friendica-github/src/Model/User.php

116 lines
2.6 KiB
PHP
Raw Normal View History

<?php
2017-11-26 19:25:25 +00:00
/**
* @file src/Model/User.php
* @brief This file includes the User class with user related database functions
*/
2017-11-26 19:25:25 +00:00
namespace Friendica\Model;
use Friendica\Core\System;
use Friendica\Core\Worker;
2017-11-26 19:25:25 +00:00
use Friendica\Database\DBM;
use dba;
require_once 'boot.php';
2017-11-26 19:25:25 +00:00
require_once 'include/plugin.php';
/**
* @brief This class handles User related functions
*/
class User
{
/**
* @brief Authenticate a user with a clear text password
*
* User info can be any of the following:
* - User DB object
* - User Id
* - User email or username or nickname
* - User array with at least the uid and the hashed password
*
* @param mixed $user_info
* @param string $password
* @return boolean
*/
2017-11-26 19:25:25 +00:00
public static function authenticate($user_info, $password)
{
if (is_object($user_info)) {
$user = (array) $user_info;
} elseif (is_int($user_info)) {
$user = dba::select('user',
['uid', 'password'],
[
'uid' => $user_info,
'blocked' => 0,
'account_expired' => 0,
'account_removed' => 0,
'verified' => 1
],
['limit' => 1]
);
} elseif (is_string($user_info)) {
$user = dba::fetch_first('SELECT `uid`, `password`
FROM `user`
WHERE (`email` = ? OR `username` = ? OR `nickname` = ?)
AND `blocked` = 0
AND `account_expired` = 0
AND `account_removed` = 0
AND `verified` = 1
LIMIT 1',
$user_info,
$user_info,
$user_info
);
} else {
$user = $user_info;
}
2017-11-26 20:51:07 +00:00
if (!DBM::is_result($user) || !isset($user['uid']) || !isset($user['password'])) {
2017-11-26 19:25:25 +00:00
return false;
}
$password_hashed = hash('whirlpool', $password);
if ($password_hashed !== $user['password']) {
return false;
}
return $user['uid'];
}
/**
* @param object $uid user to remove
* @return void
*/
public static function remove($uid)
{
if (!$uid) {
return;
}
logger('Removing user: ' . $uid);
$user = dba::select('user', [], ['uid' => $uid], ['limit' => 1]);
call_hooks('remove_user', $user);
// save username (actually the nickname as it is guaranteed
// unique), so it cannot be re-registered in the future.
dba::insert('userd', ['username' => $user['nickname']]);
// The user and related data will be deleted in "cron_expire_and_remove_users" (cronjobs.php)
dba::update('user', ['account_removed' => true, 'account_expires_on' => datetime_convert()], ['uid' => $uid]);
Worker::add(PRIORITY_HIGH, "Notifier", "removeme", $uid);
// Send an update to the directory
Worker::add(PRIORITY_LOW, "Directory", $user['url']);
if ($uid == local_user()) {
unset($_SESSION['authenticated']);
unset($_SESSION['uid']);
goaway(System::baseUrl());
}
}
}