1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Elgg\Database; |
4
|
|
|
|
5
|
|
|
use Elgg\Config as Conf; |
6
|
|
|
use Elgg\Database; |
7
|
|
|
use ElggUser; |
8
|
|
|
use RegistrationException; |
9
|
|
|
|
10
|
|
|
/** |
11
|
|
|
* WARNING: API IN FLUX. DO NOT USE DIRECTLY. |
12
|
|
|
* |
13
|
|
|
* @access private |
14
|
|
|
* |
15
|
|
|
* @package Elgg.Core |
16
|
|
|
* @subpackage Database |
17
|
|
|
* @since 1.10.0 |
18
|
|
|
*/ |
19
|
|
|
class UsersTable { |
20
|
|
|
|
21
|
|
|
use \Elgg\TimeUsing; |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* @var Conf |
25
|
|
|
*/ |
26
|
|
|
protected $config; |
27
|
|
|
|
28
|
|
|
/** |
29
|
|
|
* @var Database |
30
|
|
|
*/ |
31
|
|
|
protected $db; |
32
|
|
|
|
33
|
|
|
/** |
34
|
|
|
* @var MetadataTable |
35
|
|
|
*/ |
36
|
|
|
protected $metadata; |
37
|
|
|
|
38
|
|
|
/** |
39
|
|
|
* Constructor |
40
|
|
|
* |
41
|
|
|
* @param Conf $config Config |
42
|
|
|
* @param Database $db Database |
43
|
|
|
* @param MetadataTable $metadata Metadata table |
44
|
|
|
*/ |
45
|
4419 |
|
public function __construct(Conf $config, Database $db, MetadataTable $metadata) { |
46
|
4419 |
|
$this->config = $config; |
47
|
4419 |
|
$this->db = $db; |
48
|
4419 |
|
$this->metadata = $metadata; |
49
|
4419 |
|
} |
50
|
|
|
|
51
|
|
|
/** |
52
|
|
|
* Get user by username |
53
|
|
|
* |
54
|
|
|
* @param string $username The user's username |
55
|
|
|
* |
56
|
|
|
* @return ElggUser|false Depending on success |
57
|
|
|
*/ |
58
|
459 |
|
public function getByUsername($username) { |
59
|
|
|
|
60
|
|
|
// Fixes #6052. Username is frequently sniffed from the path info, which, |
61
|
|
|
// unlike $_GET, is not URL decoded. If the username was not URL encoded, |
62
|
|
|
// this is harmless. |
63
|
459 |
|
$username = rawurldecode($username); |
64
|
|
|
|
65
|
459 |
|
if (!$username) { |
66
|
|
|
return false; |
67
|
|
|
} |
68
|
|
|
|
69
|
459 |
|
$entity =_elgg_services()->dataCache->usernames->load($username); |
70
|
459 |
|
if ($entity instanceof ElggUser) { |
71
|
8 |
|
return $entity; |
72
|
|
|
} |
73
|
|
|
|
74
|
459 |
|
$users = elgg_get_entities([ |
75
|
459 |
|
'types' => 'user', |
76
|
|
|
'metadata_name_value_pairs' => [ |
77
|
|
|
[ |
78
|
459 |
|
'name' => 'username', |
79
|
459 |
|
'value' => $username, |
80
|
|
|
], |
81
|
|
|
], |
82
|
459 |
|
'limit' => 1, |
83
|
|
|
]); |
84
|
|
|
|
85
|
459 |
|
return $users ? $users[0] : false; |
86
|
|
|
} |
87
|
|
|
|
88
|
|
|
/** |
89
|
|
|
* Get an array of users from an email address |
90
|
|
|
* |
91
|
|
|
* @param string $email Email address |
92
|
|
|
* @return array |
93
|
|
|
*/ |
94
|
162 |
|
public function getByEmail($email) { |
95
|
162 |
|
if (!$email) { |
96
|
|
|
return []; |
97
|
|
|
} |
98
|
|
|
|
99
|
162 |
|
$users = elgg_get_entities([ |
100
|
162 |
|
'types' => 'user', |
101
|
|
|
'metadata_name_value_pairs' => [ |
102
|
|
|
[ |
103
|
162 |
|
'name' => 'email', |
104
|
162 |
|
'value' => $email, |
105
|
|
|
], |
106
|
|
|
], |
107
|
162 |
|
'limit' => 1, |
108
|
|
|
]); |
109
|
|
|
|
110
|
162 |
|
return $users ? : []; |
|
|
|
|
111
|
|
|
} |
112
|
|
|
|
113
|
|
|
/** |
114
|
|
|
* Return users (or the number of them) who have been active within a recent period. |
115
|
|
|
* |
116
|
|
|
* @param array $options Array of options with keys: |
117
|
|
|
* |
118
|
|
|
* seconds (int) => Length of period (default 600 = 10min) |
119
|
|
|
* limit (int) => Limit (default 10) |
120
|
|
|
* offset (int) => Offset (default 0) |
121
|
|
|
* count (bool) => Return a count instead of users? (default false) |
122
|
|
|
* |
123
|
|
|
* @return \ElggUser[]|int |
124
|
|
|
*/ |
125
|
1 |
|
public function findActive(array $options = []) { |
126
|
|
|
|
127
|
1 |
|
$options = array_merge([ |
128
|
1 |
|
'seconds' => 600, |
129
|
1 |
|
'limit' => $this->config->default_limit, |
130
|
1 |
|
], $options); |
131
|
|
|
|
132
|
|
|
// cast options we're sending to hook |
133
|
1 |
|
foreach (['seconds', 'limit', 'offset'] as $key) { |
134
|
1 |
|
$options[$key] = (int) $options[$key]; |
135
|
|
|
} |
136
|
1 |
|
$options['count'] = (bool) $options['count']; |
137
|
|
|
|
138
|
|
|
// allow plugins to override |
139
|
|
|
$params = [ |
140
|
1 |
|
'seconds' => $options['seconds'], |
141
|
1 |
|
'limit' => $options['limit'], |
142
|
1 |
|
'offset' => $options['offset'], |
143
|
1 |
|
'count' => $options['count'], |
144
|
1 |
|
'options' => $options, |
145
|
|
|
]; |
146
|
1 |
|
$data = _elgg_services()->hooks->trigger('find_active_users', 'system', $params, null); |
|
|
|
|
147
|
|
|
// check null because the handler could legitimately return falsey values. |
148
|
1 |
|
if ($data !== null) { |
149
|
|
|
return $data; |
150
|
|
|
} |
151
|
|
|
|
152
|
1 |
|
$time = $this->getCurrentTime()->getTimestamp() - $options['seconds']; |
153
|
1 |
|
return elgg_get_entities([ |
|
|
|
|
154
|
1 |
|
'type' => 'user', |
155
|
1 |
|
'limit' => $options['limit'], |
156
|
1 |
|
'offset' => $options['offset'], |
157
|
1 |
|
'count' => $options['count'], |
158
|
1 |
|
'wheres' => ["e.last_action >= {$time}"], |
159
|
1 |
|
'order_by' => "e.last_action desc", |
160
|
|
|
]); |
161
|
|
|
} |
162
|
|
|
|
163
|
|
|
/** |
164
|
|
|
* Registers a user, returning false if the username already exists |
165
|
|
|
* |
166
|
|
|
* @param string $username The username of the new user |
167
|
|
|
* @param string $password The password |
168
|
|
|
* @param string $name The user's display name |
169
|
|
|
* @param string $email The user's email address |
170
|
|
|
* @param bool $allow_multiple_emails Allow the same email address to be |
171
|
|
|
* registered multiple times? |
172
|
|
|
* @param string $subtype Subtype of the user entity |
173
|
|
|
* |
174
|
|
|
* @return int|false The new user's GUID; false on failure |
175
|
|
|
* @throws RegistrationException |
176
|
|
|
*/ |
177
|
162 |
|
public function register($username, $password, $name, $email, $allow_multiple_emails = false, $subtype = null) { |
178
|
|
|
|
179
|
|
|
// no need to trim password |
180
|
162 |
|
$username = trim($username); |
181
|
162 |
|
$name = trim(strip_tags($name)); |
182
|
162 |
|
$email = trim($email); |
183
|
|
|
|
184
|
|
|
// A little sanity checking |
185
|
162 |
|
if (empty($username) || empty($password) || empty($name) || empty($email)) { |
186
|
|
|
return false; |
187
|
|
|
} |
188
|
|
|
|
189
|
|
|
// Make sure a user with conflicting details hasn't registered and been disabled |
190
|
162 |
|
$access_status = access_get_show_hidden_status(); |
191
|
162 |
|
access_show_hidden_entities(true); |
192
|
|
|
|
193
|
162 |
|
if (!validate_email_address($email)) { |
194
|
|
|
throw new RegistrationException(_elgg_services()->translator->translate('registration:emailnotvalid')); |
195
|
|
|
} |
196
|
|
|
|
197
|
162 |
|
if (!validate_password($password)) { |
198
|
|
|
throw new RegistrationException(_elgg_services()->translator->translate('registration:passwordnotvalid')); |
199
|
|
|
} |
200
|
|
|
|
201
|
162 |
|
if (!validate_username($username)) { |
202
|
|
|
throw new RegistrationException(_elgg_services()->translator->translate('registration:usernamenotvalid')); |
203
|
|
|
} |
204
|
|
|
|
205
|
162 |
|
if (get_user_by_username($username)) { |
206
|
|
|
throw new RegistrationException(_elgg_services()->translator->translate('registration:userexists')); |
207
|
|
|
} |
208
|
|
|
|
209
|
162 |
|
if ((!$allow_multiple_emails) && (get_user_by_email($email))) { |
210
|
|
|
throw new RegistrationException(_elgg_services()->translator->translate('registration:dupeemail')); |
211
|
|
|
} |
212
|
|
|
|
213
|
162 |
|
access_show_hidden_entities($access_status); |
214
|
|
|
|
215
|
|
|
// Create user |
216
|
162 |
|
$constructor = ElggUser::class; |
217
|
162 |
|
if (isset($subtype)) { |
218
|
160 |
|
$class = elgg_get_entity_class('user', $subtype); |
219
|
160 |
|
if ($class && class_exists($class) && is_subclass_of($class, ElggUser::class)) { |
220
|
|
|
$constructor = $class; |
221
|
|
|
} |
222
|
|
|
} |
223
|
|
|
|
224
|
162 |
|
$user = new $constructor(); |
225
|
162 |
|
if (isset($subtype)) { |
226
|
160 |
|
$user->subtype = $subtype; |
227
|
|
|
} |
228
|
162 |
|
$user->username = $username; |
229
|
162 |
|
$user->email = $email; |
230
|
162 |
|
$user->name = $name; |
231
|
162 |
|
$user->access_id = ACCESS_PUBLIC; |
232
|
162 |
|
$user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created. |
233
|
162 |
|
$user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created. |
234
|
162 |
|
$user->language = _elgg_services()->translator->getCurrentLanguage(); |
235
|
162 |
|
if ($user->save() === false) { |
236
|
|
|
return false; |
237
|
|
|
} |
238
|
|
|
|
239
|
|
|
// doing this after save to prevent metadata save notices on unwritable metadata password_hash |
240
|
162 |
|
$user->setPassword($password); |
241
|
|
|
|
242
|
|
|
// Turn on email notifications by default |
243
|
162 |
|
$user->setNotificationSetting('email', true); |
244
|
|
|
|
245
|
162 |
|
return $user->getGUID(); |
246
|
|
|
} |
247
|
|
|
|
248
|
|
|
/** |
249
|
|
|
* Generates a unique invite code for a user |
250
|
|
|
* |
251
|
|
|
* @param string $username The username of the user sending the invitation |
252
|
|
|
* |
253
|
|
|
* @return string Invite code |
254
|
|
|
* @see validateInviteCode |
255
|
|
|
*/ |
256
|
|
|
public function generateInviteCode($username) { |
257
|
|
|
$time = $this->getCurrentTime()->getTimestamp(); |
258
|
|
|
return "$time." . _elgg_services()->hmac->getHmac([(int) $time, $username])->getToken(); |
259
|
|
|
} |
260
|
|
|
|
261
|
|
|
/** |
262
|
|
|
* Validate a user's invite code |
263
|
|
|
* |
264
|
|
|
* @param string $username The username |
265
|
|
|
* @param string $code The invite code |
266
|
|
|
* |
267
|
|
|
* @return bool |
268
|
|
|
* @see generateInviteCode |
269
|
|
|
*/ |
270
|
|
|
public function validateInviteCode($username, $code) { |
271
|
|
|
// validate the format of the token created by ->generateInviteCode() |
272
|
|
|
if (!preg_match('~^(\d+)\.([a-zA-Z0-9\-_]+)$~', $code, $m)) { |
273
|
|
|
return false; |
274
|
|
|
} |
275
|
|
|
$time = $m[1]; |
276
|
|
|
$mac = $m[2]; |
277
|
|
|
|
278
|
|
|
return _elgg_services()->hmac->getHmac([(int) $time, $username])->matchesToken($mac); |
279
|
|
|
} |
280
|
|
|
} |
281
|
|
|
|