mod/manage.php

   1 <?php
   2 /**
   3  * @file mod/manage.php
   4  */
   5 use Friendica\App;
   6 use Friendica\Core\Authentication;
   7 use Friendica\Core\Addon;
   8 use Friendica\Core\L10n;
   9 use Friendica\Core\System;
  10 use Friendica\Database\DBA;
  11
  12 require_once "include/text.php";
  13
  14 function manage_post(App $a) {
  15
  16         if (! local_user()) {
  17                 return;
  18         }
  19
  20         $uid = local_user();
  21         $orig_record = $a->user;
  22
  23         if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) {
  24                 $r = q("select * from user where uid = %d limit 1",
  25                         intval($_SESSION['submanage'])
  26                 );
  27                 if (DBA::isResult($r)) {
  28                         $uid = intval($r[0]['uid']);
  29                         $orig_record = $r[0];
  30                 }
  31         }
  32
  33         $r = q("SELECT * FROM `manage` WHERE `uid` = %d",
  34                 intval($uid)
  35         );
  36
  37         $submanage = $r;
  38
  39         $identity = (x($_POST['identity']) ? intval($_POST['identity']) : 0);
  40         if (!$identity) {
  41                 return;
  42         }
  43
  44         $limited_id = 0;
  45         $original_id = $uid;
  46
  47         if (DBA::isResult($submanage)) {
  48                 foreach ($submanage as $m) {
  49                         if ($identity == $m['mid']) {
  50                                 $limited_id = $m['mid'];
  51                                 break;
  52                         }
  53                 }
  54         }
  55
  56         if ($limited_id) {
  57                 $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  58                         intval($limited_id)
  59                 );
  60         } else {
  61                 // Check if the target user is one of our children
  62                 $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
  63                         intval($identity),
  64                         DBA::escape($orig_record['uid'])
  65                 );
  66
  67                 // Check if the target user is one of our siblings
  68                 if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0)) {
  69                         $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
  70                                 intval($identity),
  71                                 DBA::escape($orig_record['parent-uid'])
  72                         );
  73                 }
  74
  75                 // Check if it's our parent
  76                 if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0) && ($orig_record['parent-uid'] == $identity)) {
  77                         $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  78                                 intval($identity)
  79                         );
  80                 }
  81
  82                 // Finally check if it's out own user
  83                 if (!DBA::isResult($r) && ($orig_record['uid'] != 0) && ($orig_record['uid'] == $identity)) {
  84                         $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  85                                 intval($identity)
  86                         );
  87                 }
  88         }
  89
  90         if (!DBA::isResult($r)) {
  91                 return;
  92         }
  93
  94         unset($_SESSION['authenticated']);
  95         unset($_SESSION['uid']);
  96         unset($_SESSION['visitor_id']);
  97         unset($_SESSION['administrator']);
  98         unset($_SESSION['cid']);
  99         unset($_SESSION['theme']);
 100         unset($_SESSION['mobile-theme']);
 101         unset($_SESSION['page_flags']);
 102         unset($_SESSION['return_url']);
 103         if (x($_SESSION, 'submanage')) {
 104                 unset($_SESSION['submanage']);
 105         }
 106         if (x($_SESSION, 'sysmsg')) {
 107                 unset($_SESSION['sysmsg']);
 108         }
 109         if (x($_SESSION, 'sysmsg_info')) {
 110                 unset($_SESSION['sysmsg_info']);
 111         }
 112
 113         Authentication::setAuthenticatedSessionForUser($r[0], true, true);
 114
 115         if ($limited_id) {
 116                 $_SESSION['submanage'] = $original_id;
 117         }
 118
 119         $ret = [];
 120         Addon::callHooks('home_init',$ret);
 121
 122         goaway( System::baseUrl() . "/profile/" . $a->user['nickname'] );
 123         // NOTREACHED
 124 }
 125
 126
 127
 128 function manage_content(App $a) {
 129
 130         if (! local_user()) {
 131                 notice(L10n::t('Permission denied.') . EOL);
 132                 return;
 133         }
 134
 135         if (!empty($_GET['identity'])) {
 136                 $_POST['identity'] = $_GET['identity'];
 137                 manage_post($a);
 138                 return;
 139         }
 140
 141         $identities = $a->identities;
 142
 143         //getting additinal information for each identity
 144         foreach ($identities as $key=>$id) {
 145                 $thumb = q("SELECT `thumb` FROM `contact` WHERE `uid` = '%s' AND `self` = 1",
 146                         DBA::escape($id['uid'])
 147                 );
 148
 149                 $identities[$key]['thumb'] = $thumb[0]['thumb'];
 150
 151                 $identities[$key]['selected'] = ($id['nickname'] === $a->user['nickname']);
 152
 153                 $notifications = 0;
 154
 155                 $r = q("SELECT DISTINCT(`parent`) FROM `notify` WHERE `uid` = %d AND NOT `seen` AND NOT (`type` IN (%d, %d))",
 156                         intval($id['uid']), intval(NOTIFY_INTRO), intval(NOTIFY_MAIL));
 157
 158                 if (DBA::isResult($r)) {
 159                         $notifications = sizeof($r);
 160                 }
 161
 162                 $r = q("SELECT DISTINCT(`convid`) FROM `mail` WHERE `uid` = %d AND NOT `seen`",
 163                         intval($id['uid']));
 164
 165                 if (DBA::isResult($r)) {
 166                         $notifications = $notifications + sizeof($r);
 167                 }
 168
 169                 $r = q("SELECT COUNT(*) AS `introductions` FROM `intro` WHERE NOT `blocked` AND NOT `ignore` AND `uid` = %d",
 170                         intval($id['uid']));
 171
 172                 if (DBA::isResult($r)) {
 173                         $notifications = $notifications + $r[0]["introductions"];
 174                 }
 175
 176                 $identities[$key]['notifications'] = $notifications;
 177         }
 178
 179         $o = replace_macros(get_markup_template('manage.tpl'), [
 180                 '$title' => L10n::t('Manage Identities and/or Pages'),
 181                 '$desc' => L10n::t('Toggle between different identities or community/group pages which share your account details or which you have been granted "manage" permissions'),
 182                 '$choose' => L10n::t('Select an identity to manage: '),
 183                 '$identities' => $identities,
 184                 '$submit' => L10n::t('Submit'),
 185         ]);
 186
 187         return $o;
 188
 189 }