
|
* Checks for the existence of the provided user id
|
||||||
|
*
|
||||||
|
* @param integer $uid The ID of the user needing approval
|
||||||
|
* @param string $language The registration language
|
||||||
|
* @param string $note An additional message from the user
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public static function createForApproval($uid, $language, $note = '')
|
||||||
|
{
|
||||||
|
$hash = random_string();
|
||||||
|
|
||||||
|
if (!User::exists($uid)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$fields = [
|
||||||
|
'hash' => $hash,
|
||||||
|
'created' => DateTimeFormat::utcNow(),
|
||||||
|
'uid' => $uid,
|
||||||
|
'password' => '', // Obsolete, slated for deletion
|
||||||
|
'language' => $language,
|
||||||
|
'note' => $note
|
||||||
|
];
|
||||||
|
|
||||||
|
return DBA::insert('register', $fields);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Deletes a register record by the provided hash and returns the success of the database deletion
|
||||||
|
*
|
||||||
|
* @param string $hash
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public static function deleteByHash($hash)
|
||||||
|
{
|
||||||
|
return DBA::delete('register', ['hash' => $hash]);
|
||||||
|
}
|
||||||
|
}
|
|
@ -32,9 +32,29 @@ require_once 'include/text.php';
|
||||||
class User
|
class User
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* @brief Returns the user id of a given profile url
|
* Returns true if a user record exists with the provided id
|
||||||
*
|
*
|
||||||
* @param string $profile
|
* @param integer $uid
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public static function exists($uid)
|
||||||
|
{
|
||||||
|
return DBA::exists('user', ['uid' => $uid]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param integer $uid
|
||||||
|
* @return array|boolean User record if it exists, false otherwise
|
||||||
|
*/
|
||||||
|
public static function getById($uid)
|
||||||
|
{
|
||||||
|
return DBA::selectFirst('user', [], ['uid' => $uid]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Returns the user id of a given profile URL
|
||||||
|
*
|
||||||
|
* @param string $url
|
||||||
*
|
*
|
||||||
* @return integer user id
|
* @return integer user id
|
||||||
*/
|
*/
|
||||||
|
@ -401,7 +421,7 @@ class User
|
||||||
throw new Exception(L10n::t('An invitation is required.'));
|
throw new Exception(L10n::t('An invitation is required.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!DBA::exists('register', ['hash' => $invite_id])) {
|
if (!Register::existsByHash($invite_id)) {
|
||||||
throw new Exception(L10n::t('Invitation could not be verified.'));
|
throw new Exception(L10n::t('Invitation could not be verified.'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -644,27 +664,36 @@ class User
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Sends pending registration confiŕmation email
|
* @brief Sends pending registration confirmation email
|
||||||
*
|
*
|
||||||
* @param string $email
|
* @param array $user User record array
|
||||||
* @param string $sitename
|
* @param string $sitename
|
||||||
* @param string $username
|
* @param string $siteurl
|
||||||
|
* @param string $password Plaintext password
|
||||||
* @return NULL|boolean from notification() and email() inherited
|
* @return NULL|boolean from notification() and email() inherited
|
||||||
*/
|
*/
|
||||||
public static function sendRegisterPendingEmail($email, $sitename, $username)
|
public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password)
|
||||||
{
|
{
|
||||||
$body = deindent(L10n::t('
|
$body = deindent(L10n::t('
|
||||||
Dear %1$s,
|
Dear %1$s,
|
||||||
Thank you for registering at %2$s. Your account is pending for approval by the administrator.
|
Thank you for registering at %2$s. Your account is pending for approval by the administrator.
|
||||||
'));
|
|
||||||
|
|
||||||
$body = sprintf($body, $username, $sitename);
|
Your login details are as follows:
|
||||||
|
|
||||||
|
Site Location: %3$s
|
||||||
|
Login Name: %4$s
|
||||||
|
Password: %5$s
|
||||||
|
',
|
||||||
|
$body, $user['username'], $sitename, $siteurl, $user['nickname'], $password
|
||||||
|
));
|
||||||
|
|
||||||
return notification([
|
return notification([
|
||||||
'type' => SYSTEM_EMAIL,
|
'type' => SYSTEM_EMAIL,
|
||||||
'to_email' => $email,
|
'uid' => $user['uid'],
|
||||||
'subject'=> L10n::t('Registration at %s', $sitename),
|
'to_email' => $user['email'],
|
||||||
'body' => $body]);
|
'subject' => L10n::t('Registration at %s', $sitename),
|
||||||
|
'body' => $body
|
||||||
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -672,19 +701,20 @@ class User
|
||||||
*
|
*
|
||||||
* It's here as a function because the mail is sent from different parts
|
* It's here as a function because the mail is sent from different parts
|
||||||
*
|
*
|
||||||
* @param string $email
|
* @param array $user User record array
|
||||||
* @param string $sitename
|
* @param string $sitename
|
||||||
* @param string $siteurl
|
* @param string $siteurl
|
||||||
* @param string $username
|
* @param string $password Plaintext password
|
||||||
* @param string $password
|
|
||||||
* @return NULL|boolean from notification() and email() inherited
|
* @return NULL|boolean from notification() and email() inherited
|
||||||
*/
|
*/
|
||||||
public static function sendRegisterOpenEmail($email, $sitename, $siteurl, $username, $password, $user)
|
public static function sendRegisterOpenEmail($user, $sitename, $siteurl, $password)
|
||||||
{
|
{
|
||||||
$preamble = deindent(L10n::t('
|
$preamble = deindent(L10n::t('
|
||||||
Dear %1$s,
|
Dear %1$s,
|
||||||
Thank you for registering at %2$s. Your account has been created.
|
Thank you for registering at %2$s. Your account has been created.
|
||||||
'));
|
',
|
||||||
|
$preamble, $user['username'], $sitename
|
||||||
|
));
|
||||||
$body = deindent(L10n::t('
|
$body = deindent(L10n::t('
|
||||||
The login details are as follows:
|
The login details are as follows:
|
||||||
|
|
||||||
|
@ -711,19 +741,19 @@ class User
|
||||||
|
|
||||||
If you ever want to delete your account, you can do so at %3$s/removeme
|
If you ever want to delete your account, you can do so at %3$s/removeme
|
||||||
|
|
||||||
Thank you and welcome to %2$s.'));
|
Thank you and welcome to %2$s.',
|
||||||
|
$body, $user['email'], $sitename, $siteurl, $user['username'], $password
|
||||||
$preamble = sprintf($preamble, $username, $sitename);
|
));
|
||||||
$body = sprintf($body, $email, $sitename, $siteurl, $username, $password);
|
|
||||||
|
|
||||||
return notification([
|
return notification([
|
||||||
'uid' => $user['uid'],
|
'uid' => $user['uid'],
|
||||||
'language' => $user['language'],
|
'language' => $user['language'],
|
||||||
'type' => SYSTEM_EMAIL,
|
'type' => SYSTEM_EMAIL,
|
||||||
'to_email' => $email,
|
'to_email' => $user['email'],
|
||||||
'subject'=> L10n::t('Registration details for %s', $sitename),
|
'subject' => L10n::t('Registration details for %s', $sitename),
|
||||||
'preamble'=> $preamble,
|
'preamble' => $preamble,
|
||||||
'body' => $body]);
|
'body' => $body
|
||||||
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -760,7 +790,7 @@ class User
|
||||||
if ($uid == local_user()) {
|
if ($uid == local_user()) {
|
||||||
unset($_SESSION['authenticated']);
|
unset($_SESSION['authenticated']);
|
||||||
unset($_SESSION['uid']);
|
unset($_SESSION['uid']);
|
||||||
goaway(System::baseUrl());
|
goaway();;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue