2017-11-19 22:55:28 +01:00
< ? php
/**
* @ file src / Model / User . php
* @ brief This file includes the User class with user related database functions
*/
namespace Friendica\Model ;
2018-03-21 06:33:35 +01:00
use DivineOmega\PasswordExposed\PasswordStatus ;
2018-01-17 19:42:40 +01:00
use Friendica\Core\Addon ;
2017-12-04 04:27:49 +01:00
use Friendica\Core\Config ;
2018-01-22 15:54:13 +01:00
use Friendica\Core\L10n ;
2018-01-25 03:08:45 +01:00
use Friendica\Core\PConfig ;
2017-11-19 22:55:28 +01:00
use Friendica\Core\System ;
use Friendica\Core\Worker ;
2017-11-26 20:25:25 +01:00
use Friendica\Database\DBM ;
2017-12-07 15:04:24 +01:00
use Friendica\Model\Contact ;
2017-12-09 19:31:00 +01:00
use Friendica\Model\Group ;
2017-12-07 14:56:11 +01:00
use Friendica\Model\Photo ;
use Friendica\Object\Image ;
2017-12-30 17:51:49 +01:00
use Friendica\Util\Crypto ;
2018-01-27 03:38:34 +01:00
use Friendica\Util\DateTimeFormat ;
2018-01-27 05:09:48 +01:00
use Friendica\Util\Network ;
2017-11-19 22:55:28 +01:00
use dba ;
2017-12-13 02:43:21 +01:00
use Exception ;
2018-01-25 03:08:45 +01:00
use LightOpenID ;
2018-03-21 06:33:35 +01:00
use function password_exposed ;
2017-11-19 22:55:28 +01:00
require_once 'boot.php' ;
2017-12-17 21:24:57 +01:00
require_once 'include/dba.php' ;
2017-12-04 04:27:49 +01:00
require_once 'include/enotify.php' ;
require_once 'include/text.php' ;
2017-11-19 22:55:28 +01:00
/**
* @ brief This class handles User related functions
*/
class User
{
2017-12-17 22:22:39 +01:00
/**
* @ brief Get owner data by user id
*
* @ param int $uid
* @ return boolean | array
*/
public static function getOwnerDataById ( $uid ) {
2017-12-18 10:21:47 +01:00
$r = dba :: fetch_first ( " SELECT
2017-12-17 22:22:39 +01:00
`contact` .* ,
`user` . `prvkey` AS `uprvkey` ,
`user` . `timezone` ,
`user` . `nickname` ,
`user` . `sprvkey` ,
`user` . `spubkey` ,
`user` . `page-flags` ,
`user` . `account-type` ,
`user` . `prvnets`
FROM `contact`
INNER JOIN `user`
ON `user` . `uid` = `contact` . `uid`
WHERE `contact` . `uid` = ?
2017-12-18 10:21:47 +01:00
AND `contact` . `self`
2017-12-17 22:22:39 +01:00
LIMIT 1 " ,
$uid
);
if ( ! DBM :: is_result ( $r )) {
return false ;
}
2017-12-18 10:21:47 +01:00
return $r ;
2017-12-17 22:22:39 +01:00
}
2017-12-04 04:15:31 +01:00
/**
2017-12-09 19:31:00 +01:00
* @ brief Returns the default group for a given user and network
*
* @ param int $uid User id
* @ param string $network network name
*
* @ return int group id
*/
public static function getDefaultGroup ( $uid , $network = '' )
{
$default_group = 0 ;
if ( $network == NETWORK_OSTATUS ) {
$default_group = PConfig :: get ( $uid , " ostatus " , " default_group " );
}
if ( $default_group != 0 ) {
return $default_group ;
}
2018-01-10 14:36:02 +01:00
$user = dba :: selectFirst ( 'user' , [ 'def_gid' ], [ 'uid' => $uid ]);
2017-12-09 19:31:00 +01:00
if ( DBM :: is_result ( $user )) {
$default_group = $user [ " def_gid " ];
}
return $default_group ;
}
/**
2018-02-09 06:08:01 +01:00
* Authenticate a user with a clear text password
2017-12-04 04:15:31 +01:00
*
2018-02-09 06:08:01 +01:00
* @ brief Authenticate a user with a clear text password
2017-12-04 04:15:31 +01:00
* @ param mixed $user_info
* @ param string $password
2018-02-09 06:08:01 +01:00
* @ return int | boolean
* @ deprecated since version 3.6
2018-03-21 06:33:35 +01:00
* @ see User :: getIdFromPasswordAuthentication ()
2017-12-04 04:15:31 +01:00
*/
2017-11-26 20:25:25 +01:00
public static function authenticate ( $user_info , $password )
{
2018-02-09 06:08:01 +01:00
try {
return self :: getIdFromPasswordAuthentication ( $user_info , $password );
} catch ( Exception $ex ) {
return false ;
2017-11-26 20:25:25 +01:00
}
2018-02-09 06:08:01 +01:00
}
2017-11-26 20:25:25 +01:00
2018-02-09 06:08:01 +01:00
/**
* Returns the user id associated with a successful password authentication
*
* @ brief Authenticate a user with a clear text password
* @ param mixed $user_info
* @ param string $password
* @ return int User Id if authentication is successful
* @ throws Exception
*/
public static function getIdFromPasswordAuthentication ( $user_info , $password )
{
$user = self :: getAuthenticationInfo ( $user_info );
2017-11-26 20:25:25 +01:00
2018-04-08 16:02:25 +02:00
if ( strpos ( $user [ 'password' ], '$' ) === false ) {
2018-04-15 11:12:32 +02:00
//Legacy hash that has not been replaced by a new hash yet
2018-04-08 12:28:04 +02:00
if ( self :: hashPasswordLegacy ( $password ) === $user [ 'password' ]) {
self :: updatePassword ( $user [ 'uid' ], $password );
2018-04-15 11:12:32 +02:00
return $user [ 'uid' ];
}
} elseif ( ! empty ( $user [ 'legacy_password' ])) {
//Legacy hash that has been double-hashed and not replaced by a new hash yet
//Warning: `legacy_password` is not necessary in sync with the content of `password`
if ( password_verify ( self :: hashPasswordLegacy ( $password ), $user [ 'password' ])) {
self :: updatePassword ( $user [ 'uid' ], $password );
2018-04-08 12:28:04 +02:00
return $user [ 'uid' ];
}
2018-04-08 16:02:25 +02:00
} elseif ( password_verify ( $password , $user [ 'password' ])) {
2018-04-15 11:12:32 +02:00
//New password hash
2018-04-08 16:02:25 +02:00
if ( password_needs_rehash ( $user [ 'password' ], PASSWORD_DEFAULT )) {
self :: updatePassword ( $user [ 'uid' ], $password );
}
return $user [ 'uid' ];
2017-11-26 20:25:25 +01:00
}
2018-02-09 06:08:01 +01:00
throw new Exception ( L10n :: t ( 'Login failed' ));
}
/**
* Returns authentication info from various parameters types
*
* User info can be any of the following :
* - User DB object
* - User Id
* - User email or username or nickname
* - User array with at least the uid and the hashed password
*
* @ param mixed $user_info
* @ return array
* @ throws Exception
*/
private static function getAuthenticationInfo ( $user_info )
{
2018-02-14 06:05:00 +01:00
$user = null ;
2018-02-09 06:08:01 +01:00
if ( is_object ( $user_info ) || is_array ( $user_info )) {
if ( is_object ( $user_info )) {
$user = ( array ) $user_info ;
} else {
$user = $user_info ;
}
if ( ! isset ( $user [ 'uid' ])
|| ! isset ( $user [ 'password' ])
2018-04-15 10:51:22 +02:00
|| ! isset ( $user [ 'legacy_password' ])
2018-02-09 06:08:01 +01:00
) {
throw new Exception ( L10n :: t ( 'Not enough information to authenticate' ));
}
} elseif ( is_int ( $user_info ) || is_string ( $user_info )) {
if ( is_int ( $user_info )) {
2018-04-15 10:51:22 +02:00
$user = dba :: selectFirst ( 'user' , [ 'uid' , 'password' , 'legacy_password' ],
2018-02-09 06:08:01 +01:00
[
'uid' => $user_info ,
'blocked' => 0 ,
'account_expired' => 0 ,
'account_removed' => 0 ,
'verified' => 1
]
);
} else {
2018-04-15 10:51:22 +02:00
$user = dba :: fetch_first ( ' SELECT `uid` , `password` , `legacy_password`
2018-02-09 06:08:01 +01:00
FROM `user`
WHERE ( `email` = ? OR `username` = ? OR `nickname` = ? )
AND `blocked` = 0
AND `account_expired` = 0
AND `account_removed` = 0
AND `verified` = 1
LIMIT 1 ' ,
$user_info ,
$user_info ,
$user_info
);
}
if ( ! DBM :: is_result ( $user )) {
throw new Exception ( L10n :: t ( 'User not found' ));
}
}
return $user ;
2017-11-26 20:25:25 +01:00
}
2018-01-20 04:49:06 +01:00
/**
* Generates a human - readable random password
*
* @ return string
*/
public static function generateNewPassword ()
{
return autoname ( 6 ) . mt_rand ( 100 , 9999 );
}
2018-03-21 06:33:35 +01:00
/**
* Checks if the provided plaintext password has been exposed or not
*
* @ param string $password
* @ return bool
*/
2018-03-21 07:14:43 +01:00
public static function isPasswordExposed ( $password )
2018-03-21 06:33:35 +01:00
{
return password_exposed ( $password ) === PasswordStatus :: EXPOSED ;
}
2018-01-20 04:49:06 +01:00
/**
2018-01-21 04:29:03 +01:00
* Legacy hashing function , kept for password migration purposes
2018-01-20 04:49:06 +01:00
*
* @ param string $password
* @ return string
*/
2018-01-21 04:29:03 +01:00
private static function hashPasswordLegacy ( $password )
2018-01-20 04:49:06 +01:00
{
return hash ( 'whirlpool' , $password );
}
2018-01-21 04:29:03 +01:00
/**
* Global user password hashing function
*
* @ param string $password
* @ return string
*/
public static function hashPassword ( $password )
{
return password_hash ( $password , PASSWORD_DEFAULT );
}
2018-01-20 04:49:06 +01:00
/**
* Updates a user row with a new plaintext password
*
* @ param int $uid
* @ param string $password
* @ return bool
*/
public static function updatePassword ( $uid , $password )
{
return self :: updatePasswordHashed ( $uid , self :: hashPassword ( $password ));
}
/**
* Updates a user row with a new hashed password .
* Empties the password reset token field just in case .
*
* @ param int $uid
* @ param string $pasword_hashed
* @ return bool
*/
private static function updatePasswordHashed ( $uid , $pasword_hashed )
{
2018-01-21 00:15:55 +01:00
$fields = [
'password' => $pasword_hashed ,
'pwdreset' => null ,
2018-01-21 04:29:03 +01:00
'pwdreset_time' => null ,
2018-04-15 10:51:22 +02:00
'legacy_password' => false
2018-01-21 00:15:55 +01:00
];
return dba :: update ( 'user' , $fields , [ 'uid' => $uid ]);
2018-01-20 04:49:06 +01:00
}
2017-12-04 04:27:49 +01:00
/**
* @ brief Catch - all user creation function
*
* Creates a user from the provided data array , either form fields or OpenID .
* Required : { username , nickname , email } or { openid_url }
*
* Performs the following :
* - Sends to the OpenId auth URL ( if relevant )
* - Creates new key pairs for crypto
* - Create self - contact
* - Create profile image
*
* @ param array $data
* @ return string
2017-12-13 02:43:21 +01:00
* @ throw Exception
2017-12-04 04:27:49 +01:00
*/
public static function create ( array $data )
{
$a = get_app ();
2017-12-13 02:43:21 +01:00
$return = [ 'user' => null , 'password' => '' ];
2017-12-04 04:27:49 +01:00
$using_invites = Config :: get ( 'system' , 'invitation_only' );
$num_invites = Config :: get ( 'system' , 'number_invites' );
$invite_id = x ( $data , 'invite_id' ) ? notags ( trim ( $data [ 'invite_id' ])) : '' ;
$username = x ( $data , 'username' ) ? notags ( trim ( $data [ 'username' ])) : '' ;
$nickname = x ( $data , 'nickname' ) ? notags ( trim ( $data [ 'nickname' ])) : '' ;
$email = x ( $data , 'email' ) ? notags ( trim ( $data [ 'email' ])) : '' ;
$openid_url = x ( $data , 'openid_url' ) ? notags ( trim ( $data [ 'openid_url' ])) : '' ;
$photo = x ( $data , 'photo' ) ? notags ( trim ( $data [ 'photo' ])) : '' ;
$password = x ( $data , 'password' ) ? trim ( $data [ 'password' ]) : '' ;
$password1 = x ( $data , 'password1' ) ? trim ( $data [ 'password1' ]) : '' ;
$confirm = x ( $data , 'confirm' ) ? trim ( $data [ 'confirm' ]) : '' ;
$blocked = x ( $data , 'blocked' ) ? intval ( $data [ 'blocked' ]) : 0 ;
$verified = x ( $data , 'verified' ) ? intval ( $data [ 'verified' ]) : 0 ;
$publish = x ( $data , 'profile_publish_reg' ) && intval ( $data [ 'profile_publish_reg' ]) ? 1 : 0 ;
$netpublish = strlen ( Config :: get ( 'system' , 'directory' )) ? $publish : 0 ;
if ( $password1 != $confirm ) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Passwords do not match. Password unchanged.' ));
2017-12-13 03:07:03 +01:00
} elseif ( $password1 != '' ) {
2017-12-04 04:27:49 +01:00
$password = $password1 ;
}
if ( $using_invites ) {
if ( ! $invite_id ) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'An invitation is required.' ));
2017-12-04 04:27:49 +01:00
}
2017-12-13 03:07:03 +01:00
if ( ! dba :: exists ( 'register' , [ 'hash' => $invite_id ])) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Invitation could not be verified.' ));
2017-12-04 04:27:49 +01:00
}
}
if ( ! x ( $username ) || ! x ( $email ) || ! x ( $nickname )) {
if ( $openid_url ) {
2018-01-27 17:13:41 +01:00
if ( ! Network :: isUrlValid ( $openid_url )) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Invalid OpenID url' ));
2017-12-04 04:27:49 +01:00
}
$_SESSION [ 'register' ] = 1 ;
$_SESSION [ 'openid' ] = $openid_url ;
2018-01-25 03:08:45 +01:00
$openid = new LightOpenID ;
2017-12-04 04:27:49 +01:00
$openid -> identity = $openid_url ;
$openid -> returnUrl = System :: baseUrl () . '/openid' ;
2018-01-15 14:05:12 +01:00
$openid -> required = [ 'namePerson/friendly' , 'contact/email' , 'namePerson' ];
$openid -> optional = [ 'namePerson/first' , 'media/image/aspect11' , 'media/image/default' ];
2017-12-04 04:27:49 +01:00
try {
$authurl = $openid -> authUrl ();
} catch ( Exception $e ) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.' ) . EOL . EOL . L10n :: t ( 'The error message was:' ) . $e -> getMessage (), 0 , $e );
2017-12-04 04:27:49 +01:00
}
goaway ( $authurl );
// NOTREACHED
}
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Please enter the required information.' ));
2017-12-04 04:27:49 +01:00
}
2018-01-27 17:13:41 +01:00
if ( ! Network :: isUrlValid ( $openid_url )) {
2017-12-04 04:27:49 +01:00
$openid_url = '' ;
}
$err = '' ;
// collapse multiple spaces in name
$username = preg_replace ( '/ +/' , ' ' , $username );
if ( mb_strlen ( $username ) > 48 ) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Please use a shorter name.' ));
2017-12-04 04:27:49 +01:00
}
if ( mb_strlen ( $username ) < 3 ) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Name too short.' ));
2017-12-04 04:27:49 +01:00
}
// So now we are just looking for a space in the full name.
$loose_reg = Config :: get ( 'system' , 'no_regfullname' );
if ( ! $loose_reg ) {
$username = mb_convert_case ( $username , MB_CASE_TITLE , 'UTF-8' );
if ( ! strpos ( $username , ' ' )) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( " That doesn't appear to be your full \x28 First Last \x29 name. " ));
2017-12-04 04:27:49 +01:00
}
}
2018-01-27 17:13:41 +01:00
if ( ! Network :: isEmailDomainAllowed ( $email )) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Your email domain is not among those allowed on this site.' ));
2017-12-04 04:27:49 +01:00
}
2018-01-27 17:13:41 +01:00
if ( ! valid_email ( $email ) || ! Network :: isEmailDomainValid ( $email )) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Not a valid email address.' ));
2017-12-04 04:27:49 +01:00
}
2018-03-04 23:23:52 +01:00
if ( Config :: get ( 'system' , 'block_extended_register' , false ) && dba :: exists ( 'user' , [ 'email' => $email ])) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Cannot use that email.' ));
2017-12-13 03:07:03 +01:00
}
2017-12-04 04:27:49 +01:00
// Disallow somebody creating an account using openid that uses the admin email address,
// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
2017-12-13 03:07:03 +01:00
if ( x ( $a -> config , 'admin_email' ) && strlen ( $openid_url )) {
$adminlist = explode ( ',' , str_replace ( ' ' , '' , strtolower ( $a -> config [ 'admin_email' ])));
if ( in_array ( strtolower ( $email ), $adminlist )) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Cannot use that email.' ));
2017-12-04 04:27:49 +01:00
}
}
$nickname = $data [ 'nickname' ] = strtolower ( $nickname );
2017-12-13 03:07:03 +01:00
if ( ! preg_match ( '/^[a-z0-9][a-z0-9\_]*$/' , $nickname )) {
2018-01-24 22:51:32 +01:00
throw new Exception ( L10n :: t ( 'Your nickname can only contain a-z, 0-9 and _.' ));
2017-12-04 04:27:49 +01:00
}
2017-12-13 03:07:03 +01:00
// Check existing and deleted accounts for this nickname.
if ( dba :: exists ( 'user' , [ 'nickname' => $nickname ])
|| dba :: exists ( 'userd' , [ 'username' => $nickname ])
) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Nickname is already registered. Please choose another.' ));
2017-12-04 04:27:49 +01:00
}
2018-01-20 04:49:06 +01:00
$new_password = strlen ( $password ) ? $password : User :: generateNewPassword ();
$new_password_encoded = self :: hashPassword ( $new_password );
2017-12-04 04:27:49 +01:00
2017-12-13 02:43:21 +01:00
$return [ 'password' ] = $new_password ;
2017-12-04 04:27:49 +01:00
2017-12-30 17:51:49 +01:00
$keys = Crypto :: newKeypair ( 4096 );
2017-12-04 04:27:49 +01:00
if ( $keys === false ) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'SERIOUS ERROR: Generation of security keys failed.' ));
2017-12-04 04:27:49 +01:00
}
$prvkey = $keys [ 'prvkey' ];
$pubkey = $keys [ 'pubkey' ];
// Create another keypair for signing/verifying salmon protocol messages.
2017-12-30 17:51:49 +01:00
$sres = Crypto :: newKeypair ( 512 );
2017-12-04 04:27:49 +01:00
$sprvkey = $sres [ 'prvkey' ];
$spubkey = $sres [ 'pubkey' ];
2017-12-13 03:07:03 +01:00
$insert_result = dba :: insert ( 'user' , [
'guid' => generate_user_guid (),
'username' => $username ,
'password' => $new_password_encoded ,
'email' => $email ,
'openid' => $openid_url ,
'nickname' => $nickname ,
'pubkey' => $pubkey ,
'prvkey' => $prvkey ,
'spubkey' => $spubkey ,
'sprvkey' => $sprvkey ,
'verified' => $verified ,
'blocked' => $blocked ,
'timezone' => 'UTC' ,
2018-01-27 03:38:34 +01:00
'register_date' => DateTimeFormat :: utcNow (),
2017-12-13 03:07:03 +01:00
'default-location' => ''
]);
if ( $insert_result ) {
$uid = dba :: lastInsertId ();
2018-01-10 14:36:02 +01:00
$user = dba :: selectFirst ( 'user' , [], [ 'uid' => $uid ]);
2017-12-04 04:27:49 +01:00
} else {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'An error occurred during registration. Please try again.' ));
2017-12-04 04:27:49 +01:00
}
2017-12-13 03:07:03 +01:00
if ( ! $uid ) {
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'An error occurred during registration. Please try again.' ));
2017-12-04 04:27:49 +01:00
}
2017-12-13 03:07:03 +01:00
// if somebody clicked submit twice very quickly, they could end up with two accounts
// due to race condition. Remove this one.
$user_count = dba :: count ( 'user' , [ 'nickname' => $nickname ]);
if ( $user_count > 1 ) {
dba :: delete ( 'user' , [ 'uid' => $uid ]);
2017-12-04 04:27:49 +01:00
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'Nickname is already registered. Please choose another.' ));
2017-12-13 03:07:03 +01:00
}
2017-12-13 02:43:21 +01:00
2017-12-13 03:07:03 +01:00
$insert_result = dba :: insert ( 'profile' , [
'uid' => $uid ,
'name' => $username ,
'photo' => System :: baseUrl () . " /photo/profile/ { $uid } .jpg " ,
'thumb' => System :: baseUrl () . " /photo/avatar/ { $uid } .jpg " ,
'publish' => $publish ,
'is-default' => 1 ,
'net-publish' => $netpublish ,
2018-01-22 15:54:13 +01:00
'profile-name' => L10n :: t ( 'default' )
2017-12-13 03:07:03 +01:00
]);
if ( ! $insert_result ) {
dba :: delete ( 'user' , [ 'uid' => $uid ]);
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'An error occurred creating your default profile. Please try again.' ));
2017-12-13 03:07:03 +01:00
}
2017-12-04 04:27:49 +01:00
2017-12-13 03:07:03 +01:00
// Create the self contact
if ( ! Contact :: createSelfFromUserId ( $uid )) {
dba :: delete ( 'user' , [ 'uid' => $uid ]);
2017-12-13 02:43:21 +01:00
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'An error occurred creating your self contact. Please try again.' ));
2017-12-13 03:07:03 +01:00
}
2017-12-04 04:27:49 +01:00
2017-12-13 03:07:03 +01:00
// Create a group with no members. This allows somebody to use it
// right away as a default group for new contacts.
2018-01-22 15:54:13 +01:00
$def_gid = Group :: create ( $uid , L10n :: t ( 'Friends' ));
2017-12-13 03:07:03 +01:00
if ( ! $def_gid ) {
dba :: delete ( 'user' , [ 'uid' => $uid ]);
2017-12-04 04:27:49 +01:00
2018-01-22 15:54:13 +01:00
throw new Exception ( L10n :: t ( 'An error occurred creating your default contact group. Please try again.' ));
2017-12-13 03:07:03 +01:00
}
2017-12-04 04:27:49 +01:00
2017-12-13 03:07:03 +01:00
$fields = [ 'def_gid' => $def_gid ];
if ( Config :: get ( 'system' , 'newuser_private' ) && $def_gid ) {
$fields [ 'allow_gid' ] = '<' . $def_gid . '>' ;
2017-12-04 04:27:49 +01:00
}
2017-12-13 03:07:03 +01:00
dba :: update ( 'user' , $fields , [ 'uid' => $uid ]);
2017-12-04 04:27:49 +01:00
// if we have no OpenID photo try to look up an avatar
if ( ! strlen ( $photo )) {
2018-01-27 17:13:41 +01:00
$photo = Network :: lookupAvatarByEmail ( $email );
2017-12-04 04:27:49 +01:00
}
2018-01-17 20:22:38 +01:00
// unless there is no avatar-addon loaded
2017-12-04 04:27:49 +01:00
if ( strlen ( $photo )) {
$photo_failure = false ;
$filename = basename ( $photo );
2018-01-27 17:13:41 +01:00
$img_str = Network :: fetchUrl ( $photo , true );
2017-12-04 04:27:49 +01:00
// guess mimetype from headers or filename
2017-12-07 14:56:11 +01:00
$type = Image :: guessType ( $photo , true );
2017-12-04 04:27:49 +01:00
2017-12-07 14:56:11 +01:00
$Image = new Image ( $img_str , $type );
if ( $Image -> isValid ()) {
$Image -> scaleToSquare ( 175 );
2017-12-04 04:27:49 +01:00
2018-02-20 11:02:07 +01:00
$hash = Photo :: newResource ();
2017-12-04 04:27:49 +01:00
2018-01-22 15:54:13 +01:00
$r = Photo :: store ( $Image , $uid , 0 , $hash , $filename , L10n :: t ( 'Profile Photos' ), 4 );
2017-12-04 04:27:49 +01:00
if ( $r === false ) {
$photo_failure = true ;
}
2017-12-07 14:56:11 +01:00
$Image -> scaleDown ( 80 );
2017-12-04 04:27:49 +01:00
2018-01-22 15:54:13 +01:00
$r = Photo :: store ( $Image , $uid , 0 , $hash , $filename , L10n :: t ( 'Profile Photos' ), 5 );
2017-12-04 04:27:49 +01:00
if ( $r === false ) {
$photo_failure = true ;
}
2017-12-07 14:56:11 +01:00
$Image -> scaleDown ( 48 );
2017-12-04 04:27:49 +01:00
2018-01-22 15:54:13 +01:00
$r = Photo :: store ( $Image , $uid , 0 , $hash , $filename , L10n :: t ( 'Profile Photos' ), 6 );
2017-12-04 04:27:49 +01:00
if ( $r === false ) {
$photo_failure = true ;
}
if ( ! $photo_failure ) {
2017-12-13 03:07:03 +01:00
dba :: update ( 'photo' , [ 'profile' => 1 ], [ 'resource-id' => $hash ]);
2017-12-04 04:27:49 +01:00
}
}
}
2018-01-17 19:42:40 +01:00
Addon :: callHooks ( 'register_account' , $uid );
2017-12-04 04:27:49 +01:00
2017-12-16 02:47:10 +01:00
$return [ 'user' ] = $user ;
return $return ;
2017-12-04 04:27:49 +01:00
}
/**
* @ brief Sends pending registration confiŕmation email
*
* @ param string $email
* @ param string $sitename
* @ param string $username
* @ return NULL | boolean from notification () and email () inherited
*/
public static function sendRegisterPendingEmail ( $email , $sitename , $username )
{
2018-01-22 15:54:13 +01:00
$body = deindent ( L10n :: t ( '
2017-12-04 04:27:49 +01:00
Dear % 1 $s ,
Thank you for registering at % 2 $s . Your account is pending for approval by the administrator .
' ));
$body = sprintf ( $body , $username , $sitename );
2018-01-15 14:05:12 +01:00
return notification ([
2017-12-04 04:27:49 +01:00
'type' => SYSTEM_EMAIL ,
'to_email' => $email ,
2018-01-24 03:59:16 +01:00
'subject' => L10n :: t ( 'Registration at %s' , $sitename ),
2018-01-15 14:05:12 +01:00
'body' => $body ]);
2017-12-04 04:27:49 +01:00
}
/**
* @ brief Sends registration confirmation
*
* It ' s here as a function because the mail is sent from different parts
*
* @ param string $email
* @ param string $sitename
* @ param string $siteurl
* @ param string $username
* @ param string $password
* @ return NULL | boolean from notification () and email () inherited
*/
public static function sendRegisterOpenEmail ( $email , $sitename , $siteurl , $username , $password )
{
2018-01-22 15:54:13 +01:00
$preamble = deindent ( L10n :: t ( '
2017-12-04 04:27:49 +01:00
Dear % 1 $s ,
Thank you for registering at % 2 $s . Your account has been created .
' ));
2018-01-22 15:54:13 +01:00
$body = deindent ( L10n :: t ( '
2017-12-04 04:27:49 +01:00
The login details are as follows :
2018-04-04 21:56:34 +02:00
Site Location : % 3 $s
Login Name : % 1 $s
Password : % 5 $s
2018-04-02 18:40:52 +02:00
You may change your password from your account " Settings " page after logging
2017-12-04 04:27:49 +01:00
in .
Please take a few moments to review the other account settings on that page .
You may also wish to add some basic information to your default profile
2018-01-24 22:51:32 +01:00
' . "\x28" . ' on the " Profiles " page ' . "\x29" . ' so that other people can easily find you .
2017-12-04 04:27:49 +01:00
We recommend setting your full name , adding a profile photo ,
2018-04-02 18:40:52 +02:00
adding some profile " keywords " ' . "\x28" . ' very useful in making new friends ' . "\x29" . ' - and
2017-12-04 04:27:49 +01:00
perhaps what country you live in ; if you do not wish to be more specific
than that .
We fully respect your right to privacy , and none of these items are necessary .
If you are new and do not know anybody here , they may help
you to make some new and interesting friends .
2018-04-04 21:56:34 +02:00
If you ever want to delete your account , you can do so at % 3 $s / removeme
2017-12-04 04:27:49 +01:00
2018-04-04 21:56:34 +02:00
Thank you and welcome to % 2 $s . ' ));
2017-12-04 04:27:49 +01:00
$preamble = sprintf ( $preamble , $username , $sitename );
$body = sprintf ( $body , $email , $sitename , $siteurl , $username , $password );
2018-01-15 14:05:12 +01:00
return notification ([
2017-12-04 04:27:49 +01:00
'type' => SYSTEM_EMAIL ,
'to_email' => $email ,
2018-01-24 03:59:16 +01:00
'subject' => L10n :: t ( 'Registration details for %s' , $sitename ),
2017-12-04 04:27:49 +01:00
'preamble' => $preamble ,
2018-01-15 14:05:12 +01:00
'body' => $body ]);
2017-12-04 04:27:49 +01:00
}
2017-11-20 17:14:35 +01:00
/**
* @ param object $uid user to remove
* @ return void
*/
2017-11-19 22:55:28 +01:00
public static function remove ( $uid )
{
if ( ! $uid ) {
return ;
}
logger ( 'Removing user: ' . $uid );
2018-01-10 14:36:02 +01:00
$user = dba :: selectFirst ( 'user' , [], [ 'uid' => $uid ]);
2017-11-19 22:55:28 +01:00
2018-01-17 19:42:40 +01:00
Addon :: callHooks ( 'remove_user' , $user );
2017-11-19 22:55:28 +01:00
// save username (actually the nickname as it is guaranteed
// unique), so it cannot be re-registered in the future.
2017-11-26 20:55:47 +01:00
dba :: insert ( 'userd' , [ 'username' => $user [ 'nickname' ]]);
2017-11-19 22:55:28 +01:00
// The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php)
2018-01-27 03:38:34 +01:00
dba :: update ( 'user' , [ 'account_removed' => true , 'account_expires_on' => DateTimeFormat :: utcNow ()], [ 'uid' => $uid ]);
2017-11-19 22:55:28 +01:00
Worker :: add ( PRIORITY_HIGH , " Notifier " , " removeme " , $uid );
// Send an update to the directory
2017-11-26 20:55:47 +01:00
Worker :: add ( PRIORITY_LOW , " Directory " , $user [ 'url' ]);
2017-11-19 22:55:28 +01:00
if ( $uid == local_user ()) {
unset ( $_SESSION [ 'authenticated' ]);
unset ( $_SESSION [ 'uid' ]);
goaway ( System :: baseUrl ());
}
}
}