X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fmanage.php;h=84dfa6917c3529c05293fcf39d83c06d692b1dfb;hb=60871555f539caec07f2dcfe37f11fc090bac1be;hp=41ec81129133474a95762e9e8e395c62b1cf94e7;hpb=8aa25523721303b6883e1a793f20997f8a33ec0a;p=friendica.git diff --git a/mod/manage.php b/mod/manage.php old mode 100755 new mode 100644 index 41ec811291..84dfa6917c --- a/mod/manage.php +++ b/mod/manage.php @@ -3,18 +3,56 @@ function manage_post(&$a) { - if(! local_user() || ! is_array($a->identities)) + if(! local_user()) return; + $uid = local_user(); + $orig_record = $a->user; + + if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) { + $r = q("select * from user where uid = %d limit 1", + intval($_SESSION['submanage']) + ); + if(count($r)) { + $uid = intval($r[0]['uid']); + $orig_record = $r[0]; + } + } + + $r = q("select * from manage where uid = %d", + intval($uid) + ); + + $submanage = $r; + $identity = ((x($_POST['identity'])) ? intval($_POST['identity']) : 0); if(! $identity) return; - $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `email` = '%s' AND `password` = '%s' LIMIT 1", - intval($identity), - dbesc($a->user['email']), - dbesc($a->user['password']) - ); + $limited_id = 0; + $original_id = $uid; + + if(count($submanage)) { + foreach($submanage as $m) { + if($identity == $m['mid']) { + $limited_id = $m['mid']; + break; + } + } + } + + if($limited_id) { + $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", + intval($limited_id) + ); + } + else { + $r = q("SELECT * FROM `user` WHERE `uid` = %d AND `email` = '%s' AND `password` = '%s' LIMIT 1", + intval($identity), + dbesc($orig_record['email']), + dbesc($orig_record['password']) + ); + } if(! count($r)) return; @@ -27,12 +65,16 @@ function manage_post(&$a) { unset($_SESSION['theme']); unset($_SESSION['page_flags']); unset($_SESSION['return_url']); - + if(x($_SESSION,'submanage')) + unset($_SESSION['submanage']); require_once('include/security.php'); authenticate_success($r[0],true,true); - goaway($a->get_baseurl() . '/profile/' . $a->user['nickname']); + if($limited_id) + $_SESSION['submanage'] = $original_id; + + goaway($a->get_baseurl(true) . '/profile/' . $a->user['nickname']); // NOTREACHED } @@ -40,23 +82,15 @@ function manage_post(&$a) { function manage_content(&$a) { - if(! local_user() || ! is_array($a->identities)) { + if(! local_user()) { notice( t('Permission denied.') . EOL); return; } - $r = q("SELECT * FROM `user` WHERE `email` = '%s' AND `password` = '%s'", - dbesc($a->user['email']), - dbesc($a->user['password']) - ); - if(! count($r)) - return; - - $o = '

' . t('Manage Identities and/or Pages') . '

'; - $o .= '
' . t("\x28Toggle between different identities or community/group pages which share your account details.\x29") . '
'; + $o .= '
' . t('Toggle between different identities or community/group pages which share your account details or which you have been granted "manage" permissions') . '
'; $o .= '
' . t('Select an identity to manage: ') . '
'; @@ -64,7 +98,7 @@ function manage_content(&$a) { $o .= '
' . "\r\n"; $o .= '