X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsecurity.php;h=2d6db95f4f899cd6a877198217980c27b54b7d69;hb=50c004aa5ff14a4d65fd57e4ca8231de3546b569;hp=56d4cad36fa529eb821b48692e1cb9aceef5f478;hpb=a6c05b51863c9f7215d0762e8e81e02e33bea405;p=friendica.git

diff --git a/include/security.php b/include/security.php
index 56d4cad36f..2d6db95f4f 100644
--- a/include/security.php
+++ b/include/security.php
@@ -36,7 +36,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 		$a->timezone = $a->user['timezone'];
 	}
 
-	$master_record = $a->user;	
+	$master_record = $a->user;
 
 	if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) {
 		$r = q("select * from user where uid = %d limit 1",
@@ -46,7 +46,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 			$master_record = $r[0];
 	}
 
-	$r = q("SELECT `uid`,`username`,`nickname` FROM `user` WHERE `password` = '%s' AND `email` = '%s'",
+	$r = q("SELECT `uid`,`username`,`nickname` FROM `user` WHERE `password` = '%s' AND `email` = '%s' AND `account_removed` = 0 ",
 		dbesc($master_record['password']),
 		dbesc($master_record['email'])
 	);
@@ -55,9 +55,9 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 	else
 		$a->identities = array();
 
-	$r = q("select `user`.`uid`, `user`.`username`, `user`.`nickname` 
-		from manage left join user on manage.mid = user.uid 
-		where `manage`.`uid` = %d",
+	$r = q("select `user`.`uid`, `user`.`username`, `user`.`nickname`
+		from manage INNER JOIN user on manage.mid = user.uid where `user`.`account_removed` = 0
+		and `manage`.`uid` = %d",
 		intval($master_record['uid'])
 	);
 	if($r && count($r))
@@ -81,11 +81,20 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 	if($login_initial || $login_refresh) {
 		$l = get_browser_language();
 
-		q("UPDATE `user` SET `login_date` = '%s', `language` = '%s' WHERE `uid` = %d LIMIT 1",
+		q("UPDATE `user` SET `login_date` = '%s', `language` = '%s' WHERE `uid` = %d",
 			dbesc(datetime_convert()),
 			dbesc($l),
 			intval($_SESSION['uid'])
 		);
+
+		// Set the login date for all identities of the user
+		q("UPDATE `user` SET `login_date` = '%s' WHERE `password` = '%s' AND `email` = '%s' AND `account_removed` = 0",
+			dbesc(datetime_convert()),
+			dbesc($master_record['password']),
+			dbesc($master_record['email'])
+		);
+
+
 	}
 	if($login_initial) {
 		call_hooks('logged_in', $a->user);
@@ -139,7 +148,7 @@ function can_write_wall(&$a,$owner) {
 				return false;
 
 
-			$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` 
+			$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` INNER JOIN `user` on `user`.`uid` = `contact`.`uid` 
 				WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 
 				AND `user`.`blockwall` = 0 AND `readonly` = 0  AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
 				intval($owner),
@@ -209,7 +218,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
 			}
 		}
 		if($remote_verified) {
-		
+
 			$gs = '<<>>'; // should be impossible to match
 
 			if(is_array($groups) && count($groups)) {
@@ -255,19 +264,19 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 	 * default permissions - anonymous user
 	 */
 
-	$sql = " AND allow_cid = '' 
-			 AND allow_gid = '' 
-			 AND deny_cid  = '' 
-			 AND deny_gid  = '' 
-			 AND private = 0
+	$sql = " AND `item`.allow_cid = ''
+			 AND `item`.allow_gid = ''
+			 AND `item`.deny_cid  = ''
+			 AND `item`.deny_gid  = ''
+			 AND `item`.private = 0
 	";
 
 	/**
 	 * Profile owner - everything is visible
 	 */
 
-	if(($local_user) && ($local_user == $owner_id)) {
-		$sql = ''; 
+	if($local_user && ($local_user == $owner_id)) {
+		$sql = '';
 	}
 
 	/**
@@ -291,7 +300,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 			}
 		}
 		if($remote_verified) {
-		
+
 			$gs = '<<>>'; // should be impossible to match
 
 			if(is_array($groups) && count($groups)) {
@@ -300,7 +309,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 			} 
 
 			$sql = sprintf(
-				" AND ( private = 0 OR ( private = 1 AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
+				/*" AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
 				  AND ( deny_cid  = '' OR  NOT deny_cid REGEXP '<%d>' ) 
 				  AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
 				  AND ( deny_gid  = '' OR NOT deny_gid REGEXP '%s'))) 
@@ -309,6 +318,15 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 				intval($remote_user),
 				dbesc($gs),
 				dbesc($gs)
+*/
+				" AND ( `item`.private = 0 OR ( `item`.private in (1,2) AND `item`.`wall` = 1
+				  AND ( NOT (`item`.deny_cid REGEXP '<%d>' OR `item`.deny_gid REGEXP '%s')
+				  AND ( `item`.allow_cid REGEXP '<%d>' OR `item`.allow_gid REGEXP '%s' OR ( `item`.allow_cid = '' AND `item`.allow_gid = '')))))
+				",
+				intval($remote_user),
+				dbesc($gs),
+				intval($remote_user),
+				dbesc($gs)
 			);
 		}
 	}