2017-11-19 22:55:28 +01:00
|
|
|
<?php
|
2017-11-26 20:25:25 +01:00
|
|
|
|
2017-11-19 22:55:28 +01:00
|
|
|
/**
|
|
|
|
* @file src/Model/User.php
|
|
|
|
* @brief This file includes the User class with user related database functions
|
|
|
|
*/
|
2017-11-26 20:25:25 +01:00
|
|
|
|
2017-11-19 22:55:28 +01:00
|
|
|
namespace Friendica\Model;
|
|
|
|
|
|
|
|
use Friendica\Core\System;
|
|
|
|
use Friendica\Core\Worker;
|
2017-11-26 20:25:25 +01:00
|
|
|
use Friendica\Database\DBM;
|
2017-11-19 22:55:28 +01:00
|
|
|
use dba;
|
|
|
|
|
|
|
|
require_once 'boot.php';
|
2017-11-26 20:25:25 +01:00
|
|
|
require_once 'include/plugin.php';
|
2017-11-19 22:55:28 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief This class handles User related functions
|
|
|
|
*/
|
|
|
|
class User
|
|
|
|
{
|
2017-12-04 04:15:31 +01:00
|
|
|
/**
|
|
|
|
* @brief Authenticate a user with a clear text password
|
|
|
|
*
|
|
|
|
* User info can be any of the following:
|
|
|
|
* - User DB object
|
|
|
|
* - User Id
|
|
|
|
* - User email or username or nickname
|
|
|
|
* - User array with at least the uid and the hashed password
|
|
|
|
*
|
|
|
|
* @param mixed $user_info
|
|
|
|
* @param string $password
|
|
|
|
* @return boolean
|
|
|
|
*/
|
2017-11-26 20:25:25 +01:00
|
|
|
public static function authenticate($user_info, $password)
|
|
|
|
{
|
|
|
|
if (is_object($user_info)) {
|
|
|
|
$user = (array) $user_info;
|
|
|
|
} elseif (is_int($user_info)) {
|
|
|
|
$user = dba::select('user',
|
|
|
|
['uid', 'password'],
|
|
|
|
[
|
|
|
|
'uid' => $user_info,
|
|
|
|
'blocked' => 0,
|
|
|
|
'account_expired' => 0,
|
|
|
|
'account_removed' => 0,
|
|
|
|
'verified' => 1
|
|
|
|
],
|
|
|
|
['limit' => 1]
|
|
|
|
);
|
|
|
|
} elseif (is_string($user_info)) {
|
|
|
|
$user = dba::fetch_first('SELECT `uid`, `password`
|
|
|
|
FROM `user`
|
|
|
|
WHERE (`email` = ? OR `username` = ? OR `nickname` = ?)
|
|
|
|
AND `blocked` = 0
|
|
|
|
AND `account_expired` = 0
|
|
|
|
AND `account_removed` = 0
|
|
|
|
AND `verified` = 1
|
|
|
|
LIMIT 1',
|
|
|
|
$user_info,
|
|
|
|
$user_info,
|
|
|
|
$user_info
|
|
|
|
);
|
|
|
|
} else {
|
|
|
|
$user = $user_info;
|
|
|
|
}
|
|
|
|
|
2017-11-26 21:51:07 +01:00
|
|
|
if (!DBM::is_result($user) || !isset($user['uid']) || !isset($user['password'])) {
|
2017-11-26 20:25:25 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$password_hashed = hash('whirlpool', $password);
|
|
|
|
|
|
|
|
if ($password_hashed !== $user['password']) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $user['uid'];
|
|
|
|
}
|
|
|
|
|
2017-11-20 17:14:35 +01:00
|
|
|
/**
|
|
|
|
* @param object $uid user to remove
|
|
|
|
* @return void
|
|
|
|
*/
|
2017-11-19 22:55:28 +01:00
|
|
|
public static function remove($uid)
|
|
|
|
{
|
|
|
|
if (!$uid) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
logger('Removing user: ' . $uid);
|
|
|
|
|
2017-11-26 20:55:47 +01:00
|
|
|
$user = dba::select('user', [], ['uid' => $uid], ['limit' => 1]);
|
2017-11-19 22:55:28 +01:00
|
|
|
|
2017-11-26 20:55:47 +01:00
|
|
|
call_hooks('remove_user', $user);
|
2017-11-19 22:55:28 +01:00
|
|
|
|
|
|
|
// save username (actually the nickname as it is guaranteed
|
|
|
|
// unique), so it cannot be re-registered in the future.
|
2017-11-26 20:55:47 +01:00
|
|
|
dba::insert('userd', ['username' => $user['nickname']]);
|
2017-11-19 22:55:28 +01:00
|
|
|
|
|
|
|
// The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php)
|
2017-11-27 14:17:56 +01:00
|
|
|
dba::update('user', ['account_removed' => true, 'account_expires_on' => datetime_convert()], ['uid' => $uid]);
|
2017-11-19 22:55:28 +01:00
|
|
|
Worker::add(PRIORITY_HIGH, "Notifier", "removeme", $uid);
|
|
|
|
|
|
|
|
// Send an update to the directory
|
2017-11-26 20:55:47 +01:00
|
|
|
Worker::add(PRIORITY_LOW, "Directory", $user['url']);
|
2017-11-19 22:55:28 +01:00
|
|
|
|
|
|
|
if ($uid == local_user()) {
|
|
|
|
unset($_SESSION['authenticated']);
|
|
|
|
unset($_SESSION['uid']);
|
|
|
|
goaway(System::baseUrl());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|