Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1147 lines
33 KiB

<?php
/**
* @file src/Model/User.php
* @brief This file includes the User class with user related database functions
*/
namespace Friendica\Model;
use DivineOmega\PasswordExposed;
use Exception;
use Friendica\Core\Config;
use Friendica\Core\Hook;
use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\TwoFactor\AppSpecificPassword;
use Friendica\Object\Image;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Images;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Worker\Delivery;
use LightOpenID;
/**
* @brief This class handles User related functions
*/
class User
{
/**
* Page/profile types
*
* PAGE_FLAGS_NORMAL is a typical personal profile account
* PAGE_FLAGS_SOAPBOX automatically approves all friend requests as Contact::SHARING, (readonly)
* PAGE_FLAGS_COMMUNITY automatically approves all friend requests as Contact::SHARING, but with
* write access to wall and comments (no email and not included in page owner's ACL lists)
* PAGE_FLAGS_FREELOVE automatically approves all friend requests as full friends (Contact::FRIEND).
*
* @{
*/
const PAGE_FLAGS_NORMAL = 0;
const PAGE_FLAGS_SOAPBOX = 1;
const PAGE_FLAGS_COMMUNITY = 2;
const PAGE_FLAGS_FREELOVE = 3;
const PAGE_FLAGS_BLOG = 4;
const PAGE_FLAGS_PRVGROUP = 5;
/**
* @}
*/
/**
* Account types
*
* ACCOUNT_TYPE_PERSON - the account belongs to a person
* Associated page types: PAGE_FLAGS_NORMAL, PAGE_FLAGS_SOAPBOX, PAGE_FLAGS_FREELOVE
*
* ACCOUNT_TYPE_ORGANISATION - the account belongs to an organisation
* Associated page type: PAGE_FLAGS_SOAPBOX
*
* ACCOUNT_TYPE_NEWS - the account is a news reflector
* Associated page type: PAGE_FLAGS_SOAPBOX
*
* ACCOUNT_TYPE_COMMUNITY - the account is community forum
* Associated page types: PAGE_COMMUNITY, PAGE_FLAGS_PRVGROUP
*
* ACCOUNT_TYPE_RELAY - the account is a relay
* This will only be assigned to contacts, not to user accounts
* @{
*/
const ACCOUNT_TYPE_PERSON = 0;
const ACCOUNT_TYPE_ORGANISATION = 1;
const ACCOUNT_TYPE_NEWS = 2;
const ACCOUNT_TYPE_COMMUNITY = 3;
const ACCOUNT_TYPE_RELAY = 4;
/**
* @}
*/
/**
* Returns true if a user record exists with the provided id
*
* @param integer $uid
* @return boolean
* @throws Exception
*/
public static function exists($uid)
{
return DBA::exists('user', ['uid' => $uid]);
}
/**
* @param integer $uid
* @param array $fields
* @return array|boolean User record if it exists, false otherwise
* @throws Exception
*/
public static function getById($uid, array $fields = [])
{
return DBA::selectFirst('user', $fields, ['uid' => $uid]);
}
/**
* Returns a user record based on it's GUID
*
* @param string $guid The guid of the user
* @param array $fields The fields to retrieve
* @param bool $active True, if only active records are searched
*
* @return array|boolean User record if it exists, false otherwise
* @throws Exception
*/
public static function getByGuid(string $guid, array $fields = [], bool $active = true)
{
if ($active) {
$cond = ['guid' => $guid, 'account_expired' => false, 'account_removed' => false];
} else {
$cond = ['guid' => $guid];
}
return DBA::selectFirst('user', $fields, $cond);
}
/**
* @param string $nickname
* @param array $fields
* @return array|boolean User record if it exists, false otherwise
* @throws Exception
*/
public static function getByNickname($nickname, array $fields = [])
{
return DBA::selectFirst('user', $fields, ['nickname' => $nickname]);
}
/**
* @brief Returns the user id of a given profile URL
*
* @param string $url
*
* @return integer user id
* @throws Exception
*/
public static function getIdForURL($url)
{
$self = DBA::selectFirst('contact', ['uid'], ['nurl' => Strings::normaliseLink($url), 'self' => true]);
if (!DBA::isResult($self)) {
return false;
} else {
return $self['uid'];
}
}
/**
3 years ago
* Get a user based on its email
*
* @param string $email
* @param array $fields
*
* @return array|boolean User record if it exists, false otherwise
*
* @throws Exception
*/
public static function getByEmail($email, array $fields = [])
{
return DBA::selectFirst('user', $fields, ['email' => $email]);
}
/**
* @brief Get owner data by user id
*
* @param int $uid
* @param boolean $check_valid Test if data is invalid and correct it
* @return boolean|array
* @throws Exception
*/
public static function getOwnerDataById($uid, $check_valid = true)
{
$r = DBA::fetchFirst(
"SELECT
`contact`.*,
`user`.`prvkey` AS `uprvkey`,
`user`.`timezone`,
`user`.`nickname`,
`user`.`sprvkey`,
`user`.`spubkey`,
`user`.`page-flags`,
`user`.`account-type`,
`user`.`prvnets`,
`user`.`account_removed`,
`user`.`hidewall`
FROM `contact`
INNER JOIN `user`
ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`uid` = ?
4 years ago
AND `contact`.`self`
LIMIT 1",
$uid
);
if (!DBA::isResult($r)) {
return false;
}
if (empty($r['nickname'])) {
return false;
}
if (!$check_valid) {
return $r;
}
// Check if the returned data is valid, otherwise fix it. See issue #6122
// Check for correct url and normalised nurl
$url = DI::baseUrl() . '/profile/' . $r['nickname'];
$repair = ($r['url'] != $url) || ($r['nurl'] != Strings::normaliseLink($r['url']));
if (!$repair) {
// Check if "addr" is present and correct
$addr = $r['nickname'] . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
$repair = ($addr != $r['addr']);
}
if (!$repair) {
// Check if the avatar field is filled and the photo directs to the correct path
$avatar = Photo::selectFirst(['resource-id'], ['uid' => $uid, 'profile' => true]);
if (DBA::isResult($avatar)) {
$repair = empty($r['avatar']) || !strpos($r['photo'], $avatar['resource-id']);
}
}
if ($repair) {
Contact::updateSelfFromUserID($uid);
// Return the corrected data and avoid a loop
$r = self::getOwnerDataById($uid, false);
}
4 years ago
return $r;
}
/**
* @brief Get owner data by nick name
*
* @param int $nick
* @return boolean|array
* @throws Exception
*/
public static function getOwnerDataByNick($nick)
{
$user = DBA::selectFirst('user', ['uid'], ['nickname' => $nick]);
Cleanups: isResult() more used, readability improved (#5608) * [diaspora]: Maybe SimpleXMLElement is the right type-hint? * Changes proposed + pre-renaming: - pre-renamed $db -&gt; $connection - added TODOs for not allowing bad method invocations (there is a BadMethodCallException in SPL) * If no record is found, below $r[0] will fail with a E_NOTICE and the code doesn&#39;t behave as expected. * Ops, one more left ... * Continued: - added documentation for Contact::updateSslPolicy() method - added type-hint for $contact of same method - empty lines added + TODO where the bug origins that $item has no element &#39;body&#39; * Added empty lines for better readability * Cleaned up: - no more x() (deprecated) usage but empty() instead - fixed mixing of space/tab indending - merged else/if block goether in elseif() (lesser nested code blocks) * Re-fixed DBM -&gt; DBA switch * Fixes/rewrites: - use empty()/isset() instead of deprecated x() - merged 2 nested if() blocks into one - avoided nested if() block inside else block by rewriting it to elseif() - $contact_id is an integer, let&#39;s test on &gt; 0 here - added a lot spaces and some empty lines for better readability * Rewrite: - moved all CONTACT_* constants from boot.php to Contact class * CR request: - renamed Contact::CONTACT_IS_* -&gt; Contact::* ;-) * Rewrites: - moved PAGE_* to Friendica\Model\Profile class - fixed mixure with &#34;Contact::* rewrite&#34; * Ops, one still there (return is no function) * Rewrite to Proxy class: - introduced new Friendica\Network\Proxy class for in exchange of proxy_*() functions - moved also all PROXY_* constants there as Proxy::* - removed now no longer needed mod/proxy.php loading as composer&#39;s auto-load will do this for us - renamed those proxy_*() functions to better names: + proxy_init() -&gt; Proxy::init() (public) + proxy_url() -&gt; Proxy::proxifyUrl() (public) + proxy_parse_html() -&gt; Proxy::proxifyHtml() (public) + proxy_is_local_image() -&gt; Proxy::isLocalImage() (private) + proxy_parse_query() -&gt; Proxy::parseQuery() (private) + proxy_img_cb() -&gt; Proxy::replaceUrl() (private) * CR request: - moved all PAGE_* constants to Friendica\Model\Contact class - fixed all references of both classes * Ops, need to set $a here ... * CR request: - moved Proxy class to Friendica\Module - extended BaseModule * Ops, no need for own instance of $a when self::getApp() is around. * Proxy-rewrite: - proxy_url() and proxy_parse_html() are both non-module functions (now methods) - so they must be splitted into a seperate class - also the SIZE_* and DEFAULT_TIME constants are both not relevant to module * No instances from utility classes * Fixed error: - proxify*() is now located in `Friendica\Util\ProxyUtils` * Moved back to original place, ops? How did they move here? Well, it was not intended by me. * Removed duplicate (left-over from split) constants and static array. Thank to MrPetovan finding it. * Renamed ProxyUtils -&gt; Proxy and aliased it back to ProxyUtils. * Rewrite: - stopped using deprecated NETWORK_* constants, now Protocol::* should be used - still left them intact for slow/lazy developers ... * Ops, was added accidentally ... * Ops, why these wrong moves? * Ops, one to much (thanks to MrPetovan) * Ops, wrong moving ... * moved back to original place ... * spaces added * empty lines add for better readability. * convertered spaces -&gt; tab for code indenting. * CR request: Add space between if and brace. * CR requests fixed + move reverted - ops, src/Module/*.php has been moved to src/Network/ accidentally - reverted some parts in src/Database/DBA.php as pointed out by Annando - removed internal TODO items - added some spaces for better readability
3 years ago
if (!DBA::isResult($user)) {
return false;
}
Cleanups: isResult() more used, readability improved (#5608) * [diaspora]: Maybe SimpleXMLElement is the right type-hint? * Changes proposed + pre-renaming: - pre-renamed $db -&gt; $connection - added TODOs for not allowing bad method invocations (there is a BadMethodCallException in SPL) * If no record is found, below $r[0] will fail with a E_NOTICE and the code doesn&#39;t behave as expected. * Ops, one more left ... * Continued: - added documentation for Contact::updateSslPolicy() method - added type-hint for $contact of same method - empty lines added + TODO where the bug origins that $item has no element &#39;body&#39; * Added empty lines for better readability * Cleaned up: - no more x() (deprecated) usage but empty() instead - fixed mixing of space/tab indending - merged else/if block goether in elseif() (lesser nested code blocks) * Re-fixed DBM -&gt; DBA switch * Fixes/rewrites: - use empty()/isset() instead of deprecated x() - merged 2 nested if() blocks into one - avoided nested if() block inside else block by rewriting it to elseif() - $contact_id is an integer, let&#39;s test on &gt; 0 here - added a lot spaces and some empty lines for better readability * Rewrite: - moved all CONTACT_* constants from boot.php to Contact class * CR request: - renamed Contact::CONTACT_IS_* -&gt; Contact::* ;-) * Rewrites: - moved PAGE_* to Friendica\Model\Profile class - fixed mixure with &#34;Contact::* rewrite&#34; * Ops, one still there (return is no function) * Rewrite to Proxy class: - introduced new Friendica\Network\Proxy class for in exchange of proxy_*() functions - moved also all PROXY_* constants there as Proxy::* - removed now no longer needed mod/proxy.php loading as composer&#39;s auto-load will do this for us - renamed those proxy_*() functions to better names: + proxy_init() -&gt; Proxy::init() (public) + proxy_url() -&gt; Proxy::proxifyUrl() (public) + proxy_parse_html() -&gt; Proxy::proxifyHtml() (public) + proxy_is_local_image() -&gt; Proxy::isLocalImage() (private) + proxy_parse_query() -&gt; Proxy::parseQuery() (private) + proxy_img_cb() -&gt; Proxy::replaceUrl() (private) * CR request: - moved all PAGE_* constants to Friendica\Model\Contact class - fixed all references of both classes * Ops, need to set $a here ... * CR request: - moved Proxy class to Friendica\Module - extended BaseModule * Ops, no need for own instance of $a when self::getApp() is around. * Proxy-rewrite: - proxy_url() and proxy_parse_html() are both non-module functions (now methods) - so they must be splitted into a seperate class - also the SIZE_* and DEFAULT_TIME constants are both not relevant to module * No instances from utility classes * Fixed error: - proxify*() is now located in `Friendica\Util\ProxyUtils` * Moved back to original place, ops? How did they move here? Well, it was not intended by me. * Removed duplicate (left-over from split) constants and static array. Thank to MrPetovan finding it. * Renamed ProxyUtils -&gt; Proxy and aliased it back to ProxyUtils. * Rewrite: - stopped using deprecated NETWORK_* constants, now Protocol::* should be used - still left them intact for slow/lazy developers ... * Ops, was added accidentally ... * Ops, why these wrong moves? * Ops, one to much (thanks to MrPetovan) * Ops, wrong moving ... * moved back to original place ... * spaces added * empty lines add for better readability. * convertered spaces -&gt; tab for code indenting. * CR request: Add space between if and brace. * CR requests fixed + move reverted - ops, src/Module/*.php has been moved to src/Network/ accidentally - reverted some parts in src/Database/DBA.php as pointed out by Annando - removed internal TODO items - added some spaces for better readability
3 years ago
return self::getOwnerDataById($user['uid']);
}
/**
* @brief Returns the default group for a given user and network
*
* @param int $uid User id
* @param string $network network name
*
* @return int group id
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
public static function getDefaultGroup($uid, $network = '')
{
$default_group = 0;
if ($network == Protocol::OSTATUS) {
$default_group = DI::pConfig()->get($uid, "ostatus", "default_group");
}
if ($default_group != 0) {
return $default_group;
}
$user = DBA::selectFirst('user', ['def_gid'], ['uid' => $uid]);
if (DBA::isResult($user)) {
$default_group = $user["def_gid"];
}
return $default_group;
}
/**
* Authenticate a user with a clear text password
*
* @brief Authenticate a user with a clear text password
* @param mixed $user_info
* @param string $password
* @param bool $third_party
* @return int|boolean
* @deprecated since version 3.6
* @see User::getIdFromPasswordAuthentication()
*/
public static function authenticate($user_info, $password, $third_party = false)
{
try {
return self::getIdFromPasswordAuthentication($user_info, $password, $third_party);
} catch (Exception $ex) {
return false;
}
}
/**
* Returns the user id associated with a successful password authentication
*
* @brief Authenticate a user with a clear text password
* @param mixed $user_info
* @param string $password
* @param bool $third_party
* @return int User Id if authentication is successful
* @throws Exception
*/
public static function getIdFromPasswordAuthentication($user_info, $password, $third_party = false)
{
$user = self::getAuthenticationInfo($user_info);
if ($third_party && DI::pConfig()->get($user['uid'], '2fa', 'verified')) {
// Third-party apps can't verify two-factor authentication, we use app-specific passwords instead
if (AppSpecificPassword::authenticateUser($user['uid'], $password)) {
return $user['uid'];
}
} elseif (strpos($user['password'], '$') === false) {
//Legacy hash that has not been replaced by a new hash yet
if (self::hashPasswordLegacy($password) === $user['password']) {
self::updatePasswordHashed($user['uid'], self::hashPassword($password));
return $user['uid'];
}
} elseif (!empty($user['legacy_password'])) {
//Legacy hash that has been double-hashed and not replaced by a new hash yet
//Warning: `legacy_password` is not necessary in sync with the content of `password`
if (password_verify(self::hashPasswordLegacy($password), $user['password'])) {
self::updatePasswordHashed($user['uid'], self::hashPassword($password));
return $user['uid'];
}
} elseif (password_verify($password, $user['password'])) {
//New password hash
if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
self::updatePasswordHashed($user['uid'], self::hashPassword($password));
}
return $user['uid'];
}
throw new Exception(L10n::t('Login failed'));
}
/**
* Returns authentication info from various parameters types
*
* User info can be any of the following:
* - User DB object
* - User Id
* - User email or username or nickname
* - User array with at least the uid and the hashed password
*
* @param mixed $user_info
* @return array
* @throws Exception
*/
private static function getAuthenticationInfo($user_info)
{
$user = null;
if (is_object($user_info) || is_array($user_info)) {
if (is_object($user_info)) {
$user = (array) $user_info;
} else {
$user = $user_info;
}
if (
!isset($user['uid'])
|| !isset($user['password'])
|| !isset($user['legacy_password'])
) {
throw new Exception(L10n::t('Not enough information to authenticate'));
}
} elseif (is_int($user_info) || is_string($user_info)) {
if (is_int($user_info)) {
$user = DBA::selectFirst(
'user',
['uid', 'password', 'legacy_password'],
[
'uid' => $user_info,
'blocked' => 0,
'account_expired' => 0,
'account_removed' => 0,
'verified' => 1
]
);
} else {
$fields = ['uid', 'password', 'legacy_password'];
$condition = [
"(`email` = ? OR `username` = ? OR `nickname` = ?)
AND NOT `blocked` AND NOT `account_expired` AND NOT `account_removed` AND `verified`",
$user_info, $user_info, $user_info
];
$user = DBA::selectFirst('user', $fields, $condition);
}
if (!DBA::isResult($user)) {
throw new Exception(L10n::t('User not found'));
}
}
return $user;
}
/**
* Generates a human-readable random password
*
* @return string
*/
public static function generateNewPassword()
{
return ucfirst(Strings::getRandomName(8)) . random_int(1000, 9999);
}
/**
* Checks if the provided plaintext password has been exposed or not
*
* @param string $password
* @return bool
* @throws Exception
*/
public static function isPasswordExposed($password)
{
$cache = new \DivineOmega\DOFileCachePSR6\CacheItemPool();
$cache->changeConfig([
'cacheDirectory' => get_temppath() . '/password-exposed-cache/',
]);
try {
$passwordExposedChecker = new PasswordExposed\PasswordExposedChecker(null, $cache);
return $passwordExposedChecker->passwordExposed($password) === PasswordExposed\PasswordStatus::EXPOSED;
} catch (\Exception $e) {
Logger::error('Password Exposed Exception: ' . $e->getMessage(), [
'code' => $e->getCode(),
'file' => $e->getFile(),
'line' => $e->getLine(),
'trace' => $e->getTraceAsString()
]);
return false;
}
}
/**
* Legacy hashing function, kept for password migration purposes
*
* @param string $password
* @return string
*/
private static function hashPasswordLegacy($password)
{
return hash('whirlpool', $password);
}
/**
* Global user password hashing function
*
* @param string $password
* @return string
* @throws Exception
*/
public static function hashPassword($password)
{
if (!trim($password)) {
throw new Exception(L10n::t('Password can\'t be empty'));
}
return password_hash($password, PASSWORD_DEFAULT);
}
/**
* Updates a user row with a new plaintext password
*
* @param int $uid
* @param string $password
* @return bool
* @throws Exception
*/
public static function updatePassword($uid, $password)
{
$password = trim($password);
if (empty($password)) {
throw new Exception(L10n::t('Empty passwords are not allowed.'));
}
if (!Config::get('system', 'disable_password_exposed', false) && self::isPasswordExposed($password)) {
throw new Exception(L10n::t('The new password has been exposed in a public data dump, please choose another.'));
}
$allowed_characters = '!"#$%&\'()*+,-./;<=>?@[\]^_`{|}~';
if (!preg_match('/^[a-z0-9' . preg_quote($allowed_characters, '/') . ']+$/i', $password)) {
throw new Exception(L10n::t('The password can\'t contain accentuated letters, white spaces or colons (:)'));
}
return self::updatePasswordHashed($uid, self::hashPassword($password));
}
/**
* Updates a user row with a new hashed password.
* Empties the password reset token field just in case.
*
* @param int $uid
* @param string $pasword_hashed
* @return bool
* @throws Exception
*/
private static function updatePasswordHashed($uid, $pasword_hashed)
{
$fields = [
'password' => $pasword_hashed,
'pwdreset' => null,
'pwdreset_time' => null,
'legacy_password' => false
];
return DBA::update('user', $fields, ['uid' => $uid]);
}
/**
* @brief Checks if a nickname is in the list of the forbidden nicknames
*
* Check if a nickname is forbidden from registration on the node by the
* admin. Forbidden nicknames (e.g. role namess) can be configured in the
* admin panel.
*
* @param string $nickname The nickname that should be checked
* @return boolean True is the nickname is blocked on the node
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
public static function isNicknameBlocked($nickname)
{
$forbidden_nicknames = Config::get('system', 'forbidden_nicknames', '');
// if the config variable is empty return false
if (empty($forbidden_nicknames)) {
return false;
}
// check if the nickname is in the list of blocked nicknames
$forbidden = explode(',', $forbidden_nicknames);
$forbidden = array_map('trim', $forbidden);
if (in_array(strtolower($nickname), $forbidden)) {
return true;
}
// else return false
return false;
}
/**
* @brief Catch-all user creation function
*
* Creates a user from the provided data array, either form fields or OpenID.
* Required: { username, nickname, email } or { openid_url }
*
* Performs the following:
* - Sends to the OpenId auth URL (if relevant)
* - Creates new key pairs for crypto
* - Create self-contact
* - Create profile image
*
* @param array $data
* @return array
* @throws \ErrorException
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
* @throws \ImagickException
* @throws Exception
*/
public static function create(array $data)
{
$return = ['user' => null, 'password' => ''];
$using_invites = Config::get('system', 'invitation_only');
$invite_id = !empty($data['invite_id']) ? Strings::escapeTags(trim($data['invite_id'])) : '';
$username = !empty($data['username']) ? Strings::escapeTags(trim($data['username'])) : '';
$nickname = !empty($data['nickname']) ? Strings::escapeTags(trim($data['nickname'])) : '';
$email = !empty($data['email']) ? Strings::escapeTags(trim($data['email'])) : '';
$openid_url = !empty($data['openid_url']) ? Strings::escapeTags(trim($data['openid_url'])) : '';
$photo = !empty($data['photo']) ? Strings::escapeTags(trim($data['photo'])) : '';
$password = !empty($data['password']) ? trim($data['password']) : '';
$password1 = !empty($data['password1']) ? trim($data['password1']) : '';
$confirm = !empty($data['confirm']) ? trim($data['confirm']) : '';
$blocked = !empty($data['blocked']);
$verified = !empty($data['verified']);
$language = !empty($data['language']) ? Strings::escapeTags(trim($data['language'])) : 'en';
$publish = !empty($data['profile_publish_reg']);
$netpublish = $publish && Config::get('system', 'directory');
if ($password1 != $confirm) {
throw new Exception(L10n::t('Passwords do not match. Password unchanged.'));
} elseif ($password1 != '') {
$password = $password1;
}
if ($using_invites) {
if (!$invite_id) {
throw new Exception(L10n::t('An invitation is required.'));
}
if (!Register::existsByHash($invite_id)) {
throw new Exception(L10n::t('Invitation could not be verified.'));
}
}
/// @todo Check if this part is really needed. We should have fetched all this data in advance
if (empty($username) || empty($email) || empty($nickname)) {
if ($openid_url) {
if (!Network::isUrlValid($openid_url)) {
throw new Exception(L10n::t('Invalid OpenID url'));
}
$_SESSION['register'] = 1;
$_SESSION['openid'] = $openid_url;
$openid = new LightOpenID(DI::baseUrl()->getHostname());
$openid->identity = $openid_url;
$openid->returnUrl = DI::baseUrl() . '/openid';
$openid->required = ['namePerson/friendly', 'contact/email', 'namePerson'];
$openid->optional = ['namePerson/first', 'media/image/aspect11', 'media/image/default'];
try {
$authurl = $openid->authUrl();
} catch (Exception $e) {
throw new Exception(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . EOL . EOL . L10n::t('The error message was:') . $e->getMessage(), 0, $e);
}
System::externalRedirect($authurl);
// NOTREACHED
}
throw new Exception(L10n::t('Please enter the required information.'));
}
if (!Network::isUrlValid($openid_url)) {
$openid_url = '';
}
// collapse multiple spaces in name
$username = preg_replace('/ +/', ' ', $username);
$username_min_length = max(1, min(64, intval(Config::get('system', 'username_min_length', 3))));
$username_max_length = max(1, min(64, intval(Config::get('system', 'username_max_length', 48))));
if ($username_min_length > $username_max_length) {
Logger::log(L10n::t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length), Logger::WARNING);
$tmp = $username_min_length;
$username_min_length = $username_max_length;
$username_max_length = $tmp;
}
if (mb_strlen($username) < $username_min_length) {
throw new Exception(L10n::tt('Username should be at least %s character.', 'Username should be at least %s characters.', $username_min_length));
}
if (mb_strlen($username) > $username_max_length) {
throw new Exception(L10n::tt('Username should be at most %s character.', 'Username should be at most %s characters.', $username_max_length));
}
// So now we are just looking for a space in the full name.
$loose_reg = Config::get('system', 'no_regfullname');
if (!$loose_reg) {
$username = mb_convert_case($username, MB_CASE_TITLE, 'UTF-8');
if (strpos($username, ' ') === false) {
throw new Exception(L10n::t("That doesn't appear to be your full (First Last) name."));
}
}
if (!Network::isEmailDomainAllowed($email)) {
throw new Exception(L10n::t('Your email domain is not among those allowed on this site.'));
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL) || !Network::isEmailDomainValid($email)) {
throw new Exception(L10n::t('Not a valid email address.'));
}
if (self::isNicknameBlocked($nickname)) {
throw new Exception(L10n::t('The nickname was blocked from registration by the nodes admin.'));
}
if (Config::get('system', 'block_extended_register', false) && DBA::exists('user', ['email' => $email])) {
throw new Exception(L10n::t('Cannot use that email.'));
}
// Disallow somebody creating an account using openid that uses the admin email address,
// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
if (Config::get('config', 'admin_email') && strlen($openid_url)) {
$adminlist = explode(',', str_replace(' ', '', strtolower(Config::get('config', 'admin_email'))));
if (in_array(strtolower($email), $adminlist)) {
throw new Exception(L10n::t('Cannot use that email.'));
}
}
$nickname = $data['nickname'] = strtolower($nickname);
if (!preg_match('/^[a-z0-9][a-z0-9\_]*$/', $nickname)) {
throw new Exception(L10n::t('Your nickname can only contain a-z, 0-9 and _.'));
}
// Check existing and deleted accounts for this nickname.
if (
DBA::exists('user', ['nickname' => $nickname])
|| DBA::exists('userd', ['username' => $nickname])
) {
throw new Exception(L10n::t('Nickname is already registered. Please choose another.'));
}
$new_password = strlen($password) ? $password : User::generateNewPassword();
$new_password_encoded = self::hashPassword($new_password);
$return['password'] = $new_password;
$keys = Crypto::newKeypair(4096);
if ($keys === false) {
throw new Exception(L10n::t('SERIOUS ERROR: Generation of security keys failed.'));
}
$prvkey = $keys['prvkey'];
$pubkey = $keys['pubkey'];
// Create another keypair for signing/verifying salmon protocol messages.
$sres = Crypto::newKeypair(512);
$sprvkey = $sres['prvkey'];
$spubkey = $sres['pubkey'];
$insert_result = DBA::insert('user', [
'guid' => System::createUUID(),
'username' => $username,
'password' => $new_password_encoded,
'email' => $email,