X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsecurity.php;h=768d7c82d45934310a7122b1ca94e56c2e437f0c;hb=0b38f1c58b822ac1ec5a199de00f0a0631c01a61;hp=e8a03ad0fe9dfebd37525c9226c1830322521bae;hpb=43ab1b2cf2d462938f58861a03fec673e5a65b9f;p=friendica.git

diff --git a/include/security.php b/include/security.php
index e8a03ad0fe..768d7c82d4 100644
--- a/include/security.php
+++ b/include/security.php
@@ -41,7 +41,7 @@ function new_cookie($time, $user = [])
 	if ($user) {
 		$value = json_encode(["uid" => $user["uid"],
 			"hash" => cookie_hash($user),
-			"ip" => $_SERVER['REMOTE_ADDR']]);
+			"ip" => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0')]);
 	} else {
 		$value = "";
 	}
@@ -70,7 +70,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 	$_SESSION['page_flags'] = $user_record['page-flags'];
 	$_SESSION['my_url'] = System::baseUrl() . '/profile/' . $user_record['nickname'];
 	$_SESSION['my_address'] = $user_record['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3);
-	$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
+	$_SESSION['addr'] = defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0');
 
 	$a->user = $user_record;
 
@@ -171,12 +171,14 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 	}
 
 	if ($login_initial) {
-		// If the user specified to remember the authentication, then set a cookie
-		// that expires after one week (the default is when the browser is closed).
-		// The cookie will be renewed automatically.
-		// The week ensures that sessions will expire after some inactivity.
+		/*
+		 * If the user specified to remember the authentication, then set a cookie
+		 * that expires after one week (the default is when the browser is closed).
+		 * The cookie will be renewed automatically.
+		 * The week ensures that sessions will expire after some inactivity.
+		 */
 		if ($_SESSION['remember']) {
-			logger('Injecting cookie for remembered user ' . $_SESSION['remember_user']['nickname']);
+			logger('Injecting cookie for remembered user ' . $a->user['nickname']);
 			new_cookie(604800, $user_record);
 			unset($_SESSION['remember']);
 		}
@@ -204,6 +206,10 @@ function can_write_wall($owner)
 		return true;
 	}
 
+	if (local_user() && ($owner == 0)) {
+		return true;
+	}
+
 	if (remote_user()) {
 		// use remembered decision and avoid a DB lookup for each and every display item
 		// DO NOT use this function if there are going to be multiple owners
@@ -339,7 +345,7 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul
 			 AND `item`.allow_gid = ''
 			 AND `item`.deny_cid  = ''
 			 AND `item`.deny_gid  = ''
-			 AND `item`.private = 0
+			 AND `item`.private != 1
 	";
 
 	// Profile owner - everything is visible