Use Model\Register methods in modules

- Update registration emails to avoid storing the plaintext password in the register table - Remove redundant sprintf() when used with L10n::t() - Remove redundant Systen::baseUrl() with goaway()
2024-11-10 07:02:54 +00:00 · 2018-10-14 11:57:28 -04:00 · 2018-10-14 11:57:28 -04:00 · 540adaf829
commit 540adaf829
parent 123992384b
6 changed files with 55 additions and 72 deletions
--- a/mod/admin.php
+++ b/mod/admin.php
@ -18,13 +18,14 @@ use Friendica\Database\DBA;
 use Friendica\Database\DBStructure;
 use Friendica\Model\Contact;
 use Friendica\Model\Item;
+use Friendica\Model\Register;
 use Friendica\Model\User;
 use Friendica\Module\Login;
 use Friendica\Module\Tos;
 use Friendica\Util\Arrays;
 use Friendica\Util\DateTimeFormat;
-use Friendica\Util\Temporal;
 use Friendica\Util\Network;
+use Friendica\Util\Temporal;

 require_once 'include/enotify.php';
 require_once 'include/text.php';
@ -895,8 +896,7 @@ function admin_page_summary(App $a)

 	logger('accounts: ' . print_r($accounts, true), LOGGER_DATA);

-	$r = q("SELECT COUNT(`id`) AS `count` FROM `register`");
-	$pending = $r[0]['count'];
+	$pending = Register::getPendingCount();

 	$r = q("SELECT COUNT(*) AS `total` FROM `queue` WHERE 1");
 	$queue = (($r) ? $r[0]['total'] : 0);
@ -1792,11 +1792,7 @@ function admin_page_users(App $a)
 	}

 	/* get pending */
-	$pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email`
-				 FROM `register`
-				 INNER JOIN `contact` ON `register`.`uid` = `contact`.`uid`
-				 INNER JOIN `user` ON `register`.`uid` = `user`.`uid`;");
-
+	$pending = Register::getPending();

 	/* get users */
 	$total = q("SELECT COUNT(*) AS `total` FROM `user` WHERE 1");
--- a/mod/invite.php
+++ b/mod/invite.php
@ -58,14 +58,9 @@ function invite_post(App $a)
 		}

 		if ($invitation_only && ($invites_remaining || is_site_admin())) {
-			$code = autoname(8) . srand(1000, 9999);
+			$code = Friendica\Model\Register::createForInvitation();
 			$nmessage = str_replace('$invite_code', $code, $message);

-			$r = q("INSERT INTO `register` (`hash`,`created`) VALUES ('%s', '%s') ",
-				DBA::escape($code),
-				DBA::escape(DateTimeFormat::utcNow())
-			);
-
 			if (! is_site_admin()) {
 				$invites_remaining --;
 				if ($invites_remaining >= 0) {
--- a/mod/ping.php
+++ b/mod/ping.php
@ -202,11 +202,7 @@ function ping_init(App $a)
 		$mail_count = count($mails);

 		if (intval(Config::get('config', 'register_policy')) === REGISTER_APPROVE && is_site_admin()) {
-			$regs = q(
-				"SELECT `contact`.`name`, `contact`.`url`, `contact`.`micro`, `register`.`created`
-				FROM `contact` RIGHT JOIN `register` ON `register`.`uid` = `contact`.`uid`
-				WHERE `contact`.`self` = 1"
-			);
+			$regs = Friendica\Model\Register::getPending();

 			if (DBA::isResult($regs)) {
 				$register_count = count($regs);
--- a/mod/register.php
+++ b/mod/register.php
@ -11,10 +11,8 @@ use Friendica\Core\L10n;
 use Friendica\Core\PConfig;
 use Friendica\Core\System;
 use Friendica\Core\Worker;
-use Friendica\Database\DBA;
 use Friendica\Model;
 use Friendica\Module\Tos;
-use Friendica\Util\DateTimeFormat;

 require_once 'include/enotify.php';

@ -86,7 +84,7 @@ function register_post(App $a)

 	if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) {
 		if ($using_invites && $invite_id) {
-			q("delete * from register where hash = '%s' limit 1", DBA::escape($invite_id));
+			Model\Register::deleteByHash($invite_id);
 			PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
 		}

@ -122,19 +120,11 @@ function register_post(App $a)
 			goaway();
 		}

-		$hash = random_string();
-		$r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language`, `note` ) VALUES ( '%s', '%s', %d, '%s', '%s', '%s' ) ",
-			DBA::escape($hash),
-			DBA::escape(DateTimeFormat::utcNow()),
-			intval($user['uid']),
-			DBA::escape($result['password']),
-			DBA::escape(Config::get('system', 'language')),
-			DBA::escape($_POST['permonlybox'])
-		);
+		Model\Register::createForApproval($user['uid'], Config::get('system', 'language'), $_POST['permonlybox']);

 		// invite system
 		if ($using_invites && $invite_id) {
-			q("DELETE * FROM `register` WHERE `hash` = '%s' LIMIT 1", DBA::escape($invite_id));
+			Model\Register::deleteByHash($invite_id);
 			PConfig::set($user['uid'], 'system', 'invites_remaining', $num_invites);
 		}

@ -163,6 +153,7 @@ function register_post(App $a)
 		}
 		// send notification to the user, that the registration is pending
 		Model\User::sendRegisterPendingEmail(
+			$user['uid'],
 			$user['email'],
 			Config::get('config', 'sitename'),
 			$user['username'],
--- a/mod/regmod.php
+++ b/mod/regmod.php
@ -9,6 +9,7 @@ use Friendica\Core\L10n;
 use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
+use Friendica\Model\Register;
 use Friendica\Model\User;
 use Friendica\Module\Login;

@ -18,30 +19,24 @@ function user_allow($hash)
 {
 	$a = get_app();

-	$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
-		DBA::escape($hash)
-	);
-
+	$register = Register::getByHash($hash);

 	if (!DBA::isResult($register)) {
 		return false;
 	}

 	$user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
-		intval($register[0]['uid'])
+		intval($register['uid'])
 	);

 	if (!DBA::isResult($user)) {
 		killme();
 	}

-	$r = q("DELETE FROM `register` WHERE `hash` = '%s'",
-		DBA::escape($register[0]['hash'])
-	);
-
+	Register::deleteByHash($hash);

 	$r = q("UPDATE `user` SET `blocked` = 0, `verified` = 1 WHERE `uid` = %d",
-		intval($register[0]['uid'])
+		intval($register['uid'])
 	);

 	$r = q("SELECT * FROM `profile` WHERE `uid` = %d AND `is-default` = 1",
@ -54,14 +49,14 @@ function user_allow($hash)
 		}
 	}

-	L10n::pushLang($register[0]['language']);
+	L10n::pushLang($register['language']);

 	$res = User::sendRegisterOpenEmail(
 		$user[0]['email'],
 		Config::get('config', 'sitename'),
 		System::baseUrl(),
 		$user[0]['username'],
-		$register[0]['password'],
+		'Sent in a previous email',
 		$user[0]);

 	L10n::popLang();
@ -77,20 +72,19 @@ function user_allow($hash)
 // allowed to have friends on this system
 function user_deny($hash)
 {
-	$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
-		DBA::escape($hash)
-	);
+	$register = Register::getByHash($hash);

 	if (!DBA::isResult($register)) {
 		return false;
 	}

 	$user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
-		intval($register[0]['uid'])
+		intval($register['uid'])
 	);

-	DBA::delete('user', ['uid' => $register[0]['uid']]);
-	DBA::delete('register', ['hash' => $register[0]['hash']]);
+	DBA::delete('user', ['uid' => $register['uid']]);
+
+	Register::deleteByHash($register['hash']);

 	notice(L10n::t('Registration revoked for %s', $user[0]['username']) . EOL);
 	return true;
--- a/src/Model/User.php
+++ b/src/Model/User.php
@ -412,7 +412,7 @@ class User
 				throw new Exception(L10n::t('An invitation is required.'));
 			}

-			if (!DBA::exists('register', ['hash' => $invite_id])) {
+			if (!Register::existsByHash($invite_id)) {
 				throw new Exception(L10n::t('Invitation could not be verified.'));
 			}
 		}
@ -660,22 +660,31 @@ class User
 	 * @param string $email
 	 * @param string $sitename
 	 * @param string $username
+	 * @param string $password Plaintext password
 	 * @return NULL|boolean from notification() and email() inherited
 	 */
-	public static function sendRegisterPendingEmail($email, $sitename, $username)
+	public static function sendRegisterPendingEmail($uid, $email, $sitename, $username, $siteurl, $nickname, $password)
 	{
 		$body = deindent(L10n::t('
 			Dear %1$s,
 				Thank you for registering at %2$s. Your account is pending for approval by the administrator.
-		'));

-		$body = sprintf($body, $username, $sitename);
+			Your login details are as follows:
+
+			Site Location:	%3$s
+			Login Name:		%4$s
+			Password:		%5$s
+		',
+			$body, $username, $sitename, $siteurl, $nickname, $password
+		));

 		return notification([
 			'type'     => SYSTEM_EMAIL,
+			'uid'      => $uid,
 			'to_email' => $email,
-			'subject'=> L10n::t('Registration at %s', $sitename),
-			'body' => $body]);
+			'subject'  => L10n::t('Registration at %s', $sitename),
+			'body'     => $body
+		]);
 	}

 	/**
@ -695,7 +704,9 @@ class User
 		$preamble = deindent(L10n::t('
 			Dear %1$s,
 				Thank you for registering at %2$s. Your account has been created.
-		'));
+		',
+			$preamble, $username, $sitename
+		));
 		$body = deindent(L10n::t('
 			The login details are as follows:

@ -722,19 +733,19 @@ class User

 			If you ever want to delete your account, you can do so at %3$s/removeme

-			Thank you and welcome to %2$s.'));
-
-		$preamble = sprintf($preamble, $username, $sitename);
-		$body = sprintf($body, $email, $sitename, $siteurl, $username, $password);
+			Thank you and welcome to %2$s.',
+			$body, $email, $sitename, $siteurl, $username, $password
+		));

 		return notification([
 			'uid'      => $user['uid'],
 			'language' => $user['language'],
 			'type'     => SYSTEM_EMAIL,
 			'to_email' => $email,
-			'subject'=> L10n::t('Registration details for %s', $sitename),
-			'preamble'=> $preamble,
-			'body' => $body]);
+			'subject'  => L10n::t('Registration details for %s', $sitename),
+			'preamble' => $preamble,
+			'body'     => $body
+		]);
 	}

 	/**
@ -771,7 +782,7 @@ class User
 		if ($uid == local_user()) {
 			unset($_SESSION['authenticated']);
 			unset($_SESSION['uid']);
-			goaway(System::baseUrl());
+			goaway();;
 		}
 	}
 }