X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fmanage.php;h=4d0b65de1533e480dab6d1764910f5b440d9ac86;hb=acaee626f5f23f4c1dc19c31896a0797a251b58f;hp=a454d414739e0bf2bc7681ec70ab7828cedcebfd;hpb=6b44fbbda03af125035c185c964f10ce78f97610;p=friendica.git

diff --git a/mod/manage.php b/mod/manage.php
index a454d41473..4d0b65de15 100644
--- a/mod/manage.php
+++ b/mod/manage.php
@@ -3,12 +3,12 @@
  * @file mod/manage.php
  */
 use Friendica\App;
+use Friendica\Core\Authentication;
 use Friendica\Core\Addon;
 use Friendica\Core\L10n;
+use Friendica\Core\Renderer;
 use Friendica\Core\System;
-use Friendica\Database\DBM;
-
-require_once "include/text.php";
+use Friendica\Database\DBA;
 
 function manage_post(App $a) {
 
@@ -19,11 +19,11 @@ function manage_post(App $a) {
 	$uid = local_user();
 	$orig_record = $a->user;
 
-	if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) {
+	if(!empty($_SESSION['submanage'])) {
 		$r = q("select * from user where uid = %d limit 1",
 			intval($_SESSION['submanage'])
 		);
-		if (DBM::is_result($r)) {
+		if (DBA::isResult($r)) {
 			$uid = intval($r[0]['uid']);
 			$orig_record = $r[0];
 		}
@@ -35,15 +35,15 @@ function manage_post(App $a) {
 
 	$submanage = $r;
 
-	$identity = ((x($_POST['identity'])) ? intval($_POST['identity']) : 0);
-	if (! $identity) {
+	$identity = (!empty($_POST['identity']) ? intval($_POST['identity']) : 0);
+	if (!$identity) {
 		return;
 	}
 
 	$limited_id = 0;
 	$original_id = $uid;
 
-	if (DBM::is_result($submanage)) {
+	if (DBA::isResult($submanage)) {
 		foreach ($submanage as $m) {
 			if ($identity == $m['mid']) {
 				$limited_id = $m['mid'];
@@ -57,14 +57,36 @@ function manage_post(App $a) {
 			intval($limited_id)
 		);
 	} else {
-		$r = q("SELECT * FROM `user` WHERE `uid` = %d AND `email` = '%s' AND `password` = '%s' LIMIT 1",
+		// Check if the target user is one of our children
+		$r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
 			intval($identity),
-			dbesc($orig_record['email']),
-			dbesc($orig_record['password'])
+			DBA::escape($orig_record['uid'])
 		);
+
+		// Check if the target user is one of our siblings
+		if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0)) {
+			$r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
+				intval($identity),
+				DBA::escape($orig_record['parent-uid'])
+			);
+		}
+
+		// Check if it's our parent
+		if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0) && ($orig_record['parent-uid'] == $identity)) {
+			$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
+				intval($identity)
+			);
+		}
+
+		// Finally check if it's out own user
+		if (!DBA::isResult($r) && ($orig_record['uid'] != 0) && ($orig_record['uid'] == $identity)) {
+			$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
+				intval($identity)
+			);
+		}
 	}
 
-	if (! DBM::is_result($r)) {
+	if (!DBA::isResult($r)) {
 		return;
 	}
 
@@ -76,19 +98,18 @@ function manage_post(App $a) {
 	unset($_SESSION['theme']);
 	unset($_SESSION['mobile-theme']);
 	unset($_SESSION['page_flags']);
-	unset($_SESSION['return_url']);
-	if (x($_SESSION, 'submanage')) {
+	unset($_SESSION['return_path']);
+	if (!empty($_SESSION['submanage'])) {
 		unset($_SESSION['submanage']);
 	}
-	if (x($_SESSION, 'sysmsg')) {
+	if (!empty($_SESSION['sysmsg'])) {
 		unset($_SESSION['sysmsg']);
 	}
-	if (x($_SESSION, 'sysmsg_info')) {
+	if (!empty($_SESSION['sysmsg_info'])) {
 		unset($_SESSION['sysmsg_info']);
 	}
 
-	require_once('include/security.php');
-	authenticate_success($r[0], true, true);
+	Authentication::setAuthenticatedSessionForUser($r[0], true, true);
 
 	if ($limited_id) {
 		$_SESSION['submanage'] = $original_id;
@@ -97,7 +118,7 @@ function manage_post(App $a) {
 	$ret = [];
 	Addon::callHooks('home_init',$ret);
 
-	goaway( System::baseUrl() . "/profile/" . $a->user['nickname'] );
+	$a->internalRedirect('profile/' . $a->user['nickname'] );
 	// NOTREACHED
 }
 
@@ -110,7 +131,7 @@ function manage_content(App $a) {
 		return;
 	}
 
-	if ($_GET['identity']) {
+	if (!empty($_GET['identity'])) {
 		$_POST['identity'] = $_GET['identity'];
 		manage_post($a);
 		return;
@@ -121,7 +142,7 @@ function manage_content(App $a) {
 	//getting additinal information for each identity
 	foreach ($identities as $key=>$id) {
 		$thumb = q("SELECT `thumb` FROM `contact` WHERE `uid` = '%s' AND `self` = 1",
-			dbesc($id['uid'])
+			DBA::escape($id['uid'])
 		);
 
 		$identities[$key]['thumb'] = $thumb[0]['thumb'];
@@ -133,28 +154,28 @@ function manage_content(App $a) {
 		$r = q("SELECT DISTINCT(`parent`) FROM `notify` WHERE `uid` = %d AND NOT `seen` AND NOT (`type` IN (%d, %d))",
 			intval($id['uid']), intval(NOTIFY_INTRO), intval(NOTIFY_MAIL));
 
-		if (DBM::is_result($r)) {
+		if (DBA::isResult($r)) {
 			$notifications = sizeof($r);
 		}
 
 		$r = q("SELECT DISTINCT(`convid`) FROM `mail` WHERE `uid` = %d AND NOT `seen`",
 			intval($id['uid']));
 
-		if (DBM::is_result($r)) {
+		if (DBA::isResult($r)) {
 			$notifications = $notifications + sizeof($r);
 		}
 
 		$r = q("SELECT COUNT(*) AS `introductions` FROM `intro` WHERE NOT `blocked` AND NOT `ignore` AND `uid` = %d",
 			intval($id['uid']));
 
-		if (DBM::is_result($r)) {
+		if (DBA::isResult($r)) {
 			$notifications = $notifications + $r[0]["introductions"];
 		}
 
 		$identities[$key]['notifications'] = $notifications;
 	}
 
-	$o = replace_macros(get_markup_template('manage.tpl'), [
+	$o = Renderer::replaceMacros(Renderer::getMarkupTemplate('manage.tpl'), [
 		'$title' => L10n::t('Manage Identities and/or Pages'),
 		'$desc' => L10n::t('Toggle between different identities or community/group pages which share your account details or which you have been granted "manage" permissions'),
 		'$choose' => L10n::t('Select an identity to manage: '),