X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsecurity.php;h=b52ddeb2dfa49f6124b78ffe234d898268b80b19;hb=20f987e81434d6bc3f7763c43f76fe7eb75e3e5b;hp=9f160e7884cbada1f9691d362eb936604ba491f9;hpb=133ef9155d519f255bcfc48532542c426a5d6505;p=friendica.git diff --git a/include/security.php b/include/security.php index 9f160e7884..b52ddeb2df 100644 --- a/include/security.php +++ b/include/security.php @@ -36,7 +36,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive $a->timezone = $a->user['timezone']; } - $master_record = $a->user; + $master_record = $a->user; if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) { $r = q("select * from user where uid = %d limit 1", @@ -55,8 +55,8 @@ function authenticate_success($user_record, $login_initial = false, $interactive else $a->identities = array(); - $r = q("select `user`.`uid`, `user`.`username`, `user`.`nickname` - from manage left join user on manage.mid = user.uid where `user`.`account_removed` = 0 + $r = q("select `user`.`uid`, `user`.`username`, `user`.`nickname` + from manage INNER JOIN user on manage.mid = user.uid where `user`.`account_removed` = 0 and `manage`.`uid` = %d", intval($master_record['uid']) ); @@ -79,13 +79,20 @@ function authenticate_success($user_record, $login_initial = false, $interactive header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"'); if($login_initial || $login_refresh) { - $l = get_browser_language(); - q("UPDATE `user` SET `login_date` = '%s', `language` = '%s' WHERE `uid` = %d LIMIT 1", + q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d", dbesc(datetime_convert()), - dbesc($l), intval($_SESSION['uid']) ); + + // Set the login date for all identities of the user + q("UPDATE `user` SET `login_date` = '%s' WHERE `password` = '%s' AND `email` = '%s' AND `account_removed` = 0", + dbesc(datetime_convert()), + dbesc($master_record['password']), + dbesc($master_record['email']) + ); + + } if($login_initial) { call_hooks('logged_in', $a->user); @@ -139,7 +146,7 @@ function can_write_wall(&$a,$owner) { return false; - $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` INNER JOIN `user` on `user`.`uid` = `contact`.`uid` WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", intval($owner), @@ -209,7 +216,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { } } if($remote_verified) { - + $gs = '<<>>'; // should be impossible to match if(is_array($groups) && count($groups)) { @@ -255,11 +262,11 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * default permissions - anonymous user */ - $sql = " AND allow_cid = '' - AND allow_gid = '' - AND deny_cid = '' - AND deny_gid = '' - AND private = 0 + $sql = " AND `item`.allow_cid = '' + AND `item`.allow_gid = '' + AND `item`.deny_cid = '' + AND `item`.deny_gid = '' + AND `item`.private = 0 "; /** @@ -291,7 +298,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) } } if($remote_verified) { - + $gs = '<<>>'; // should be impossible to match if(is_array($groups) && count($groups)) { @@ -310,9 +317,9 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) dbesc($gs), dbesc($gs) */ - " AND ( private = 0 OR ( private in (1,2) AND wall = 1 - AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s') - AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = ''))))) + " AND ( `item`.private = 0 OR ( `item`.private in (1,2) AND `item`.`wall` = 1 + AND ( NOT (`item`.deny_cid REGEXP '<%d>' OR `item`.deny_gid REGEXP '%s') + AND ( `item`.allow_cid REGEXP '<%d>' OR `item`.allow_gid REGEXP '%s' OR ( `item`.allow_cid = '' AND `item`.allow_gid = ''))))) ", intval($remote_user), dbesc($gs),