X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsecurity.php;h=9cff6707877e997616bbe206c973493076aa4689;hb=e0ecbd0b95454ed2ff4b0082b41d388d2938e3ae;hp=bcfddf8872cab6c909f0e8999dfc3800a25543d0;hpb=b02cdc8a7f84a4931e80027de42a80daa58581e1;p=friendica.git

diff --git a/include/security.php b/include/security.php
index bcfddf8872..9cff670787 100644
--- a/include/security.php
+++ b/include/security.php
@@ -41,7 +41,7 @@ function new_cookie($time, $user = [])
 	if ($user) {
 		$value = json_encode(["uid" => $user["uid"],
 			"hash" => cookie_hash($user),
-			"ip" => $_SERVER['REMOTE_ADDR']]);
+			"ip" => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0')]);
 	} else {
 		$value = "";
 	}
@@ -70,7 +70,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 	$_SESSION['page_flags'] = $user_record['page-flags'];
 	$_SESSION['my_url'] = System::baseUrl() . '/profile/' . $user_record['nickname'];
 	$_SESSION['my_address'] = $user_record['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3);
-	$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
+	$_SESSION['addr'] = defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0');
 
 	$a->user = $user_record;
 
@@ -99,11 +99,9 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 	$master_record = $a->user;
 
 	if ((x($_SESSION, 'submanage')) && intval($_SESSION['submanage'])) {
-		$r = dba::fetch_first("SELECT * FROM `user` WHERE `uid` = ? LIMIT 1",
-			intval($_SESSION['submanage'])
-		);
-		if (DBM::is_result($r)) {
-			$master_record = $r;
+		$user = dba::selectFirst('user', [], ['uid' => $_SESSION['submanage']]);
+		if (DBM::is_result($user)) {
+			$master_record = $user;
 		}
 	}
 
@@ -155,10 +153,10 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 		logger('auth_identities refresh: ' . print_r($a->identities, true), LOGGER_DEBUG);
 	}
 
-	$r = dba::fetch_first("SELECT * FROM `contact` WHERE `uid` = ? AND `self` LIMIT 1", $_SESSION['uid']);
-	if (DBM::is_result($r)) {
-		$a->contact = $r;
-		$a->cid = $r['id'];
+	$contact = dba::selectFirst('contact', [], ['uid' => $_SESSION['uid'], 'self' => true]);
+	if (DBM::is_result($contact)) {
+		$a->contact = $contact;
+		$a->cid = $contact['id'];
 		$_SESSION['cid'] = $a->cid;
 	}
 
@@ -206,6 +204,10 @@ function can_write_wall($owner)
 		return true;
 	}
 
+	if (local_user() && ($owner == 0)) {
+		return true;
+	}
+
 	if (remote_user()) {
 		// use remembered decision and avoid a DB lookup for each and every display item
 		// DO NOT use this function if there are going to be multiple owners
@@ -341,7 +343,7 @@ function item_permissions_sql($owner_id, $remote_verified = false, $groups = nul
 			 AND `item`.allow_gid = ''
 			 AND `item`.deny_cid  = ''
 			 AND `item`.deny_gid  = ''
-			 AND `item`.private = 0
+			 AND `item`.private != 1
 	";
 
 	// Profile owner - everything is visible