User.php

<?php namespace Tilmeld\Entities;

use Tilmeld\Tilmeld;
use Nymph\Nymph;

class User extends AbleObject {
  const ETYPE = 'tilmeld_user';
  const DEFAULT_CLIENT_ENABLED_METHODS = [
    'checkUsername',
    'checkEmail',
    'checkPhone',
    'getAvatar',
    'register',
  ];
  const DEFAULT_PRIVATE_DATA = [
    'email',
    'originalEmail',
    'phone',
    'addressType',
    'addressStreet',
    'addressStreet2',
    'addressCity',
    'addressState',
    'addressZip',
    'addressInternational',
    'group',
    'groups',
    'abilities',
    'inheritAbilities',
    'timezone',
    'recoverSecret',
    'recoverSecretTime',
    'password',
    'passwordTemp',
    'salt',
    'secret',
    'cancelEmailAddress',
    'cancelEmailSecret',
    'emailChangeDate',
  ];
  const DEFAULT_WHITELIST_DATA = [];
  protected $tags = [];
  protected $clientEnabledMethods = User::DEFAULT_CLIENT_ENABLED_METHODS;
  public static $clientEnabledStaticMethods = [
    'current',
    'loginUser',
    'sendRecoveryLink',
    'recover',
    'getClientConfig',
  ];
  protected $privateData = User::DEFAULT_PRIVATE_DATA;
  public static $searchRestrictedData = User::DEFAULT_PRIVATE_DATA;
  protected $whitelistData = User::DEFAULT_WHITELIST_DATA;
  protected $whitelistTags = [];

  private $gatekeeperCache = [];

  private $skipAcWhenSaving = false;

  private $descendantGroups = null;

  public function __construct($id = 0) {
    if ((is_int($id) && $id > 0) || is_string($id)) {
      if (is_int($id)) {
        $entity = Nymph::getEntity(
            ['class' => get_class($this)],
            ['&', 'guid' => $id]
        );
      } else {
        $entity = Nymph::getEntity(
            ['class' => get_class($this)],
            ['&',
              'ilike' => [
                'username',
                str_replace(['\\', '%', '_'], ['\\\\\\\\', '\%', '\_'], $id)
              ]
            ]
        );
      }
      if (isset($entity)) {
        $this->guid = $entity->guid;
        $this->tags = $entity->tags;
        $this->cdate = $entity->cdate;
        $this->mdate = $entity->mdate;
        $this->putData($entity->getData(), $entity->getSData());
        if (!isset($this->secret)
            && (
              !isset($this->emailChangeDate)
              || $this->emailChangeDate <
                  strtotime('-'.Tilmeld::$config['email_rate_limit'])
            )
          ) {
          $this->originalEmail = $this->email;
        }
        return $this;
      }
    }
    // Defaults.
    $this->enabled = true;
    $this->abilities = [];
    $this->groups = [];
    $this->inheritAbilities = true;
    $this->addressType = 'us';
    $this->updateDataProtection();
  }

  public function &__get($name) {
    if (Tilmeld::$config['email_usernames'] && $name == 'username') {
      if (parent::__get('email')) {
        return parent::__get('email');
      }
      return parent::__get('username');
    }
    return parent::__get($name);
  }

  public function __isset($name) {
    if (Tilmeld::$config['email_usernames'] && $name == 'username') {
      return (parent::__isset('email') || parent::__isset('username'));
    }
    return parent::__isset($name);
  }

  public function __set($name, $value) {
    if (Tilmeld::$config['email_usernames']
        && ($name == 'username'
        || $name == 'email')
      ) {
      parent::__set('username', $value);
      return parent::__set('email', $value);
    }
    return parent::__set($name, $value);
  }

  public function __unset($name) {
    if (Tilmeld::$config['email_usernames']
        && ($name == 'username'
        || $name == 'email')
      ) {
      parent::__unset('username');
      return parent::__unset('email');
    }
    return parent::__unset($name);
  }

  public static function current($returnObjectIfNotExist = false) {
    if (!isset(Tilmeld::$currentUser)) {
      return $returnObjectIfNotExist ? self::factory() : null;
    }
    return Tilmeld::$currentUser;
  }

  public static function sendRecoveryLink($data) {
    if (!Tilmeld::$config['pw_recovery']) {
      return [
        'result' => false,
        'message' => 'Account recovery is not allowed.'
      ];
    }

    if (!Tilmeld::$config['email_usernames']
        && $data['recoveryType'] === 'username'
      ) {
      // Create a username recovery email.

      $user = Nymph::getEntity(
          ['class' => '\Tilmeld\Entities\User', 'skip_ac' => true],
          ['&',
            'ilike' => [
              'email',
              str_replace(
                  ['\\', '%', '_'],
                  ['\\\\\\\\', '\%', '\_'],
                  $data['account']
              )
            ]
          ]
      );

      if (!isset($user)) {
        return [
          'result' => false,
          'message' => 'Requested account is not accessible.'
        ];
      }

      // Send the recovery email.
      $macros = [
        'to_phone' => htmlspecialchars(
            \uMailPHP\Mail::formatPhone($user->phone)
        ),
        'to_timezone' => htmlspecialchars($user->timezone),
        'to_address' =>
          $user->addressType == 'us'
            ?
              htmlspecialchars(
                  "{$user->addressStreet} {$user->addressStreet2}"
              ).'<br />'.
              htmlspecialchars(
                  "{$user->addressCity}, {$user->addressState} ".
                    "{$user->addressZip}"
              )
            : '<pre>'.htmlspecialchars($user->addressInternational).'</pre>'
      ];
      $mail = new \uMailPHP\Mail(
          '\Tilmeld\Entities\Mail\RecoverUsername',
          $user,
          $macros
      );
    } elseif ($data['recoveryType'] === 'password') {
      // Create a password recovery email.

      $user = User::factory($data['account']);

      if (!isset($user->guid)) {
        return [
          'result' => false,
          'message' => 'Requested account is not accessible.'
        ];
      }

      // Create a unique secret.
      $user->recoverSecret = self::generateSecret($user);
      $user->recoverSecretTime = time();
      if (!$user->saveSkipAC()) {
        return ['result' => false, 'message' => 'Couldn\'t save user secret.'];
      }

      // Send the recovery email.
      $macros = [
        'recover_code' => $user->recoverSecret,
        'time_limit' => htmlspecialchars(
            Tilmeld::$config['pw_recovery_time_limit']
        ),
        'to_phone' => htmlspecialchars(
            \uMailPHP\Mail::formatPhone($user->phone)
        ),
        'to_timezone' => htmlspecialchars($user->timezone),
        'to_address' =>
          $user->addressType == 'us'
            ?
              htmlspecialchars(
                  "{$user->addressStreet} {$user->addressStreet2}"
              ).'<br />'.
              htmlspecialchars(
                  "{$user->addressCity}, {$user->addressState} ".
                    "{$user->addressZip}"
              )
            : '<pre>'.htmlspecialchars($user->addressInternational).'</pre>'
      ];
      $mail = new \uMailPHP\Mail(
          '\Tilmeld\Entities\Mail\RecoverPassword',
          $user,
          $macros
      );
    } else {
      return ['result' => false, 'message' => 'Invalid recovery type.'];
    }

    // Send the email.
    if ($mail->send()) {
      return [
        'result' => true,
        'message' => 'We\'ve sent an email to your registered address. Please '.
          'check your email to continue with account recovery.'
      ];
    } else {
      return ['result' => false, 'message' => 'Couldn\'t send recovery email.'];
    }
  }

  public static function recover($data) {
    if (!Tilmeld::$config['pw_recovery']) {
      return [
        'result' => false,
        'message' => 'Account recovery is not allowed.'
      ];
    }

    $user = User::factory($data['username']);

    if (!isset($user->guid)
        || !isset($user->recoverSecret)
        || $data['secret'] !== $user->recoverSecret
        || strtotime(
            '+'.Tilmeld::$config['pw_recovery_time_limit'],
            $user->recoverSecretTime
        ) < time()
      ) {
      return [
        'result' => false,
        'message' => 'The secret code does not match.'
      ];
    }

    if (empty($data['password'])) {
      return ['result' => false, 'message' => 'Password cannot be empty.'];
    }

    $user->password($data['password']);
    unset($user->recoverSecret);
    unset($user->recoverSecretTime);
    if ($user->saveSkipAC()) {
      return [
        'result' => true,
        'message' => 'Your password has been reset. You can now log in using '.
          'your new password.'
      ];
    } else {
      return ['result' => false, 'message' => 'Error saving new password.'];
    }
  }

  public static function getClientConfig() {
    $timezones = \DateTimeZone::listIdentifiers();
    sort($timezones);
    return (object) [
      'reg_fields' => Tilmeld::$config['reg_fields'],
      'email_usernames' => Tilmeld::$config['email_usernames'],
      'allow_registration' => Tilmeld::$config['allow_registration'],
      'pw_recovery' => Tilmeld::$config['pw_recovery'],
      'verify_email' => Tilmeld::$config['verify_email'],
      'unverified_access' => Tilmeld::$config['unverified_access'],
      'timezones' => $timezones,
    ];
  }

  public static function generateSecret($user) {
    return substr(
        hash('sha256', uniqid($user->username, true)),
        0,
        rand(12, 18)
    );
  }

  public static function loginUser($data) {
    if (!isset($data['username'])) {
      return ['result' => false, 'message' => 'Incorrect login/password.'];
    }
    $user = User::factory($data['username']);
    $result = $user->login($data);
    if ($result['result']) {
      $user->updateDataProtection();
      $result['user'] = $user;
    }
    return $result;
  }

  public function login($data) {
    if (!isset($this->guid)) {
      return ['result' => false, 'message' => 'Incorrect login/password.'];
    }
    if (!$this->enabled) {
      return ['result' => false, 'message' => 'This user is disabled.'];
    }
    if ($this->gatekeeper()) {
      return ['result' => true, 'message' => 'You are already logged in.'];
    }
    if (!$this->checkPassword($data['password'])) {
      return ['result' => false, 'message' => 'Incorrect login/password.'];
    }

    // Authentication was successful, attempt to login.
    if (!Tilmeld::login($this, true)) {
      return ['result' => false, 'message' => 'Incorrect login/password.'];
    }

    // Login was successful.
    return ['result' => true, 'message' => 'You are logged in.'];
  }

  public function logout() {
    Tilmeld::logout();
    return ['result' => true, 'message' => 'You have been logged out.'];
  }

  public function getAvatar() {
    if (isset($this->avatar)) {
      return $this->avatar;
    }
    $proto = isset($_SERVER['HTTPS']) ? 'https' : 'http';
    if (!isset($this->email) || empty($this->email)) {
      return $proto.'://secure.gravatar.com/avatar/?d=mm&s=40';
    }
    return $proto.'://secure.gravatar.com/avatar/'.
      md5(strtolower(trim($this->email))).'?d=identicon&s=40';
  }

  public function getDescendantGroups() {
    if (!isset($this->descendantGroups)) {
      $this->descendantGroups = [];
      if (isset($this->group)) {
        $this->descendantGroups =
          (array) $this->group->getDescendants();
      }
      foreach ($this->groups as $curGroup) {
        $this->descendantGroups =
          array_merge(
              (array) $this->descendantGroups,
              (array) $curGroup->getDescendants()
          );
      }
    }
    return $this->descendantGroups;
  }

  public function getTimezone($returnDateTimeZoneObject = false) {
    $timezone = date_default_timezone_get();
    if (!empty($this->timezone)) {
      $timezone = $this->timezone;
    } elseif (isset($this->group->guid) && !empty($this->group->timezone)) {
      $timezone =  $this->group->timezone;
    } else if (count($this->groups)) {
      foreach ((array) $this->groups as $curGroup) {
        if (!empty($curGroup->timezone)) {
          $timezone = $curGroup->timezone;
          break;
        }
      }
    }
    return $returnDateTimeZoneObject
      ? new DateTimeZone($timezone)
      : $timezone;
  }

  public function putData($data, $sdata = []) {
    $return = parent::putData($data, $sdata);
    $this->updateDataProtection();
    return $return;
  }

  public function updateDataProtection($user = null) {
    if (!isset($user)) {
      $user = self::current();
    }

    $this->clientEnabledMethods = self::DEFAULT_CLIENT_ENABLED_METHODS;
    $this->privateData = self::DEFAULT_PRIVATE_DATA;
    $this->whitelistData = self::DEFAULT_WHITELIST_DATA;

    if (Tilmeld::$config['email_usernames']) {
      $this->privateData[] = 'username';
    }

    $isCurrentUser = $user !== null && $this->is($user);
    $isNewUser = !isset($this->guid);

    if ($isCurrentUser) {
      // Users can check to see what abilities they have.
      $this->clientEnabledMethods[] = 'gatekeeper';
      $this->clientEnabledMethods[] = 'changePassword';
      $this->clientEnabledMethods[] = 'logout';
      $this->clientEnabledMethods[] = 'sendEmailVerification';
    }

    if ($user !== null && $user->gatekeeper('tilmeld/admin')) {
      // Users who can edit other users can see most of their data.
      $this->privateData = [
        'password',
        'salt'
      ];
      $this->whitelistData = false;
    } elseif ($isCurrentUser || $isNewUser) {
      // Users can see their own data, and edit some of it.
      $this->whitelistData[] = 'username';
      $this->whitelistData[] = 'avatar';
      if (in_array('name', Tilmeld::$config['user_fields'])) {
        $this->whitelistData[] = 'nameFirst';
        $this->whitelistData[] = 'nameMiddle';
        $this->whitelistData[] = 'nameLast';
        $this->whitelistData[] = 'name';
      }
      if (in_array('email', Tilmeld::$config['user_fields'])) {
        $this->whitelistData[] = 'email';
      }
      if (in_array('phone', Tilmeld::$config['user_fields'])) {
        $this->whitelistData[] = 'phone';
      }
      if (in_array('timezone', Tilmeld::$config['user_fields'])) {
        $this->whitelistData[] = 'timezone';
      }
      if (in_array('address', Tilmeld::$config['user_fields'])) {
        $this->whitelistData[] = 'addressType';
        $this->whitelistData[] = 'addressStreet';
        $this->whitelistData[] = 'addressStreet2';
        $this->whitelistData[] = 'addressCity';
        $this->whitelistData[] = 'addressState';
        $this->whitelistData[] = 'addressZip';
        $this->whitelistData[] = 'addressInternational';
      }
      $this->privateData = [
        'originalEmail',
        'secret',
        'cancelEmailAddress',
        'cancelEmailSecret',
        'emailChangeDate',
        'recoverSecret',
        'recoverSecretTime',
        'password',
        'salt'
      ];
    }
  }

  public function gatekeeper($ability = null) {
    if (!isset($ability)) {
      return self::current(true)->is($this);
    }
    // Check the cache to see if we've already checked this user.
    if ($this->gatekeeperCache) {
      $abilities =& $this->gatekeeperCache;
    } else {
      $abilities = $this->abilities;
      if ($this->inheritAbilities) {
        foreach ($this->groups as &$curGroup) {
          if (!isset($curGroup->guid)) {
            continue;
          }
          $abilities = array_merge($abilities, $curGroup->abilities);
        }
        unset($curGroup);
        if (isset($this->group) && isset($this->group->guid)) {
          $abilities = array_merge($abilities, $this->group->abilities);
        }
      }
      $this->gatekeeperCache = $abilities;
    }
    if (!is_array($abilities)) {
      return false;
    }
    return (
      in_array($ability, $abilities) || in_array('system/admin', $abilities)
    );
  }

  public function clearCache() {
    $return = parent::clearCache();
    $this->gatekeeperCache = [];
    return $return;
  }

  public function sendEmailVerification() {
    if (!isset($this->guid)) {
      return false;
    }
    $success = true;
    if (isset($this->secret) && !isset($this->cancelEmailSecret)) {
      // phpcs:ignore Generic.Files.LineLength.TooLong
      $link = htmlspecialchars(Tilmeld::$config['setup_url'].(strpos(Tilmeld::$config['setup_url'], '?') ? '&' : '?').'action=verifyemail&id='.$this->guid.'&secret='.$this->secret);
      $macros = [
        'verify_link' => $link,
        'to_phone' => htmlspecialchars(
            \uMailPHP\Mail::formatPhone($this->phone)
        ),
        'to_timezone' => htmlspecialchars($this->timezone),
        'to_address' =>
          $this->addressType == 'us'
            ?
              htmlspecialchars(
                  "{$this->addressStreet} {$this->addressStreet2}"
              ).'<br />'.
              htmlspecialchars(
                  "{$this->addressCity}, {$this->addressState} ".
                    "{$this->addressZip}"
              )
            : '<pre>'.htmlspecialchars($this->addressInternational).'</pre>'
      ];
      $mail = new \uMailPHP\Mail(
          '\Tilmeld\Entities\Mail\VerifyEmail',
          $this,
          $macros
      );
      $success = $success && $mail->send();
    }
    if (isset($this->secret) && isset($this->cancelEmailSecret)) {
      // phpcs:ignore Generic.Files.LineLength.TooLong
      $link = htmlspecialchars(Tilmeld::$config['setup_url'].(strpos(Tilmeld::$config['setup_url'], '?') ? '&' : '?').'action=verifyemailchange&id='.$this->guid.'&secret='.$this->secret);
      $macros = [
        'verify_link' => $link,
        'old_email' => htmlspecialchars($this->cancelEmailAddress),
        'new_email' => htmlspecialchars($this->email),
        'to_phone' => htmlspecialchars(
            \uMailPHP\Mail::formatPhone($this->phone)
        ),
        'to_timezone' => htmlspecialchars($this->timezone),
        'to_address' =>
          $this->addressType == 'us'
            ?
              htmlspecialchars(
                  "{$this->addressStreet} {$this->addressStreet2}"
              ).'<br />'.
              htmlspecialchars(
                  "{$this->addressCity}, {$this->addressState} ".
                    "{$this->addressZip}"
              )
            : '<pre>'.htmlspecialchars($this->addressInternational).'</pre>'
      ];
      $mail = new \uMailPHP\Mail(
          '\Tilmeld\Entities\Mail\VerifyEmailChange',
          $this,
          $macros
      );
      $success = $success && $mail->send();
    }
    if (isset($this->cancelEmailSecret)) {
      // phpcs:ignore Generic.Files.LineLength.TooLong
      $link = htmlspecialchars(Tilmeld::$config['setup_url'].(strpos(Tilmeld::$config['setup_url'], '?') ? '&' : '?').'action=cancelemailchange&id='.$this->guid.'&secret='.$this->cancelEmailSecret);
      $macros = [
        'cancel_link' => $link,
        'old_email' => htmlspecialchars($this->cancelEmailAddress),
        'new_email' => htmlspecialchars($this->email),
        'to_phone' => htmlspecialchars(
            \uMailPHP\Mail::formatPhone($this->phone)
        ),
        'to_timezone' => htmlspecialchars($this->timezone),
        'to_address' =>
          $this->addressType == 'us'
            ?
              htmlspecialchars(
                  "{$this->addressStreet} {$this->addressStreet2}"
              ).'<br />'.
              htmlspecialchars(
                  "{$this->addressCity}, {$this->addressState} ".
                    "{$this->addressZip}"
              )
            : '<pre>'.htmlspecialchars($this->addressInternational).'</pre>'
      ];
      $mail = new \uMailPHP\Mail(
          '\Tilmeld\Entities\Mail\CancelEmailChange',
          $this,
          $macros
      );
      $success = $success && $mail->send();
    }
    return $success;
  }

  public function addGroup($group) {
    if (!$group->inArray((array) $this->groups)) {
      $this->groups[] = $group;
      return $this->groups;
    }
    return true;
  }

  public function checkPassword($password) {
    switch (Tilmeld::$config['pw_method']) {
      case 'plain':
        return ($this->password == $password);
      case 'digest':
        return ($this->password == hash('sha256', $password));
      case 'salt':
      default:
        return ($this->password == hash('sha256', $password.$this->salt));
    }
  }

  public function delGroup($group) {
    if ($group->inArray((array) $this->groups)) {
      foreach ((array) $this->groups as $key => $curGroup) {
        if ($group->is($curGroup)) {
          unset($this->groups[$key]);
        }
      }
      return $this->groups;
    }
    return true;
  }

  public function inGroup($group = null) {
    if (is_numeric($group)) {
      $group = Group::factory((int) $group);
    }
    if (!isset($group->guid)) {
      return false;
    }
    return ($group->inArray((array) $this->groups) || $group->is($this->group));
  }

  public function isDescendant($group = null) {
    if (is_numeric($group)) {
      $group = Group::factory((int) $group);
    }
    if (!isset($group->guid)) {
      return false;
    }
    // Check to see if the user is in a descendant group of the given group.
    if (isset($this->group->guid) && $this->group->isDescendant($group)) {
      return true;
    }
    foreach ((array) $this->groups as $curGroup) {
      if ($curGroup->isDescendant($group)) {
        return true;
      }
    }
    return false;
  }

  public function changePassword($data) {
    if (!isset($data['password']) || (string) $data['password'] === '') {
      return ['result' => false, 'message' => 'Please specify a password.'];
    }
    if (!$this->checkPassword($data['oldPassword'])) {
      return ['result' => false, 'message' => 'Incorrect password.'];
    }
    $this->passwordTemp = (string) $data['password'];
    if ($this->save()) {
      return ['result' => true, 'message' => 'Your password has been changed.'];
    } else {
      return ['result' => false, 'message' => 'Couldn\'t save new password.'];
    }
  }

  public function password($password) {
    switch (Tilmeld::$config['pw_method']) {
      case 'plain':
        unset($this->salt);
        return $this->password = $password;
      case 'digest':
        unset($this->salt);
        return $this->password = hash('sha256', $password);
      case 'salt':
      default:
        $this->salt = hash('sha256', rand());
        return $this->password = hash('sha256', $password.$this->salt);
    }
  }

  public function checkUsername() {
    if (!Tilmeld::$config['email_usernames']) {
      if (empty($this->username)) {
        return ['result' => false, 'message' => 'Please specify a username.'];
      }
      if (Tilmeld::$config['max_username_length'] > 0
          && strlen($this->username) > Tilmeld::$config['max_username_length']
        ) {
        return [
          'result' => false,
          'message' => 'Usernames must not exceed '.
            Tilmeld::$config['max_username_length'].' characters.'
        ];
      }
      if (array_diff(
          str_split($this->username),
          str_split(Tilmeld::$config['valid_chars'])
      )) {
        return [
          'result' => false,
          'message' => Tilmeld::$config['valid_chars_notice']
        ];
      }
      if (!preg_match(Tilmeld::$config['valid_regex'], $this->username)) {
        return [
          'result' => false,
          'message' => Tilmeld::$config['valid_regex_notice']
        ];
      }
      $selector = ['&',
        'ilike' => [
          'username',
          str_replace(
              ['\\', '%', '_'],
              ['\\\\\\\\', '\%', '\_'],
              $this->username
          )
        ]
      ];
      if (isset($this->guid)) {
        $selector['!guid'] = $this->guid;
      }
      $test = Nymph::getEntity(
          ['class' => '\Tilmeld\Entities\User', 'skip_ac' => true],
          $selector
      );
      if (isset($test->guid)) {
        return ['result' => false, 'message' => 'That username is taken.'];
      }

      return [
        'result' => true,
        'message' => (
          isset($this->guid) ? 'Username is valid.' : 'Username is available!'
        )
      ];
    } else {
      if (empty($this->username)) {
        return ['result' => false, 'message' => 'Please specify an email.'];
      }
      if (Tilmeld::$config['max_username_length'] > 0
          && strlen($this->username) > Tilmeld::$config['max_username_length']
        ) {
        return [
          'result' => false,
          'message' => 'Emails must not exceed '.
            Tilmeld::$config['max_username_length'].' characters.'
        ];
      }

      return $this->checkEmail();
    }
  }

  public function checkEmail() {
    if (empty($this->email)) {
      if (Tilmeld::$config['verify_email']) {
        return ['result' => false, 'message' => 'Please specify an email.'];
      } else {
        return ['result' => true, 'message' => ''];
      }
    }
    if (!preg_match(
        '/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i',
        $this->email
    )) {
      return [
        'result' => false,
        'message' => 'Email must be a correctly formatted address.'
      ];
    }
    $selector = ['&',
      'ilike' => [
        'email',
        str_replace(['\\', '%', '_'], ['\\\\\\\\', '\%', '\_'], $this->email)
      ]
    ];
    if (isset($this->guid)) {
      $selector['!guid'] = $this->guid;
    }
    $test = Nymph::getEntity(
        ['class' => '\Tilmeld\Entities\User', 'skip_ac' => true],
        $selector
    );
    if (isset($test->guid)) {
      return [
        'result' => false,
        'message' => 'That email address is already registered.'
      ];
    }

    return [
      'result' => true,
      'message' => (
        isset($this->guid) ? 'Email is valid.' : 'Email address is valid!'
      )
    ];
  }

  public function checkPhone() {
    if (empty($this->phone)) {
      return ['result' => false, 'message' => 'Please specify a phone number.'];
    }

    $stripToDigits = preg_replace('/\D/', '', $this->phone);
    if (!preg_match('/\d{10}/', $stripToDigits)) {
      return [
        'result' => false,
        'message' =>
          'Phone must contain 10 digits, but formatting does not matter.'
      ];
    }
    $selector = ['&',
        'strict' => ['phone', $stripToDigits]
      ];
    if (isset($this->guid)) {
      $selector['!guid'] = $this->guid;
    }
    $test = Nymph::getEntity(
        ['class' => '\Tilmeld\Entities\User', 'skip_ac' => true],
        $selector
    );
    if (isset($test->guid)) {
      return ['result' => false, 'message' => 'Phone number is in use.'];
    }

    return [
      'result' => true,
      'message' => (
        isset($this->guid) ? 'Phone number is valid.' : 'Phone number is valid!'
      )
    ];
  }

  public function register($data) {
    if (!Tilmeld::$config['allow_registration']) {
      return [
        'result' => false,
        'loggedin' => false,
        'message' => 'Registration is not allowed.'
      ];
    }
    if (isset($this->guid)) {
      return [
        'result' => false,
        'loggedin' => false,
        'message' => 'This is already a registered user.'
      ];
    }
    if (!isset($data['password']) || (string) $data['password'] === '') {
      return [
        'result' => false,
        'loggedin' => false,
        'message' => 'Password is a required field.'
      ];
    }
    $unCheck = $this->checkUsername();
    if (!$unCheck['result']) {
      return $unCheck;
    }

    $this->password((string) $data['password']);
    if (in_array('name', Tilmeld::$config['reg_fields'])) {
      $this->name =
        $this->nameFirst.
        (!empty($this->nameMiddle) ? ' '.$this->nameMiddle : '').
        (!empty($this->nameLast) ? ' '.$this->nameLast : '');
      if ($this->name === '') {
        $this->name = $this->username;
      }
    }
    if (Tilmeld::$config['email_usernames']) {
      $this->email = $this->username;
    }

    // Add primary group.
    $primaryGroup = null;
    $generatedPrimaryGroup = false;
    if (Tilmeld::$config['generate_primary']) {
      // Generate a new primary group for the user.
      $primaryGroup = Group::factory();
      $primaryGroup->groupname = $this->username;
      $primaryGroup->avatar = $this->avatar;
      $primaryGroup->name = $this->name;
      $primaryGroup->email = $this->email;
      $primaryGroup->parent = Nymph::getEntity(
          ['class' => '\Tilmeld\Entities\Group'],
          ['&',
            'equal' => ['defaultPrimary', true]
          ]
      );
      if (!isset($primaryGroup->parent) || !isset($primaryGroup->group->guid)) {
        unset($primaryGroup->parent);
      }
      if (!$primaryGroup->saveSkipAC()) {
        return [
          'result' => false,
          'loggedin' => false,
          'message' => 'Error creating primary group for user.'
        ];
      }
      $this->group = $primaryGroup;
      $generatedPrimaryGroup = $primaryGroup;
    } else {
      // Add the default primary.
      $this->group = Nymph::getEntity(
          ['class' => '\Tilmeld\Entities\Group'],
          ['&',
            'equal' => ['defaultPrimary', true]
          ]
      );
      if (!isset($this->group) || !isset($this->group->guid)) {
        unset($this->group);
      }
    }

    try {
      // Add secondary groups.
      if (Tilmeld::$config['verify_email']
          && Tilmeld::$config['unverified_access']
        ) {
        // Add the default secondaries for unverified users.
        $this->groups = (array) Nymph::getEntities(
            ['class' => '\Tilmeld\Entities\Group'],
            ['&',
              'equal' => ['unverifiedSecondary', true]
            ]
        );
      } else {
        // Add the default secondaries.
        $this->groups = (array) Nymph::getEntities(
            ['class' => '\Tilmeld\Entities\Group'],
            ['&',
              'equal' => ['defaultSecondary', true]
            ]
        );
      }

      if (Tilmeld::$config['verify_email']) {
        // The user will be enabled after verifying their e-mail address.
        if (!Tilmeld::$config['unverified_access']) {
          $this->enabled = false;
        }
      } else {
        $this->enabled = true;
      }

      // If create_admin is true and there are no other users, grant
      // "system/admin".
      if (Tilmeld::$config['create_admin']) {
        $otherUsers = Nymph::getEntities(
            ['class' => '\Tilmeld\Entities\User', 'skip_ac' => true, 'limit' => 1]
        );
        // Make sure it's not just null, cause that means an error.
        if ($otherUsers === []) {
          $this->grant('system/admin');
          $this->enabled = true;
        }
      }

      if ($this->saveSkipAC()) {
        // Send the new user registered email.
        $macros = [
          'user_username' => htmlspecialchars($this->username),
          'user_name' => htmlspecialchars($this->name),
          'user_first_name' => htmlspecialchars($this->nameFirst),
          'user_last_name' => htmlspecialchars($this->nameLast),
          'user_email' => htmlspecialchars($this->email),
          'user_phone' => htmlspecialchars(
              \uMailPHP\Mail::formatPhone($this->phone)
          ),
          'user_timezone' => htmlspecialchars($this->timezone),
          'user_address' =>
            $this->addressType == 'us'
              ?
                htmlspecialchars(
                    "{$this->addressStreet} {$this->addressStreet2}"
                ).'<br />'.
                htmlspecialchars(
                    "{$this->addressCity}, {$this->addressState} ".
                      "{$this->addressZip}"
                )
              : '<pre>'.htmlspecialchars($this->addressInternational).'</pre>'
        ];
        $mail = new \uMailPHP\Mail(
            '\Tilmeld\Entities\Mail\UserRegistered',
            null,
            $macros
        );
        $mail->send();

        $message = "";

        // Save the primary group.
        if ($primaryGroup) {
          $primaryGroup->user = $this;
          if (!$primaryGroup->saveSkipAC()) {
            $message .= "Your account was created, but your primary group ".
              "couldn't be assigned to you. You should ask an administrator to ".
              "fix this. ";
          }
        }

        // Finish up.
        if (Tilmeld::$config['verify_email']
            && !Tilmeld::$config['unverified_access']
          ) {
          $message .= "Almost there. An email has been sent to {$this->email} ".
            "with a verification link for you to finish registration.";
          $loggedin = false;
        } elseif (Tilmeld::$config['verify_email']
            && Tilmeld::$config['unverified_access']
          ) {
          Tilmeld::login($this, true);
          $this->updateDataProtection();
          $message .= "You're now logged in! An email has been sent to ".
            "{$this->email} with a verification link for you to finish ".
            "registration.";
          $loggedin = true;
        } else {
          Tilmeld::login($this, true);
          $this->updateDataProtection();
          $message .= 'You\'re now registered and logged in!';
          $loggedin = true;
        }
        return ['result' => true, 'loggedin' => $loggedin, 'message' => $message];
      } else {
        if ($generatedPrimaryGroup) {
          $generatedPrimaryGroup->delete();
        }
        return [
          'result' => false,
          'loggedin' => false,
          'message' => 'Error registering user.'
        ];
      }
    } catch (\Exception $e) {
      if ($generatedPrimaryGroup) {
        $generatedPrimaryGroup->delete();
      }
      throw $e;
    }
  }

  public function save() {
    if (!isset($this->username)) {
      return false;
    }

    $sendVerification = false;

    // Formatting.
    $this->username = trim($this->username);
    // Setting username sets both username and email if email_usernames is on.
    if (!Tilmeld::$config['email_usernames']) {
      $this->email = trim($this->email);
    }
    $this->nameFirst = trim($this->nameFirst);
    $this->nameMiddle = trim($this->nameMiddle);
    $this->nameLast = trim($this->nameLast);
    $this->phone = trim($this->phone);
    $this->name =
      $this->nameFirst.
      (!empty($this->nameMiddle) ? ' '.$this->nameMiddle : '').
      (!empty($this->nameLast) ? ' '.$this->nameLast : '');

    // Verification.
    $unCheck = $this->checkUsername();
    if (!$unCheck['result']) {
      throw new \Tilmeld\Exceptions\BadUsernameException($unCheck['message']);
    }
    if (!Tilmeld::$config['email_usernames']) {
      $emCheck = $this->checkEmail();
      if (!$emCheck['result']) {
        throw new \Tilmeld\Exceptions\BadEmailException($emCheck['message']);
      }
    }

    // Email changes.
    if (!Tilmeld::gatekeeper('tilmeld/admin')) {
      // The user isn't an admin, so email address changes should contain
      // some security measures.
      if (Tilmeld::$config['verify_email']) {
        // The user needs to verify this new email address.
        if (!isset($this->guid)) {
          $this->secret = self::generateSecret($this);
          $sendVerification = true;
        } elseif (!empty($this->originalEmail)
            && $this->originalEmail !== $this->email
          ) {
          // The user already has an old email address.
          if (Tilmeld::$config['email_rate_limit'] !== ''
              && isset($this->emailChangeDate)
              && $this->emailChangeDate >
                strtotime('-'.Tilmeld::$config['email_rate_limit'])
            ) {
            throw new \Tilmeld\Exceptions\EmailChangeRateLimitExceededException(
                'You already changed your email address recently. Please wait '.
                'until '.
                \uMailPHP\Mail::formatDate(
                    strtotime(
                        '+'.Tilmeld::$config['email_rate_limit'],
                        $this->emailChangeDate
                    ),
                    'full_short'
                ).
                ' to change your email address again.'
            );
          } else {
            if (!isset($this->secret)
                && (
                  // Make sure the user has at least the rate
                  // limit time to cancel an email change.
                  !isset($this->emailChangeDate) ||
                  $this->emailChangeDate <
                    strtotime('-'.Tilmeld::$config['email_rate_limit'])
                )
              ) {
              // Save the old email in case the cancel change
              // link is clicked.
              $this->cancelEmailAddress = $this->originalEmail;
              $this->cancelEmailSecret = self::generateSecret($this);
              $this->emailChangeDate = time();
            }
            $this->secret = self::generateSecret($this);
            $sendVerification = true;
          }
        }
      } elseif (isset($this->guid)
          && !empty($this->originalEmail)
          && $this->originalEmail !== $this->email
          && (
            // Make sure the user has at least the rate limit time
            // to cancel an email change.
            !isset($this->emailChangeDate) ||
            $this->emailChangeDate <
              strtotime('-'.Tilmeld::$config['email_rate_limit'])
          )
        ) {
        // The user doesn't need to verify their new email address, but
        // should be able to cancel the email change from their old
        // address.
        $this->cancelEmailAddress = $this->originalEmail;
        $this->cancelEmailSecret = self::generateSecret($this);
        $sendVerification = true;
      }
    }

    if (!isset($this->password) && !isset($this->passwordTemp)) {
      throw new \Tilmeld\Exceptions\BadDataException('A password is required.');
    }

    if (isset($this->passwordTemp) && $this->passwordTemp !== '') {
      $this->password($this->passwordTemp);
    }
    unset($this->passwordTemp);

    try {
      Tilmeld::$config['validator_user']->assert($this->getValidatable());
    // phpcs:ignore Generic.Files.LineLength.TooLong
    } catch (\Respect\Validation\Exceptions\NestedValidationException $exception) {
      throw new \Tilmeld\Exceptions\BadDataException(
          $exception->getFullMessage()
      );
    }

    if (isset($this->group->user) && $this->is($this->group->user)) {
      // Update the user's generated primary group.
      $this->group->groupname = $this->username;
      $this->group->avatar = $this->avatar;
      $this->group->email = $this->email;
      $this->group->name = $this->name;
      $this->group->saveSkipAC();
    }

    $return = parent::save();
    if ($return) {
      if ($sendVerification) {
        // The email has changed, so send a new verification email.
        $this->sendEmailVerification();
      }

      if (self::current(true)->is($this)) {
        // Update the user in the session cache.
        Tilmeld::fillSession($this);
      }

      $this->descendantGroups = null;
    }
    return $return;
  }

  public function saveSkipAC() {
    $this->skipAcWhenSaving = true;
    return $this->save();
  }

  public function tilmeldSaveSkipAC() {
    if ($this->skipAcWhenSaving) {
      $this->skipAcWhenSaving = false;
      return true;
    }
    return false;
  }

  public function delete() {
    if (!Tilmeld::gatekeeper('tilmeld/admin')) {
      return false;
    }
    if (self::current(true)->is($this)) {
      $this->logout();
    }
    return parent::delete();
  }
}