Merge pull request #4729 from MrPetovan/task/4604-add-password-exposed-check

[friendica.git] / include / security.php

diff --git a/include/security.php b/include/security.php
index 00115429388ffad097e6efa37dcba0a7029ab84b..af424df26c65c6122ff76a2070c936b426cdc46d 100644 (file)
--- a/include/security.php
+++ b/include/security.php
@@ -2,7 +2,7 @@
 /**
  * @file include/security.php
  */
-use Friendica\App;
+
 use Friendica\Core\Addon;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
@@ -10,6 +10,7 @@ use Friendica\Core\PConfig;
 use Friendica\Core\System;
 use Friendica\Database\DBM;
 use Friendica\Model\Group;
+use Friendica\Util\DateTimeFormat;
 
 /**
  * @brief Calculate the hash that is needed for the "Friendica" cookie
@@ -106,12 +107,35 @@ function authenticate_success($user_record, $login_initial = false, $interactive
                }
        }
 
-       $r = dba::select('user', ['uid', 'username', 'nickname'],
-               ['password' => $master_record['password'], 'email' => $master_record['email'], 'account_removed' => false]);
-       if (DBM::is_result($r)) {
-               $a->identities = dba::inArray($r);
+       if ($master_record['parent-uid'] == 0) {
+               // First add our own entry
+               $a->identities = [['uid' => $master_record['uid'],
+                               'username' => $master_record['username'],
+                               'nickname' => $master_record['nickname']]];
+
+               // Then add all the children
+               $r = dba::select('user', ['uid', 'username', 'nickname'],
+                       ['parent-uid' => $master_record['uid'], 'account_removed' => false]);
+               if (DBM::is_result($r)) {
+                       $a->identities = array_merge($a->identities, dba::inArray($r));
+               }
        } else {
+               // Just ensure that the array is always defined
                $a->identities = [];
+
+               // First entry is our parent
+               $r = dba::select('user', ['uid', 'username', 'nickname'],
+                       ['uid' => $master_record['parent-uid'], 'account_removed' => false]);
+               if (DBM::is_result($r)) {
+                       $a->identities = dba::inArray($r);
+               }
+
+               // Then add all siblings
+               $r = dba::select('user', ['uid', 'username', 'nickname'],
+                       ['parent-uid' => $master_record['parent-uid'], 'account_removed' => false]);
+               if (DBM::is_result($r)) {
+                       $a->identities = array_merge($a->identities, dba::inArray($r));
+               }
        }
 
        $r = dba::p("SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
@@ -141,11 +165,11 @@ function authenticate_success($user_record, $login_initial = false, $interactive
        header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] . '"');
 
        if ($login_initial || $login_refresh) {
-               dba::update('user', ['login_date' => datetime_convert()], ['uid' => $_SESSION['uid']]);
+               dba::update('user', ['login_date' => DateTimeFormat::utcNow()], ['uid' => $_SESSION['uid']]);
 
                // Set the login date for all identities of the user
-               dba::update('user', ['login_date' => datetime_convert()],
-                       ['password' => $master_record['password'], 'email' => $master_record['email'], 'account_removed' => false]);
+               dba::update('user', ['login_date' => DateTimeFormat::utcNow()],
+                       ['parent-uid' => $master_record['uid'], 'account_removed' => false]);
        }
 
        if ($login_initial) {