X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fmanage.php;h=0f60e704e4d299e5566dc044e9ce92646a4d48d9;hb=5743bb0daec2f91f06689c84a69c8d7315311c51;hp=10fc7c7e64e859bf737b4a0dd1acd9819042358f;hpb=b5b3451b31b7a45595345baf77e78a144426cc5c;p=friendica.git

diff --git a/mod/manage.php b/mod/manage.php
index 10fc7c7e64..0f60e704e4 100644
--- a/mod/manage.php
+++ b/mod/manage.php
@@ -1,7 +1,14 @@
 <?php
+/**
+ * @file mod/manage.php
+ */
+use Friendica\App;
+use Friendica\Core\Addon;
+use Friendica\Core\L10n;
+use Friendica\Core\System;
+use Friendica\Database\DBM;
 
-require_once("include/text.php");
-
+require_once "include/text.php";
 
 function manage_post(App $a) {
 
@@ -16,48 +23,70 @@ function manage_post(App $a) {
 		$r = q("select * from user where uid = %d limit 1",
 			intval($_SESSION['submanage'])
 		);
-		if (dbm::is_result($r)) {
+		if (DBM::is_result($r)) {
 			$uid = intval($r[0]['uid']);
 			$orig_record = $r[0];
 		}
 	}
 
-	$r = q("select * from manage where uid = %d",
+	$r = q("SELECT * FROM `manage` WHERE `uid` = %d",
 		intval($uid)
 	);
 
 	$submanage = $r;
 
-	$identity = ((x($_POST['identity'])) ? intval($_POST['identity']) : 0);
-	if(! $identity)
+	$identity = (x($_POST['identity']) ? intval($_POST['identity']) : 0);
+	if (!$identity) {
 		return;
+	}
 
 	$limited_id = 0;
 	$original_id = $uid;
 
-	if(count($submanage)) {
-		foreach($submanage as $m) {
-			if($identity == $m['mid']) {
+	if (DBM::is_result($submanage)) {
+		foreach ($submanage as $m) {
+			if ($identity == $m['mid']) {
 				$limited_id = $m['mid'];
 				break;
 			}
 		}
 	}
 
-	if($limited_id) {
+	if ($limited_id) {
 		$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
 			intval($limited_id)
 		);
-	}
-	else {
-		$r = q("SELECT * FROM `user` WHERE `uid` = %d AND `email` = '%s' AND `password` = '%s' LIMIT 1",
+	} else {
+		// Check if the target user is one of our children
+		$r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
 			intval($identity),
-			dbesc($orig_record['email']),
-			dbesc($orig_record['password'])
+			dbesc($orig_record['uid'])
 		);
+
+		// Check if the target user is one of our siblings
+		if (!DBM::is_result($r) && ($orig_record['parent-uid'] != 0)) {
+			$r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
+				intval($identity),
+				dbesc($orig_record['parent-uid'])
+			);
+		}
+
+		// Check if it's our parent
+		if (!DBM::is_result($r) && ($orig_record['parent-uid'] != 0) && ($orig_record['parent-uid'] == $identity)) {
+			$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
+				intval($identity)
+			);
+		}
+
+		// Finally check if it's out own user
+		if (!DBM::is_result($r) && ($orig_record['uid'] != 0) && ($orig_record['uid'] == $identity)) {
+			$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
+				intval($identity)
+			);
+		}
 	}
 
-	if (! dbm::is_result($r)) {
+	if (!DBM::is_result($r)) {
 		return;
 	}
 
@@ -70,12 +99,13 @@ function manage_post(App $a) {
 	unset($_SESSION['mobile-theme']);
 	unset($_SESSION['page_flags']);
 	unset($_SESSION['return_url']);
-	if(x($_SESSION,'submanage'))
+	if (x($_SESSION, 'submanage')) {
 		unset($_SESSION['submanage']);
-	if (x($_SESSION,'sysmsg')) {
+	}
+	if (x($_SESSION, 'sysmsg')) {
 		unset($_SESSION['sysmsg']);
 	}
-	if (x($_SESSION,'sysmsg_info')) {
+	if (x($_SESSION, 'sysmsg_info')) {
 		unset($_SESSION['sysmsg_info']);
 	}
 
@@ -86,10 +116,10 @@ function manage_post(App $a) {
 		$_SESSION['submanage'] = $original_id;
 	}
 
-	$ret = array();
-	call_hooks('home_init',$ret);
+	$ret = [];
+	Addon::callHooks('home_init',$ret);
 
-	goaway( App::get_baseurl() . "/profile/" . $a->user['nickname'] );
+	goaway( System::baseUrl() . "/profile/" . $a->user['nickname'] );
 	// NOTREACHED
 }
 
@@ -98,7 +128,7 @@ function manage_post(App $a) {
 function manage_content(App $a) {
 
 	if (! local_user()) {
-		notice( t('Permission denied.') . EOL);
+		notice(L10n::t('Permission denied.') . EOL);
 		return;
 	}
 
@@ -125,34 +155,34 @@ function manage_content(App $a) {
 		$r = q("SELECT DISTINCT(`parent`) FROM `notify` WHERE `uid` = %d AND NOT `seen` AND NOT (`type` IN (%d, %d))",
 			intval($id['uid']), intval(NOTIFY_INTRO), intval(NOTIFY_MAIL));
 
-		if (dbm::is_result($r)) {
+		if (DBM::is_result($r)) {
 			$notifications = sizeof($r);
 		}
 
 		$r = q("SELECT DISTINCT(`convid`) FROM `mail` WHERE `uid` = %d AND NOT `seen`",
 			intval($id['uid']));
 
-		if (dbm::is_result($r)) {
+		if (DBM::is_result($r)) {
 			$notifications = $notifications + sizeof($r);
 		}
 
 		$r = q("SELECT COUNT(*) AS `introductions` FROM `intro` WHERE NOT `blocked` AND NOT `ignore` AND `uid` = %d",
 			intval($id['uid']));
 
-		if (dbm::is_result($r)) {
+		if (DBM::is_result($r)) {
 			$notifications = $notifications + $r[0]["introductions"];
 		}
 
 		$identities[$key]['notifications'] = $notifications;
 	}
 
-	$o = replace_macros(get_markup_template('manage.tpl'), array(
-		'$title' => t('Manage Identities and/or Pages'),
-		'$desc' => t('Toggle between different identities or community/group pages which share your account details or which you have been granted "manage" permissions'),
-		'$choose' => t('Select an identity to manage: '),
+	$o = replace_macros(get_markup_template('manage.tpl'), [
+		'$title' => L10n::t('Manage Identities and/or Pages'),
+		'$desc' => L10n::t('Toggle between different identities or community/group pages which share your account details or which you have been granted "manage" permissions'),
+		'$choose' => L10n::t('Select an identity to manage: '),
 		'$identities' => $identities,
-		'$submit' => t('Submit'),
-	));
+		'$submit' => L10n::t('Submit'),
+	]);
 
 	return $o;