Merge pull request #460 from MrPetovan/task/3942-add-user-authenticate

Use User::authenticate
2017-12-02 09:05:18 +01:00 · 2017-12-02 09:05:18 +01:00 · 7a447e507e
parent 3a1b172d08 eadf7066e0
commit 7a447e507e
3 changed files with 542 additions and 538 deletions
--- a/dav/friendica/dav_friendica_auth.inc.php
+++ b/dav/friendica/dav_friendica_auth.inc.php
@ -1,39 +1,39 @@
 <?php
-class Sabre_DAV_Auth_Backend_Std extends Sabre_DAV_Auth_Backend_AbstractBasic {
+use Friendica\Model\User;
    public function __construct() {
    }
 class Sabre_DAV_Auth_Backend_Std extends Sabre_DAV_Auth_Backend_AbstractBasic
 {
 	/**
 	 * @var Sabre_DAV_Auth_Backend_Std|null
 	 */
-	private static $intstance = null;
+	private static $instance = null;
 	/**
 	 * @static
 	 * @return Sabre_DAV_Auth_Backend_Std
 	 */
-	public static function &getInstance() {
+	public static function getInstance()
-		if (is_null(self::$intstance)) {
+	{
-			self::$intstance = new Sabre_DAV_Auth_Backend_Std();
+		if (is_null(self::$instance)) {
 			self::$instance = new Sabre_DAV_Auth_Backend_Std();
 		}
-		return self::$intstance;
+		return self::$instance;
 	}
 	/**
 	 * @return array
 	 */
-	public function getUsers() {
+	public function getUsers()
 	{
 		return array($this->currentUser);
 	}
 	/**
 	 * @return null|string
 	 */
-	public function getCurrentUser() {
+	public function getCurrentUser()
 	{
 		return $this->currentUser;
 	}
@ -48,8 +48,8 @@ class Sabre_DAV_Auth_Backend_Std extends Sabre_DAV_Auth_Backend_AbstractBasic {
 	 * @throws Sabre_DAV_Exception_NotAuthenticated
 	 * @return bool
 	 */
-	public function authenticate(Sabre_DAV_Server $server, $realm) {
+	public function authenticate(Sabre_DAV_Server $server, $realm)
-
+	{
 		$a = get_app();
 		if (isset($a->user["uid"])) {
 			$this->currentUser = strtolower($a->user["nickname"]);
@ -75,19 +75,13 @@ class Sabre_DAV_Auth_Backend_Std extends Sabre_DAV_Auth_Backend_AbstractBasic {
 		return true;
 	}
 	/**
 	 * @param string $username
 	 * @param string $password
 	 * @return bool
 	 */
-	protected function validateUserPass($username, $password) {
+	protected function validateUserPass($username, $password)
-		$encrypted = hash('whirlpool',trim($password));
+	{
-		$r = q("SELECT COUNT(*) anz FROM `user` WHERE `nickname` = '%s' AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
+		return User::authenticate($username, $password);
 			dbesc(trim($username)),
 			dbesc($encrypted)
 		);
 		return ($r[0]["anz"] == 1);
 	}
 }
--- a/jappixmini/jappixmini.php
+++ b/jappixmini/jappixmini.php
@ -7,7 +7,6 @@
 * Author: leberwurscht <leberwurscht@hoegners.de>
 *
 */
 //
 // Copyright 2012 "Leberwurscht" <leberwurscht@hoegners.de>
 //
@ -63,10 +62,13 @@ json({"status":"ok", "encrypted_address":"%s"})
 */
 use Friendica\App;
 use Friendica\Core\Config;
 use Friendica\Core\PConfig;
 use Friendica\Model\User;
-function jappixmini_install() {
+function jappixmini_install()
 {
 	register_hook('plugin_settings', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings');
 	register_hook('plugin_settings_post', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings_post');
@ -80,23 +82,27 @@ register_hook('about_hook', 'addon/jappixmini/jappixmini.php', 'jappixmini_downl
 	// set standard configuration
 	$info_text = Config::get("jappixmini", "infotext");
-if (!$info_text) set_confConfig::setig("jappixmini", "infotext",
+	if (!$info_text)
-	"To get the chat working, you need to know a BOSH host which works with your Jabber account. ".
+		set_confConfig::setig("jappixmini", "infotext", "To get the chat working, you need to know a BOSH host which works with your Jabber account. " .
 			"An example of a BOSH server that works for all accounts is https://bind.jappix.com/, but keep " .
 			"in mind that the BOSH server can read along all chat messages. If you know that your Jabber " .
 			"server also provides an own BOSH server, it is much better to use this one!"
 		);
 	$bosh_proxy = Config::get("jappixmini", "bosh_proxy");
-if ($bosh_proxy==="") Config::set("jappixmini", "bosh_proxy", "1");
+	if ($bosh_proxy === "") {
 		Config::set("jappixmini", "bosh_proxy", "1");
 	}
 	// set addon version so that safe updates are possible later
 	$addon_version = Config::get("jappixmini", "version");
-if ($addon_version==="") Config::set("jappixmini", "version", "1");
+	if ($addon_version === "") {
 		Config::set("jappixmini", "version", "1");
 	}
 }
-
+function jappixmini_uninstall()
-function jappixmini_uninstall() {
+{
 	unregister_hook('plugin_settings', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings');
 	unregister_hook('plugin_settings_post', 'addon/jappixmini/jappixmini.php', 'jappixmini_settings_post');
@ -108,16 +114,18 @@ unregister_hook('cron', 'addon/jappixmini/jappixmini.php', 'jappixmini_cron');
 	unregister_hook('about_hook', 'addon/jappixmini/jappixmini.php', 'jappixmini_download_source');
 }
-function jappixmini_plugin_admin(&$a, &$o) {
+function jappixmini_plugin_admin(App $a, &$o)
 {
 	// display instructions and warnings on addon settings page for admin
 	if (!file_exists("addon/jappixmini.tgz")) {
 		$o .= '<p><strong style="color:#fff;background-color:#f00">The source archive jappixmini.tgz does not exist. This is probably a violation of the Jappix License (AGPL).</strong></p>';
 	}
 	// warn if cron job has not yet been executed
 	$cron_run = Config::get("jappixmini", "last_cron_execution");
-	if (!$cron_run) $o .= "<p><strong>Warning: The cron job has not yet been executed. If this message is still there after some time (usually 10 minutes), this means that autosubscribe and autoaccept will not work.</strong></p>";
+	if (!$cron_run) {
 		$o .= "<p><strong>Warning: The cron job has not yet been executed. If this message is still there after some time (usually 10 minutes), this means that autosubscribe and autoaccept will not work.</strong></p>";
 	}
 	// bosh proxy
 	$bosh_proxy = intval(Config::get("jappixmini", "bosh_proxy"));
@ -150,7 +158,8 @@ function jappixmini_plugin_admin(&$a, &$o) {
 	$o .= '<input type="submit" name="jappixmini-admin-settings" value="OK" />';
 }
-function jappixmini_plugin_admin_post(&$a) {
+function jappixmini_plugin_admin_post(App $a)
 {
 	// set info text
 	$submit = $_REQUEST['jappixmini-admin-settings'];
 	if ($submit) {
@ -167,29 +176,35 @@ function jappixmini_plugin_admin_post(&$a) {
 	}
 }
-function jappixmini_module() {}
+function jappixmini_module()
-function jappixmini_init(&$a) {
+{
 }
 function jappixmini_init()
 {
 	// module page where other Friendica sites can submit Jabber addresses to and also can query Jabber addresses
 	// of local users
 	$dfrn_id = $_REQUEST["dfrn_id"];
-	if (!$dfrn_id) killme();
+	if (!$dfrn_id) {
 		killme();
 	}
 	$role = $_REQUEST["role"];
 	if ($role == "pub") {
-		$r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1",
+		$r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1", dbesc($dfrn_id));
-			dbesc($dfrn_id)
+		if (!count($r)) {
-		);
+			killme();
-		if (!count($r)) killme();
+		}
 		$encrypt_func = openssl_public_encrypt;
 		$decrypt_func = openssl_public_decrypt;
 		$key = $r[0]["pubkey"];
 	} else if ($role == "prv") {
-		$r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1",
+		$r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1", dbesc($dfrn_id));
-			dbesc($dfrn_id)
+		if (!count($r)) {
-		);
+			killme();
-		if (!count($r)) killme();
+		}
 		$encrypt_func = openssl_private_encrypt;
 		$decrypt_func = openssl_private_decrypt;
@ -211,11 +226,14 @@ function jappixmini_init(&$a) {
 		$now = intval(time());
 		PConfig::set($uid, "jappixmini", "id:$dfrn_id", "$now:$trusted_address");
 	} catch (Exception $e) {
 	}
 	// do not return an address if user deactivated plugin
 	$activated = PConfig::get($uid, 'jappixmini', 'activate');
-	if (!$activated) killme();
+	if (!$activated) {
 		killme();
 	}
 	// return the requested Jabber address
 	try {
@ -241,9 +259,9 @@ function jappixmini_init(&$a) {
 	}
 }
-function jappixmini_settings(&$a, &$s) {
+function jappixmini_settings(App $a, &$s)
 {
 	// addon settings for a user
 	$activate = PConfig::get(local_user(), 'jappixmini', 'activate');
 	$activate = intval($activate) ? ' checked="checked"' : '';
 	$dontinsertchat = PConfig::get(local_user(), 'jappixmini', 'dontinsertchat');
@ -251,8 +269,9 @@ function jappixmini_settings(&$a, &$s) {
 	$defaultbosh = Config::get("jappixmini", "bosh_address");
-    if ($defaultbosh != "")
+	if ($defaultbosh != "") {
 		PConfig::set(local_user(), 'jappixmini', 'bosh', $defaultbosh);
 	}
 	$username = PConfig::get(local_user(), 'jappixmini', 'username');
 	$username = htmlentities($username);
@ -269,11 +288,13 @@ function jappixmini_settings(&$a, &$s) {
 	$encrypt_checked = $encrypt ? ' checked="checked"' : '';
 	$encrypt_disabled = $encrypt ? '' : ' disabled="disabled"';
-    if ($server == "")
+	if ($server == "") {
 		$server = Config::get("jappixmini", "default_server");
 	}
-    if (($username == "") && Config::get("jappixmini", "default_user"))
+	if (($username == "") && Config::get("jappixmini", "default_user")) {
 		$username = $a->user["nickname"];
 	}
 	$info_text = Config::get("jappixmini", "infotext");
 	$info_text = htmlentities($info_text);
@ -281,13 +302,19 @@ function jappixmini_settings(&$a, &$s) {
 	// count contacts
 	$r = q("SELECT COUNT(1) as `cnt` FROM `pconfig` WHERE `uid`=%d AND `cat`='jappixmini' AND `k` LIKE 'id:%%'", local_user());
-    if (count($r)) $contact_cnt = $r[0]["cnt"];
+	if (count($r)) {
-    else $contact_cnt = 0;
+		$contact_cnt = $r[0]["cnt"];
 	} else {
 		$contact_cnt = 0;
 	}
 	// count jabber addresses
 	$r = q("SELECT COUNT(1) as `cnt` FROM `pconfig` WHERE `uid`=%d AND `cat`='jappixmini' AND `k` LIKE 'id:%%' AND `v` LIKE '%%@%%'", local_user());
-    if (count($r)) $address_cnt = $r[0]["cnt"];
+	if (count($r)) {
-    else $address_cnt = 0;
+		$address_cnt = $r[0]["cnt"];
 	} else {
 		$address_cnt = 0;
 	}
 	if (!$activate) {
 		// load scripts if not yet activated so that password can be saved
@ -324,7 +351,6 @@ function jappixmini_settings(&$a, &$s) {
 		$s .= '<br />';
 	}
 	$s .= '<label for="jappixmini-password">' . t('Jabber password') . '</label>';
 	$s .= ' <input type="hidden" id="jappixmini-password" name="jappixmini-encrypted-password" value="' . $password . '" />';
 	$s .= ' <input id="jappixmini-clear-password" type="password" value="" onchange="jappixmini_set_password();" />';
@ -345,7 +371,9 @@ function jappixmini_settings(&$a, &$s) {
 	$s .= '<label for="jappixmini-purge">' . t('Purge internal list of jabber addresses of contacts') . '</label>';
 	$s .= ' <input id="jappixmini-purge" type="checkbox" name="jappixmini-purge" value="1" />';
 	$s .= '<br />';
-    if ($info_text) $s .= '<br />Configuration help:<p style="margin-left:2em;">'.$info_text.'</p>';
+	if ($info_text) {
 		$s .= '<br />Configuration help:<p style="margin-left:2em;">' . $info_text . '</p>';
 	}
 	$s .= '<br />Status:<p style="margin-left:2em;">Addon knows ' . $address_cnt . ' Jabber addresses of ' . $contact_cnt . ' Friendica contacts (takes some time, usually 10 minutes, to update).</p>';
 	$s .= '<input type="submit" name="jappixmini-submit" value="' . t('Save Settings') . '" />';
 	$s .= ' <input type="button" value="' . t('Add contact') . '" onclick="jappixmini_addon_subscribe();" />';
@ -388,10 +416,12 @@ function jappixmini_settings(&$a, &$s) {
    </script>";
 }
-function jappixmini_settings_post(&$a,&$b) {
+function jappixmini_settings_post(App $a, &$b)
 {
 	// save addon settings for a user
-
+	if (!local_user()) {
-	if(! local_user()) return;
+		return;
 	}
 	$uid = local_user();
 	if ($_POST['jappixmini-submit']) {
@ -399,11 +429,7 @@ function jappixmini_settings_post(&$a,&$b) {
 		if ($encrypt) {
 			// check that Jabber password was encrypted with correct Friendica password
 			$friendica_password = trim($b['jappixmini-friendica-password']);
-			$encrypted = hash('whirlpool',$friendica_password);
+			if (!User::authenticate((int) $uid, $friendica_password)) {
 			$r = q("SELECT * FROM `user` WHERE `uid`=$uid AND `password`='%s'",
 				dbesc($encrypted)
 			);
 			if (!count($r)) {
 				info("Wrong friendica password!");
 				return;
 			}
@ -413,11 +439,15 @@ function jappixmini_settings_post(&$a,&$b) {
 		$username = trim($b['jappixmini-username']);
 		$old_username = PConfig::get($uid, 'jappixmini', 'username');
-		if ($username!=$old_username) $purge = 1;
+		if ($username != $old_username) {
 			$purge = 1;
 		}
 		$server = trim($b['jappixmini-server']);
 		$old_server = PConfig::get($uid, 'jappixmini', 'server');
-		if ($server!=$old_server) $purge = 1;
+		if ($server != $old_server) {
 			$purge = 1;
 		}
 		PConfig::set($uid, 'jappixmini', 'username'      , $username);
 		PConfig::set($uid, 'jappixmini', 'server'        , $server);
@ -437,17 +467,22 @@ function jappixmini_settings_post(&$a,&$b) {
 	}
 }
-function jappixmini_script(&$a,&$s) {
+function jappixmini_script(App $a)
 {
 	// adds the script to the page header which starts Jappix Mini
-
+	if (!local_user()) {
    if(! local_user()) return;
    if ($_GET["mode"] == "minimal")
 		return;
 	}
 	if ($_GET["mode"] == "minimal") {
 		return;
 	}
 	$activate = PConfig::get(local_user(), 'jappixmini', 'activate');
 	$dontinsertchat = PConfig::get(local_user(), 'jappixmini', 'dontinsertchat');
-    if (!$activate || $dontinsertchat) return;
+	if (!$activate || $dontinsertchat) {
 		return;
 	}
 	$a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&amp;g=mini.xml"></script>' . "\r\n";
 	$a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&amp;f=presence.js~caps.js~name.js~roster.js"></script>' . "\r\n";
@ -474,8 +509,7 @@ function jappixmini_script(&$a,&$s) {
 	$use_proxy = Config::get('jappixmini', 'bosh_proxy');
 	if ($use_proxy) {
 		$proxy = $a->get_baseurl() . '/addon/jappixmini/proxy.php';
-    }
+	} else {
    else {
 		$proxy = "";
 	}
@ -487,18 +521,19 @@ function jappixmini_script(&$a,&$s) {
 		$key = $row['k'];
 		$pos = strpos($key, ":");
 		$dfrn_id = substr($key, $pos + 1);
-        $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')",
+		$r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND (`dfrn-id`='%s' OR `issued-id`='%s')", dbesc($dfrn_id), dbesc($dfrn_id));
 		dbesc($dfrn_id),
 		dbesc($dfrn_id)
 	);
 		if (count($r))
 			$name = $r[0]["name"];
 		$value = $row['v'];
 		$pos = strpos($value, ":");
 		$address = substr($value, $pos + 1);
-	if (!$address) continue;
+		if (!$address) {
-	if (!$name) $name = $address;
+			continue;
 		}
 		if (!$name) {
 			$name = $address;
 		}
 		$contacts[$address] = $name;
 	}
@ -524,9 +559,9 @@ function jappixmini_script(&$a,&$s) {
 	return;
 }
-function jappixmini_login(&$a, &$o) {
+function jappixmini_login(App $a, &$o)
 {
 	// create client secret on login to be able to encrypt jabber passwords
 	// for setDB and str_sha1, needed by jappixmini_addon_set_client_secret
 	$a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&amp;f=datastore.js~jsjac.js"></script>' . "\r\n";
@ -537,17 +572,18 @@ function jappixmini_login(&$a, &$o) {
 	$o = str_replace("<form ", "<form onsubmit=\"jappixmini_addon_set_client_secret(this.elements['id_password'].value);return true;\" ", $o);
 }
-function jappixmini_cron(&$a, $d) {
+function jappixmini_cron(App $a, $d)
 {
 	// For autosubscribe/autoapprove, we need to maintain a list of jabber addresses of our contacts.
 	Config::set("jappixmini", "last_cron_execution", $d);
 	// go through list of users with jabber enabled
 	$users = q("SELECT `uid` FROM `pconfig` WHERE `cat`='jappixmini' AND (`k`='autosubscribe' OR `k`='autoapprove') AND `v`='1'");
 	logger("jappixmini: Update list of contacts' jabber accounts for " . count($users) . " users.");
-	if(! count($users))
+	if (!count($users)) {
 		return;
 	}
 	foreach ($users as $row) {
 		$uid = $row["uid"];
@ -557,7 +593,9 @@ function jappixmini_cron(&$a, $d) {
 			intval($uid), dbesc(NETWORK_DFRN));
 		foreach ($contacts as $contact_row) {
 			$request = $contact_row["request"];
-			if (!$request) continue;
+			if (!$request) {
 				continue;
 			}
 			$dfrn_id = $contact_row["dfrn-id"];
 			if ($dfrn_id) {
@ -583,20 +621,28 @@ function jappixmini_cron(&$a, $d) {
 				// do not re-retrieve jabber address if last retrieval
 				// is not older than a week
-				if ($now-$timestamp<3600*24*7) continue;
+				if ($now - $timestamp < 3600 * 24 * 7) {
 					continue;
 				}
 			}
 			// construct base retrieval address
 			$pos = strpos($request, "/dfrn_request/");
-			if ($pos===false) continue;
+			if ($pos === false) {
 				continue;
 			}
 			$base = substr($request, 0, $pos) . "/jappixmini?role=$role";
 			// construct own address
 			$username = PConfig::get($uid, 'jappixmini', 'username');
-			if (!$username) continue;
+			if (!$username) {
 				continue;
 			}
 			$server = PConfig::get($uid, 'jappixmini', 'server');
-			if (!$server) continue;
+			if (!$server) {
 				continue;
 			}
 			$address = $username . "@" . $server;
@ -614,18 +660,26 @@ function jappixmini_cron(&$a, $d) {
 				// parse answer
 				$answer = json_decode($answer_json);
-				if ($answer->status != "ok") throw new Exception();
+				if ($answer->status != "ok") {
 					throw new Exception();
 				}
 				$encrypted_address_hex = $answer->encrypted_address;
-				if (!$encrypted_address_hex) throw new Exception();
+				if (!$encrypted_address_hex) {
 					throw new Exception();
 				}
 				$encrypted_address = hex2bin($encrypted_address_hex);
-				if (!$encrypted_address) throw new Exception();
+				if (!$encrypted_address) {
 					throw new Exception();
 				}
 				// decrypt address
 				$decrypted_address = "";
 				$decrypt_func($encrypted_address, $decrypted_address, $key);
-				if (!$decrypted_address) throw new Exception();
+				if (!$decrypted_address) {
 					throw new Exception();
 				}
 			} catch (Exception $e) {
 				$decrypted_address = "";
 			}
@ -636,9 +690,9 @@ function jappixmini_cron(&$a, $d) {
 	}
 }
-function jappixmini_download_source(&$a,&$b) {
+function jappixmini_download_source(App $a, &$b)
 {
 	// Jappix Mini source download link on About page
 	$b .= '<h1>Jappix Mini</h1>';
 	$b .= '<p>This site uses the jappixmini addon, which includes Jappix Mini by the <a href="' . $a->get_baseurl() . '/addon/jappixmini/jappix/AUTHORS">Jappix authors</a> and is distributed under the terms of the <a href="' . $a->get_baseurl() . '/addon/jappixmini/jappix/COPYING">GNU Affero General Public License</a>.</p>';
 	$b .= '<p>You can download the <a href="' . $a->get_baseurl() . '/addon/jappixmini.tgz">source code of the addon</a>. The rest of Friendica is distributed under compatible licenses and can be retrieved from <a href="https://github.com/friendica/friendica">https://github.com/friendica/friendica</a> and <a href="https://github.com/friendica/friendica-addons">https://github.com/friendica/friendica-addons</a></p>';
--- a/windowsphonepush/windowsphonepush.php
+++ b/windowsphonepush/windowsphonepush.php
@ -1,4 +1,5 @@
 <?php
 /**
 * Name: WindowsPhonePush
 * Description: Enable push notification to send information to Friendica Mobile app on Windows phone (count of unread timeline entries, text of last posting - if wished by user)
@ -24,46 +25,34 @@
 *        sets the counter back
 *        count only unseen elements which are not type=activity (likes and dislikes not seen as new elements)
 */
-
+use Friendica\App;
 use Friendica\Core\PConfig;
 use Friendica\Model\User;
-function windowsphonepush_install() {
+function windowsphonepush_install()
-
+{
-	/**
+	/* Our plugin will attach in three places.
 	 * 
 	 * Our plugin will attach in three places.
 	 * The first is within cron - so the push notifications will be
 	 * sent every 10 minutes (or whatever is set in crontab).
 	 *
 	 */
 	register_hook('cron', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_cron');
-	/**
+	/* Then we'll attach into the plugin settings page, and also the
 	 *
 	 * Then we'll attach into the plugin settings page, and also the 
 	 * settings post hook so that we can create and update
 	 * user preferences. User shall be able to activate the plugin and
 	 * define whether he allows pushing first characters of item text
 	 *
 	 */
 	register_hook('plugin_settings', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_settings');
 	register_hook('plugin_settings_post', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_settings_post');
 	logger("installed windowsphonepush");
 }
-
+function windowsphonepush_uninstall()
-function windowsphonepush_uninstall() {
+{
-
+	/* uninstall unregisters any hooks created with register_hook
 	/**
 	 *
 	 * uninstall unregisters any hooks created with register_hook
 	 * during install. Don't delete data in table `pconfig`.
 	 *
 	 */
 	unregister_hook('cron', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_cron');
 	unregister_hook('plugin_settings', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_settings');
 	unregister_hook('plugin_settings_post', 'addon/windowsphonepush/windowsphonepush.php', 'windowsphonepush_settings_post');
@ -71,22 +60,22 @@ function windowsphonepush_uninstall() {
 	logger("removed windowsphonepush");
 }
 /* declare the windowsphonepush function so that /windowsphonepush url requests will land here */
-function windowsphonepush_module() {}
+function windowsphonepush_module()
 {
 }
-/**
+/* Callback from the settings post function.
 *
 * Callback from the settings post function.
 * $post contains the $_POST array.
 * We will make sure we've got a valid user account
 * and if so set our configuration setting for this person.
 *
 */
-function windowsphonepush_settings_post($a,$post) {
+function windowsphonepush_settings_post($a, $post)
-	if(! local_user() || (! x($_POST,'windowsphonepush-submit')))
+{
 	if (!local_user() || (!x($_POST, 'windowsphonepush-submit'))) {
 		return;
 	}
 	$enable = intval($_POST['windowsphonepush']);
 	PConfig::set(local_user(), 'windowsphonepush', 'enable', $enable);
@ -99,17 +88,14 @@ function windowsphonepush_settings_post($a,$post) {
 	info(t('WindowsPhonePush settings updated.') . EOL);
 }
-
+/* Called from the Plugin Setting form.
 /**
 *
 * Called from the Plugin Setting form. 
 * Add our own settings info to the page.
 *
 */
-function windowsphonepush_settings(&$a,&$s) {
+function windowsphonepush_settings(&$a, &$s)
-
+{
-	if(! local_user())
+	if (!local_user()) {
 		return;
 	}
 	/* Add our stylesheet to the page so we can make our settings look nice */
 	$a->page['htmlhead'] .= '<link rel="stylesheet"  type="text/css" href="' . $a->get_baseurl() . '/addon/windowsphonepush/windowsphonepush.css' . '" media="all" />' . "\r\n";
@ -147,18 +133,13 @@ function windowsphonepush_settings(&$a,&$s) {
 	$s .= '</div><div class="clear"></div></div>';
 	return;
 }
-
+/* Cron function used to regularly check all users on the server with active windowsphonepushplugin and send
 /**
 *
 * Cron function used to regularly check all users on the server with active windowsphonepushplugin and send
 * notifications to the Microsoft servers and consequently to the Windows Phone device
 *
 */
-
+function windowsphonepush_cron()
-function windowsphonepush_cron() {
+{
 	// retrieve all UID's for which the plugin windowsphonepush is enabled and loop through every user
 	$r = q("SELECT * FROM `pconfig` WHERE `cat` = 'windowsphonepush' AND `k` = 'enable' AND `v` = 1");
 	if (count($r)) {
@ -175,9 +156,7 @@ function windowsphonepush_cron() {
 			} else {
 				// retrieve the number of unseen items and the id of the latest one (if there are more than
 				// one new entries since last poller run, only the latest one will be pushed)
-				$count = q("SELECT count(`id`) as count, max(`id`) as max FROM `item` WHERE `unseen` = 1 AND `type` <> 'activity' AND `uid` = %d",
+				$count = q("SELECT count(`id`) as count, max(`id`) as max FROM `item` WHERE `unseen` = 1 AND `type` <> 'activity' AND `uid` = %d", intval($rr['uid']));
 					intval($rr['uid'])
 				);
 				// send number of unseen items to the device (the number will be displayed on Start screen until
 				// App will be started by user) - this update will be sent every 10 minutes to update the number to 0 if
@ -212,9 +191,7 @@ function windowsphonepush_cron() {
 					$senditemtext = PConfig::get($rr['uid'], 'windowsphonepush', 'senditemtext');
 					if ($senditemtext == 1) {
 						// load item with the max id
-						$item = q("SELECT `author-name` as author, `body` as body FROM `item` where `id` = %d",
+						$item = q("SELECT `author-name` as author, `body` as body FROM `item` where `id` = %d", intval($count[0]['max']));
 							intval($count[0]['max'])
 						);
 						// as user allows to send the item, we want to show the sender of the item in the toast
 						// toasts are limited to one line, therefore place is limited - author shall be in
@ -227,9 +204,9 @@ function windowsphonepush_cron() {
 						// Otherwise BBcode-Tags will be eliminated and plain text cutted to 140 chars (incl. dots)
 						// BTW: information only possible in English
 						$body = $item[0]['body'];
-						if (substr($body, 0, 4) == "[url") 
+						if (substr($body, 0, 4) == "[url") {
 							$body = "URL/Image ...";
-						else {
+						} else {
 							require_once('include/bbcode.php');
 							require_once("include/html2plain.php");
 							$body = bbcode($body, false, false, 2, true);
@ -256,14 +233,11 @@ function windowsphonepush_cron() {
 	}
 }
-
+/* Tile push notification change the number in the icon of the App in Start Screen of
 /* 
 *
 * Tile push notification change the number in the icon of the App in Start Screen of
 * a Windows Phone Device, Image could be changed, not used for App "Friendica Mobile"
 * 
 */
-function send_tile_update($device_url, $image_url, $count, $title, $priority = 1) {
+function send_tile_update($device_url, $image_url, $count, $title, $priority = 1)
 {
 	$msg = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" .
 		"<wp:Notification xmlns:wp=\"WPNotification\">" .
 		"<wp:Tile>" .
@ -280,14 +254,12 @@ function send_tile_update($device_url, $image_url, $count, $title, $priority = 1
 	return $result;
 }
-/*
+/* Toast push notification send information to the top of the display
 * 
 * Toast push notification send information to the top of the display
 * if the user is not currently using the Friendica Mobile App, however
 * there is only one line for displaying the information
 *
 */
-function send_toast($device_url, $title, $message, $priority = 2) {
+function send_toast($device_url, $title, $message, $priority = 2)
 {
 	$msg = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" .
 		"<wp:Notification xmlns:wp=\"WPNotification\">" .
 		"<wp:Toast>" .
@ -304,19 +276,15 @@ function send_toast($device_url, $title, $message, $priority = 2) {
 	return $result;
 }
-/* 
+// General function to send the push notification via cURL
- *
+function send_push($device_url, $headers, $msg)
- * General function to send the push notification via cURL
+{
 *
 */ 
 function send_push($device_url, $headers, $msg) {
 	$ch = curl_init();
 	curl_setopt($ch, CURLOPT_URL, $device_url);
 	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 	curl_setopt($ch, CURLOPT_POST, true);
 	curl_setopt($ch, CURLOPT_HEADER, true);
-	curl_setopt($ch, CURLOPT_HTTPHEADER,
+	curl_setopt($ch, CURLOPT_HTTPHEADER, $headers + array(
 		$headers + array(
 		'Content-Type: text/xml',
 		'charset=utf-8',
 		'Accept: application/*',
@ -341,25 +309,21 @@ function send_push($device_url, $headers, $msg) {
 	return $notificationStatus;
 }
-/*
+// helper function to receive statuses from webresponse of Microsoft server
- * helper function to receive statuses from webresponse of Microsoft server
+function get_header_value($content, $header)
- */ 
+{
 function get_header_value($content, $header) {
 	return preg_match_all("/$header: (.*)/i", $content, $match) ? $match[1][0] : "";
 }
-
+/* reading information from url and deciding which function to start
 /*
 * 
 * reading information from url and deciding which function to start
 * show_settings = delivering settings to check
 * update_settings = set the device_url
 * update_counterunseen = set counter for unseen elements to zero
 *
 */
-function windowsphonepush_content(&$a) {	
+function windowsphonepush_content(App $a)
 {
 	// Login with the specified Network credentials (like in api.php)
-	windowsphonepush_login();
+	windowsphonepush_login($a);
 	$path = $a->argv[0];
 	$path2 = $a->argv[1];
@ -387,12 +351,12 @@ function windowsphonepush_content(&$a) {
 	}
 }
-/* 
+// return settings for windowsphonepush addon to be able to check them in WP app
- * return settings for windowsphonepush addon to be able to check them in WP app
+function windowsphonepush_showsettings()
- */
+{
-function windowsphonepush_showsettings(&$a) {
+	if (!local_user()) {
 	if(! local_user())
 		return;
 	}
 	$enable = PConfig::get(local_user(), 'windowsphonepush', 'enable');
 	$device_url = PConfig::get(local_user(), 'windowsphonepush', 'device_url');
@ -401,11 +365,13 @@ function windowsphonepush_showsettings(&$a) {
 	$counterunseen = PConfig::get(local_user(), 'windowsphonepush', 'counterunseen');
 	$addonversion = "2.0";
-	if (!$device_url)
+	if (!$device_url) {
 		$device_url = "";
 	}
-	if (!$lastpushid)
+	if (!$lastpushid) {
 		$lastpushid = 0;
 	}
 	header("Content-Type: application/json");
 	echo json_encode(array('uid' => local_user(),
@ -417,11 +383,11 @@ function windowsphonepush_showsettings(&$a) {
 		'addonversion' => $addonversion));
 }
-/* 
+/* update_settings is used to transfer the device_url from WP device to the Friendica server
 * update_settings is used to transfer the device_url from WP device to the Friendica server
 * return the status of the operation to the server
 */
-function windowsphonepush_updatesettings(&$a) {
+function windowsphonepush_updatesettings()
 {
 	if (!local_user()) {
 		return "Not Authenticated";
 	}
@ -460,10 +426,9 @@ function windowsphonepush_updatesettings(&$a) {
 	return "Device-URL updated successfully!";
 }
-/* 
+// update_counterunseen is used to reset the counter to zero from Windows Phone app
- * update_counterunseen is used to reset the counter to zero from Windows Phone app 
+function windowsphonepush_updatecounterunseen()
- */
+{
 function windowsphonepush_updatecounterunseen() {
 	if (!local_user()) {
 		return "Not Authenticated";
 	}
@ -478,11 +443,11 @@ function windowsphonepush_updatecounterunseen() {
 	return "Counter set to zero";
 }
-/*
+/* helper function to login to the server with the specified Network credentials
 * helper function to login to the server with the specified Network credentials
 * (mainly copied from api.php)
 */
-function windowsphonepush_login() {
+function windowsphonepush_login(App $a)
 {
 	if (!isset($_SERVER['PHP_AUTH_USER'])) {
 		logger('API_login: ' . print_r($_SERVER, true), LOGGER_DEBUG);
 		header('WWW-Authenticate: Basic realm="Friendica"');
@ -490,19 +455,10 @@ function windowsphonepush_login() {
 		die('This api requires login');
 	}
-	$user = $_SERVER['PHP_AUTH_USER'];
+	$user_id = User::authenticate($_SERVER['PHP_AUTH_USER'], trim($_SERVER['PHP_AUTH_PW']));
 	$encrypted = hash('whirlpool',trim($_SERVER['PHP_AUTH_PW']));
-	// check if user specified by app is available in the user table
+	if ($user_id) {
-	$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' )
+		$record = dba::select('user', [], ['uid' => $user_id], ['limit' => 1]);
 	    AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1",
 	    dbesc(trim($user)),
 	    dbesc(trim($user)),
 	    dbesc($encrypted)
 	);
 	if(count($r)){
 	    $record = $r[0];
 	} else {
 		logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
 		header('WWW-Authenticate: Basic realm="Friendica"');
@ -510,8 +466,8 @@ function windowsphonepush_login() {
 		die('This api requires login');
 	}
-	require_once('include/security.php');
+	require_once 'include/security.php';
-	authenticate_success($record); $_SESSION["allow_api"] = true;
+	authenticate_success($record);
 	$_SESSION["allow_api"] = true;
 	call_hooks('logged_in', $a->user);
 }