friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Use Model\Register methods in modules 

- Update registration emails to avoid storing the plaintext password in
the register table
- Remove redundant sprintf() when used with L10n::t()
- Remove redundant Systen::baseUrl() with goaway()
This commit is contained in:
Hypolite Petovan 2018-10-14 11:57:28 -04:00
parent 123992384b
commit 540adaf829
6 changed files with 55 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
mod/admin.php
View File

@ -18,13 +18,14 @@ use Friendica\Database\DBA;
use Friendica\Database\DBStructure; use Friendica\Database\DBStructure;
use Friendica\Model\Contact; use Friendica\Model\Contact;
use Friendica\Model\Item; use Friendica\Model\Item;
use Friendica\Model\Register;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Module\Login; use Friendica\Module\Login;
use Friendica\Module\Tos; use Friendica\Module\Tos;
use Friendica\Util\Arrays; use Friendica\Util\Arrays;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Temporal;
use Friendica\Util\Network; use Friendica\Util\Network;
use Friendica\Util\Temporal;
require_once 'include/enotify.php'; require_once 'include/enotify.php';
require_once 'include/text.php'; require_once 'include/text.php';
@ -895,8 +896,7 @@ function admin_page_summary(App $a)
logger('accounts: ' . print_r($accounts, true), LOGGER_DATA); logger('accounts: ' . print_r($accounts, true), LOGGER_DATA);
$r = q("SELECT COUNT(`id`) AS `count` FROM `register`"); $pending = Register::getPendingCount();
$pending = $r[0]['count'];
$r = q("SELECT COUNT(*) AS `total` FROM `queue` WHERE 1"); $r = q("SELECT COUNT(*) AS `total` FROM `queue` WHERE 1");
$queue = (($r) ? $r[0]['total'] : 0); $queue = (($r) ? $r[0]['total'] : 0);
@ -912,10 +912,10 @@ function admin_page_summary(App $a)
$r = q("SHOW variables LIKE 'max_allowed_packet'"); $r = q("SHOW variables LIKE 'max_allowed_packet'");
$max_allowed_packet = (($r) ? $r[0]['Value'] : 0); $max_allowed_packet = (($r) ? $r[0]['Value'] : 0);
$server_settings = ['label' => L10n::t('Server Settings'), $server_settings = ['label' => L10n::t('Server Settings'),
'php' => ['upload_max_filesize' => ini_get('upload_max_filesize'), 'php' => ['upload_max_filesize' => ini_get('upload_max_filesize'),
'post_max_size' => ini_get('post_max_size'), 'post_max_size' => ini_get('post_max_size'),
'memory_limit' => ini_get('memory_limit')], 'memory_limit' => ini_get('memory_limit')],
'mysql' => ['max_allowed_packet' => $max_allowed_packet]]; 'mysql' => ['max_allowed_packet' => $max_allowed_packet]];
$t = get_markup_template('admin/summary.tpl'); $t = get_markup_template('admin/summary.tpl');
@ -1792,11 +1792,7 @@ function admin_page_users(App $a)
} }
/* get pending */ /* get pending */
$pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email` $pending = Register::getPending();
FROM `register`
INNER JOIN `contact` ON `register`.`uid` = `contact`.`uid`
INNER JOIN `user` ON `register`.`uid` = `user`.`uid`;");
/* get users */ /* get users */
$total = q("SELECT COUNT(*) AS `total` FROM `user` WHERE 1"); $total = q("SELECT COUNT(*) AS `total` FROM `user` WHERE 1");

7
mod/invite.php
View File

@ -58,14 +58,9 @@ function invite_post(App $a)
} }
if ($invitation_only && ($invites_remaining || is_site_admin())) { if ($invitation_only && ($invites_remaining || is_site_admin())) {
$code = autoname(8) . srand(1000, 9999); $code = Friendica\Model\Register::createForInvitation();
$nmessage = str_replace('$invite_code', $code, $message); $nmessage = str_replace('$invite_code', $code, $message);
$r = q("INSERT INTO `register` (`hash`,`created`) VALUES ('%s', '%s') ",
DBA::escape($code),
DBA::escape(DateTimeFormat::utcNow())
);
if (! is_site_admin()) { if (! is_site_admin()) {
$invites_remaining --; $invites_remaining --;
if ($invites_remaining >= 0) { if ($invites_remaining >= 0) {

6
mod/ping.php
View File

@ -202,11 +202,7 @@ function ping_init(App $a)
$mail_count = count($mails); $mail_count = count($mails);
if (intval(Config::get('config', 'register_policy')) === REGISTER_APPROVE && is_site_admin()) { if (intval(Config::get('config', 'register_policy')) === REGISTER_APPROVE && is_site_admin()) {
$regs = q( $regs = Friendica\Model\Register::getPending();
"SELECT `contact`.`name`, `contact`.`url`, `contact`.`micro`, `register`.`created`
FROM `contact` RIGHT JOIN `register` ON `register`.`uid` = `contact`.`uid`
WHERE `contact`.`self` = 1"
);
if (DBA::isResult($regs)) { if (DBA::isResult($regs)) {
$register_count = count($regs); $register_count = count($regs);

17
mod/register.php
View File

@ -11,10 +11,8 @@ use Friendica\Core\L10n;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Core\System; use Friendica\Core\System;
use Friendica\Core\Worker; use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Model; use Friendica\Model;
use Friendica\Module\Tos; use Friendica\Module\Tos;
use Friendica\Util\DateTimeFormat;
require_once 'include/enotify.php'; require_once 'include/enotify.php';
@ -86,7 +84,7 @@ function register_post(App $a)
if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) { if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) {
if ($using_invites && $invite_id) { if ($using_invites && $invite_id) {
q("delete * from register where hash = '%s' limit 1", DBA::escape($invite_id)); Model\Register::deleteByHash($invite_id);
PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites); PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
} }
@ -122,19 +120,11 @@ function register_post(App $a)
goaway(); goaway();
} }
$hash = random_string(); Model\Register::createForApproval($user['uid'], Config::get('system', 'language'), $_POST['permonlybox']);
$r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language`, `note` ) VALUES ( '%s', '%s', %d, '%s', '%s', '%s' ) ",
DBA::escape($hash),
DBA::escape(DateTimeFormat::utcNow()),
intval($user['uid']),
DBA::escape($result['password']),
DBA::escape(Config::get('system', 'language')),
DBA::escape($_POST['permonlybox'])
);
// invite system // invite system
if ($using_invites && $invite_id) { if ($using_invites && $invite_id) {
q("DELETE * FROM `register` WHERE `hash` = '%s' LIMIT 1", DBA::escape($invite_id)); Model\Register::deleteByHash($invite_id);
PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites); PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
} }
@ -163,6 +153,7 @@ function register_post(App $a)
} }
// send notification to the user, that the registration is pending // send notification to the user, that the registration is pending
Model\User::sendRegisterPendingEmail( Model\User::sendRegisterPendingEmail(
$user['uid'],
$user['email'], $user['email'],
Config::get('config', 'sitename'), Config::get('config', 'sitename'),
$user['username'], $user['username'],

30
mod/regmod.php
View File

@ -9,6 +9,7 @@ use Friendica\Core\L10n;
use Friendica\Core\System; use Friendica\Core\System;
use Friendica\Core\Worker; use Friendica\Core\Worker;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Model\Register;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Module\Login; use Friendica\Module\Login;
@ -18,30 +19,24 @@ function user_allow($hash)
{ {
$a = get_app(); $a = get_app();
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", $register = Register::getByHash($hash);
DBA::escape($hash)
);
if (!DBA::isResult($register)) { if (!DBA::isResult($register)) {
return false; return false;
} }
$user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
intval($register[0]['uid']) intval($register['uid'])
); );
if (!DBA::isResult($user)) { if (!DBA::isResult($user)) {
killme(); killme();
} }
$r = q("DELETE FROM `register` WHERE `hash` = '%s'", Register::deleteByHash($hash);
DBA::escape($register[0]['hash'])
);
$r = q("UPDATE `user` SET `blocked` = 0, `verified` = 1 WHERE `uid` = %d", $r = q("UPDATE `user` SET `blocked` = 0, `verified` = 1 WHERE `uid` = %d",
intval($register[0]['uid']) intval($register['uid'])
); );
$r = q("SELECT * FROM `profile` WHERE `uid` = %d AND `is-default` = 1", $r = q("SELECT * FROM `profile` WHERE `uid` = %d AND `is-default` = 1",
@ -54,14 +49,14 @@ function user_allow($hash)
} }
} }
L10n::pushLang($register[0]['language']); L10n::pushLang($register['language']);
$res = User::sendRegisterOpenEmail( $res = User::sendRegisterOpenEmail(
$user[0]['email'], $user[0]['email'],
Config::get('config', 'sitename'), Config::get('config', 'sitename'),
System::baseUrl(), System::baseUrl(),
$user[0]['username'], $user[0]['username'],
$register[0]['password'], 'Sent in a previous email',
$user[0]); $user[0]);
L10n::popLang(); L10n::popLang();
@ -77,20 +72,19 @@ function user_allow($hash)
// allowed to have friends on this system // allowed to have friends on this system
function user_deny($hash) function user_deny($hash)
{ {
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", $register = Register::getByHash($hash);
DBA::escape($hash)
);
if (!DBA::isResult($register)) { if (!DBA::isResult($register)) {
return false; return false;
} }
$user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", $user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
intval($register[0]['uid']) intval($register['uid'])
); );
DBA::delete('user', ['uid' => $register[0]['uid']]); DBA::delete('user', ['uid' => $register['uid']]);
DBA::delete('register', ['hash' => $register[0]['hash']]);
Register::deleteByHash($register['hash']);
notice(L10n::t('Registration revoked for %s', $user[0]['username']) . EOL); notice(L10n::t('Registration revoked for %s', $user[0]['username']) . EOL);
return true; return true;

47
src/Model/User.php
View File

@ -412,7 +412,7 @@ class User
throw new Exception(L10n::t('An invitation is required.')); throw new Exception(L10n::t('An invitation is required.'));
} }
if (!DBA::exists('register', ['hash' => $invite_id])) { if (!Register::existsByHash($invite_id)) {
throw new Exception(L10n::t('Invitation could not be verified.')); throw new Exception(L10n::t('Invitation could not be verified.'));
} }
} }
@ -660,22 +660,31 @@ class User
* @param string $email * @param string $email
* @param string $sitename * @param string $sitename
* @param string $username * @param string $username
* @param string $password Plaintext password
* @return NULL|boolean from notification() and email() inherited * @return NULL|boolean from notification() and email() inherited
*/ */
public static function sendRegisterPendingEmail($email, $sitename, $username) public static function sendRegisterPendingEmail($uid, $email, $sitename, $username, $siteurl, $nickname, $password)
{ {
$body = deindent(L10n::t(' $body = deindent(L10n::t('
Dear %1$s, Dear %1$s,
Thank you for registering at %2$s. Your account is pending for approval by the administrator. Thank you for registering at %2$s. Your account is pending for approval by the administrator.
'));
$body = sprintf($body, $username, $sitename); Your login details are as follows:
Site Location: %3$s
Login Name: %4$s
Password: %5$s
',
$body, $username, $sitename, $siteurl, $nickname, $password
));
return notification([ return notification([
'type' => SYSTEM_EMAIL, 'type' => SYSTEM_EMAIL,
'uid' => $uid,
'to_email' => $email, 'to_email' => $email,
'subject'=> L10n::t('Registration at %s', $sitename), 'subject' => L10n::t('Registration at %s', $sitename),
'body' => $body]); 'body' => $body
]);
} }
/** /**
@ -695,7 +704,9 @@ class User
$preamble = deindent(L10n::t(' $preamble = deindent(L10n::t('
Dear %1$s, Dear %1$s,
Thank you for registering at %2$s. Your account has been created. Thank you for registering at %2$s. Your account has been created.
')); ',
$preamble, $username, $sitename
));
$body = deindent(L10n::t(' $body = deindent(L10n::t('
The login details are as follows: The login details are as follows:
@ -722,19 +733,19 @@ class User
If you ever want to delete your account, you can do so at %3$s/removeme If you ever want to delete your account, you can do so at %3$s/removeme
Thank you and welcome to %2$s.')); Thank you and welcome to %2$s.',
$body, $email, $sitename, $siteurl, $username, $password
$preamble = sprintf($preamble, $username, $sitename); ));
$body = sprintf($body, $email, $sitename, $siteurl, $username, $password);
return notification([ return notification([
'uid' => $user['uid'], 'uid' => $user['uid'],
'language' => $user['language'], 'language' => $user['language'],
'type' => SYSTEM_EMAIL, 'type' => SYSTEM_EMAIL,
'to_email' => $email, 'to_email' => $email,
'subject'=> L10n::t('Registration details for %s', $sitename), 'subject' => L10n::t('Registration details for %s', $sitename),
'preamble'=> $preamble, 'preamble' => $preamble,
'body' => $body]); 'body' => $body
]);
} }
/** /**
@ -771,7 +782,7 @@ class User
if ($uid == local_user()) { if ($uid == local_user()) {
unset($_SESSION['authenticated']); unset($_SESSION['authenticated']);
unset($_SESSION['uid']); unset($_SESSION['uid']);
goaway(System::baseUrl()); goaway();;
} }
} }
} }