X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsecurity.php;h=fa698c1b1a62aeb48e5ea9953507eb3c6fec0e81;hb=8039ad0e2318c28a22f87c31dbbdb3165f1ef058;hp=cb4587fbdaf4e904def5679c4ff589eda714fe83;hpb=93143702ed5fe88c0fce77d778d86ec651d4331e;p=friendica.git diff --git a/include/security.php b/include/security.php index cb4587fbda..fa698c1b1a 100644 --- a/include/security.php +++ b/include/security.php @@ -36,31 +36,31 @@ function authenticate_success($user_record, $login_initial = false, $interactive $a->timezone = $a->user['timezone']; } - $master_record = $a->user; + $master_record = $a->user; if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) { $r = q("select * from user where uid = %d limit 1", intval($_SESSION['submanage']) ); - if(count($r)) + if (dbm::is_result($r)) $master_record = $r[0]; } - $r = q("SELECT `uid`,`username`,`nickname` FROM `user` WHERE `password` = '%s' AND `email` = '%s'", + $r = q("SELECT `uid`,`username`,`nickname` FROM `user` WHERE `password` = '%s' AND `email` = '%s' AND `account_removed` = 0 ", dbesc($master_record['password']), dbesc($master_record['email']) ); - if($r && count($r)) + if (dbm::is_result($r)) $a->identities = $r; else $a->identities = array(); - $r = q("select `user`.`uid`, `user`.`username`, `user`.`nickname` - from manage left join user on manage.mid = user.uid - where `manage`.`uid` = %d", + $r = q("select `user`.`uid`, `user`.`username`, `user`.`nickname` + from manage INNER JOIN user on manage.mid = user.uid where `user`.`account_removed` = 0 + and `manage`.`uid` = %d", intval($master_record['uid']) ); - if($r && count($r)) + if (dbm::is_result($r)) $a->identities = array_merge($a->identities,$r); if($login_initial) @@ -70,7 +70,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid'])); - if(count($r)) { + if (dbm::is_result($r)) { $a->contact = $r[0]; $a->cid = $r[0]['id']; $_SESSION['cid'] = $a->cid; @@ -79,13 +79,20 @@ function authenticate_success($user_record, $login_initial = false, $interactive header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"'); if($login_initial || $login_refresh) { - $l = get_browser_language(); - q("UPDATE `user` SET `login_date` = '%s', `language` = '%s' WHERE `uid` = %d LIMIT 1", + q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d", dbesc(datetime_convert()), - dbesc($l), intval($_SESSION['uid']) ); + + // Set the login date for all identities of the user + q("UPDATE `user` SET `login_date` = '%s' WHERE `password` = '%s' AND `email` = '%s' AND `account_removed` = 0", + dbesc(datetime_convert()), + dbesc($master_record['password']), + dbesc($master_record['email']) + ); + + } if($login_initial) { call_hooks('logged_in', $a->user); @@ -139,7 +146,7 @@ function can_write_wall(&$a,$owner) { return false; - $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` INNER JOIN `user` on `user`.`uid` = `contact`.`uid` WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", intval($owner), @@ -149,7 +156,7 @@ function can_write_wall(&$a,$owner) { intval(PAGE_COMMUNITY) ); - if(count($r)) { + if (dbm::is_result($r)) { $verified = 2; return true; } @@ -203,13 +210,13 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { intval($remote_user), intval($owner_id) ); - if(count($r)) { + if (dbm::is_result($r)) { $remote_verified = true; $groups = init_groups_visitor($remote_user); } } if($remote_verified) { - + $gs = '<<>>'; // should be impossible to match if(is_array($groups) && count($groups)) { @@ -255,11 +262,11 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * default permissions - anonymous user */ - $sql = " AND allow_cid = '' - AND allow_gid = '' - AND deny_cid = '' - AND deny_gid = '' - AND private = 0 + $sql = " AND `item`.allow_cid = '' + AND `item`.allow_gid = '' + AND `item`.deny_cid = '' + AND `item`.deny_gid = '' + AND `item`.private = 0 "; /** @@ -285,13 +292,13 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) intval($remote_user), intval($owner_id) ); - if(count($r)) { + if (dbm::is_result($r)) { $remote_verified = true; $groups = init_groups_visitor($remote_user); } } if($remote_verified) { - + $gs = '<<>>'; // should be impossible to match if(is_array($groups) && count($groups)) { @@ -310,9 +317,9 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) dbesc($gs), dbesc($gs) */ - " AND ( private = 0 OR ( private in (1,2) AND wall = 1 - AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s') - AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = ''))))) + " AND ( `item`.private = 0 OR ( `item`.private in (1,2) AND `item`.`wall` = 1 + AND ( NOT (`item`.deny_cid REGEXP '<%d>' OR `item`.deny_gid REGEXP '%s') + AND ( `item`.allow_cid REGEXP '<%d>' OR `item`.allow_gid REGEXP '%s' OR ( `item`.allow_cid = '' AND `item`.allow_gid = ''))))) ", intval($remote_user), dbesc($gs), @@ -396,7 +403,7 @@ function init_groups_visitor($contact_id) { WHERE `contact-id` = %d ", intval($contact_id) ); - if(count($r)) { + if (dbm::is_result($r)) { foreach($r as $rr) $groups[] = $rr['gid']; }