<?php
/**
- * @copyright Copyright (C) 2010-2022, the Friendica project
+ * @copyright Copyright (C) 2010-2023, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
BaseModule::checkFormSecurityTokenRedirectOnError('settings/delegation', 'delegate');
- $parent_uid = (int)$_POST['parent_user'] ?? 0;
- $parent_password = $_POST['parent_password'] ?? '';
+ $parent_uid = $request['parent_user'] ?? null;
+ $parent_password = $request['parent_password'] ?? '';
- if ($parent_uid != 0) {
+ if ($parent_uid) {
try {
+ // An integer value will trigger the direct user query on uid in User::getAuthenticationInfo
+ $parent_uid = (int)$parent_uid;
User::getIdFromPasswordAuthentication($parent_uid, $parent_password);
DI::sysmsg()->addInfo(DI::l10n()->t('Delegation successfully granted.'));
} catch (\Exception $ex) {
$user_id = $args->get(3);
if ($action === 'add' && $user_id) {
- if (DI::session()->get('submanage')) {
+ if (DI::userSession()->getSubManagedUserId()) {
DI::sysmsg()->addNotice(DI::l10n()->t('Delegated administrators can view but not change delegation permissions.'));
DI::baseUrl()->redirect('settings/delegation');
}
}
if ($action === 'remove' && $user_id) {
- if (DI::session()->get('submanage')) {
+ if (DI::userSession()->getSubManagedUserId()) {
DI::sysmsg()->addNotice(DI::l10n()->t('Delegated administrators can view but not change delegation permissions.'));
DI::baseUrl()->redirect('settings/delegation');
}
$parents = [0 => DI::l10n()->t('No parent user')];
$fields = ['uid', 'username', 'nickname'];
- $condition = ['email' => $user['email'], 'verified' => true, 'blocked' => false, 'parent-uid' => 0];
+ $condition = ['email' => $user['email'], 'verified' => true, 'blocked' => false, 'parent-uid' => null];
$parent_users = DBA::selectToArray('user', $fields, $condition);
foreach($parent_users as $parent) {
if ($parent['uid'] != DI::userSession()->getLocalUserId()) {