some testbubble stuff

[friendica.git] / include / security.php

diff --git a/include/security.php b/include/security.php
old mode 100644 (file)
new mode 100755 (executable)
index f3f16e1..6b8128b
--- a/include/security.php
+++ b/include/security.php
@@ -34,13 +34,35 @@ function authenticate_success($user_record, $login_initial = false, $interactive
                $a->timezone = $a->user['timezone'];
        }
 
-       $r = q("SELECT `uid`,`username` FROM `user` WHERE `password` = '%s' AND `email` = '%s'",
-               dbesc($a->user['password']),
-               dbesc($a->user['email'])
+       $master_record = $a->user;      
+
+       if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) {
+               $r = q("select * from user where uid = %d limit 1",
+                       intval($_SESSION['submanage'])
+               );
+               if(count($r))
+                       $master_record = $r[0];
+       }
+
+       $r = q("SELECT `uid`,`username`,`nickname` FROM `user` WHERE `password` = '%s' AND `email` = '%s'",
+               dbesc($master_record['password']),
+               dbesc($master_record['email'])
        );
-       if(count($r))
+       if($r && count($r))
                $a->identities = $r;
+       else
+               $a->identities = array();
 
+       $r = q("select `user`.`uid`, `user`.`username`, `user`.`nickname` 
+               from manage left join user on manage.mid = user.uid 
+               where `manage`.`uid` = %d",
+               intval($master_record['uid'])
+       );
+       if($r && count($r))
+               $a->identities = array_merge($a->identities,$r);
+
+       if($login_initial)
+               logger('auth_identities: ' . print_r($a->identities,true), LOGGER_DEBUG);
 
        $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
                intval($_SESSION['uid']));
@@ -86,14 +108,18 @@ function can_write_wall(&$a,$owner) {
 
        if(remote_user()) {
 
-               // user remembered decision and avoid a DB lookup for each and every display item
+               // use remembered decision and avoid a DB lookup for each and every display item
                // DO NOT use this function if there are going to be multiple owners
 
+               // We have a contact-id for an authenticated remote user, this block determines if the contact
+               // belongs to this page owner, and has the necessary permissions to post content
+
                if($verified === 2)
                        return true;
                elseif($verified === 1)
                        return false;
                else {
+
                        $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` 
                                WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 
                                AND `user`.`blockwall` = 0 AND `readonly` = 0  AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
@@ -103,6 +129,7 @@ function can_write_wall(&$a,$owner) {
                                intval(CONTACT_IS_FRIEND),
                                intval(PAGE_COMMUNITY)
                        );
+
                        if(count($r)) {
                                $verified = 2;
                                return true;