mod/manage.php

   1 <?php
   2 /**
   3  * @file mod/manage.php
   4  */
   5 use Friendica\App;
   6 use Friendica\Core\Authentication;
   7 use Friendica\Core\Addon;
   8 use Friendica\Core\L10n;
   9 use Friendica\Core\Renderer;
  10 use Friendica\Core\System;
  11 use Friendica\Database\DBA;
  12
  13 require_once "include/text.php";
  14
  15 function manage_post(App $a) {
  16
  17         if (! local_user()) {
  18                 return;
  19         }
  20
  21         $uid = local_user();
  22         $orig_record = $a->user;
  23
  24         if(!empty($_SESSION['submanage'])) {
  25                 $r = q("select * from user where uid = %d limit 1",
  26                         intval($_SESSION['submanage'])
  27                 );
  28                 if (DBA::isResult($r)) {
  29                         $uid = intval($r[0]['uid']);
  30                         $orig_record = $r[0];
  31                 }
  32         }
  33
  34         $r = q("SELECT * FROM `manage` WHERE `uid` = %d",
  35                 intval($uid)
  36         );
  37
  38         $submanage = $r;
  39
  40         $identity = (!empty($_POST['identity']) ? intval($_POST['identity']) : 0);
  41         if (!$identity) {
  42                 return;
  43         }
  44
  45         $limited_id = 0;
  46         $original_id = $uid;
  47
  48         if (DBA::isResult($submanage)) {
  49                 foreach ($submanage as $m) {
  50                         if ($identity == $m['mid']) {
  51                                 $limited_id = $m['mid'];
  52                                 break;
  53                         }
  54                 }
  55         }
  56
  57         if ($limited_id) {
  58                 $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  59                         intval($limited_id)
  60                 );
  61         } else {
  62                 // Check if the target user is one of our children
  63                 $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
  64                         intval($identity),
  65                         DBA::escape($orig_record['uid'])
  66                 );
  67
  68                 // Check if the target user is one of our siblings
  69                 if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0)) {
  70                         $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
  71                                 intval($identity),
  72                                 DBA::escape($orig_record['parent-uid'])
  73                         );
  74                 }
  75
  76                 // Check if it's our parent
  77                 if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0) && ($orig_record['parent-uid'] == $identity)) {
  78                         $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  79                                 intval($identity)
  80                         );
  81                 }
  82
  83                 // Finally check if it's out own user
  84                 if (!DBA::isResult($r) && ($orig_record['uid'] != 0) && ($orig_record['uid'] == $identity)) {
  85                         $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  86                                 intval($identity)
  87                         );
  88                 }
  89         }
  90
  91         if (!DBA::isResult($r)) {
  92                 return;
  93         }
  94
  95         unset($_SESSION['authenticated']);
  96         unset($_SESSION['uid']);
  97         unset($_SESSION['visitor_id']);
  98         unset($_SESSION['administrator']);
  99         unset($_SESSION['cid']);
 100         unset($_SESSION['theme']);
 101         unset($_SESSION['mobile-theme']);
 102         unset($_SESSION['page_flags']);
 103         unset($_SESSION['return_path']);
 104         if (!empty($_SESSION['submanage'])) {
 105                 unset($_SESSION['submanage']);
 106         }
 107         if (!empty($_SESSION['sysmsg'])) {
 108                 unset($_SESSION['sysmsg']);
 109         }
 110         if (!empty($_SESSION['sysmsg_info'])) {
 111                 unset($_SESSION['sysmsg_info']);
 112         }
 113
 114         Authentication::setAuthenticatedSessionForUser($r[0], true, true);
 115
 116         if ($limited_id) {
 117                 $_SESSION['submanage'] = $original_id;
 118         }
 119
 120         $ret = [];
 121         Addon::callHooks('home_init',$ret);
 122
 123         $a->internalRedirect('profile/' . $a->user['nickname'] );
 124         // NOTREACHED
 125 }
 126
 127
 128
 129 function manage_content(App $a) {
 130
 131         if (! local_user()) {
 132                 notice(L10n::t('Permission denied.') . EOL);
 133                 return;
 134         }
 135
 136         if (!empty($_GET['identity'])) {
 137                 $_POST['identity'] = $_GET['identity'];
 138                 manage_post($a);
 139                 return;
 140         }
 141
 142         $identities = $a->identities;
 143
 144         //getting additinal information for each identity
 145         foreach ($identities as $key=>$id) {
 146                 $thumb = q("SELECT `thumb` FROM `contact` WHERE `uid` = '%s' AND `self` = 1",
 147                         DBA::escape($id['uid'])
 148                 );
 149
 150                 $identities[$key]['thumb'] = $thumb[0]['thumb'];
 151
 152                 $identities[$key]['selected'] = ($id['nickname'] === $a->user['nickname']);
 153
 154                 $notifications = 0;
 155
 156                 $r = q("SELECT DISTINCT(`parent`) FROM `notify` WHERE `uid` = %d AND NOT `seen` AND NOT (`type` IN (%d, %d))",
 157                         intval($id['uid']), intval(NOTIFY_INTRO), intval(NOTIFY_MAIL));
 158
 159                 if (DBA::isResult($r)) {
 160                         $notifications = sizeof($r);
 161                 }
 162
 163                 $r = q("SELECT DISTINCT(`convid`) FROM `mail` WHERE `uid` = %d AND NOT `seen`",
 164                         intval($id['uid']));
 165
 166                 if (DBA::isResult($r)) {
 167                         $notifications = $notifications + sizeof($r);
 168                 }
 169
 170                 $r = q("SELECT COUNT(*) AS `introductions` FROM `intro` WHERE NOT `blocked` AND NOT `ignore` AND `uid` = %d",
 171                         intval($id['uid']));
 172
 173                 if (DBA::isResult($r)) {
 174                         $notifications = $notifications + $r[0]["introductions"];
 175                 }
 176
 177                 $identities[$key]['notifications'] = $notifications;
 178         }
 179
 180         $o = Renderer::replaceMacros(Renderer::getMarkupTemplate('manage.tpl'), [
 181                 '$title' => L10n::t('Manage Identities and/or Pages'),
 182                 '$desc' => L10n::t('Toggle between different identities or community/group pages which share your account details or which you have been granted "manage" permissions'),
 183                 '$choose' => L10n::t('Select an identity to manage: '),
 184                 '$identities' => $identities,
 185                 '$submit' => L10n::t('Submit'),
 186         ]);
 187
 188         return $o;
 189
 190 }